Dear All,

I am a newbie here. I Just joined this forum after browsing your career central for a very long time as a guest.
I feel guilty on myself for being not able to locate such a fantastic forum where users/experts are actually helping the younger ones, newbies to get started into security.

I want to thank you all from the bottom of my heart for helping younger ones like me....!

Although I browsed this forum and found answers to quite number of questions I had in my mind about career in security. But, am sorry to admit that I got even more confused.

I would like to tell you my profile first so that you can have a better picture in answering my question. I am sorry if I am making this a lengthy one and I expect your kind forgiveness.

I am a BCA (Bachelors of Computers Applications) from IGNOU, a national open university in India. Its not an engineering course. It is a three year duration bachelors course, which unfortunately I finished in 5 years ( as I was working at a BPO due to financial crisis at my end and on my family).

I always wanted to be a security professional, and I started self-studying at my home on security (still studying ethical hacking and countermeasures book without any tools), solely on the ground that something is better than nothing. I am a self paced learner and always willing to learn new things. I found that I am passionated about ethical hacking and security stuff. So, I kept on learning as far as I can ( and still learning). Now, I have required funds to finance my training at some nice training institute to take the practical knowledge and get certified.

Here comes my confusion:-> Actually I too have the same question (as the other users asked on this forum, read that I browsed it first b4 joining) that which certification should I start with. I just have basic knowledge of networking, very very basic knowledge of security, good java programming language knowledge a bit of javascript knowledge, just very beginner working knowledge of linux.

Can you please guide me which certification should i look first and then what should be my next target. Also, what are the programming languages, networking knowledge, operating system knowledge should I be well versed to be a good ethical hacker(security expert)??

Actually, I want that whatever be the certification I do, should help me in getting a job in network security (may be as a junior analyst/engg. or trainee), so that I use that work experience to further work on certs, rather than just doing a helpdesk job and managing windows. But, as of now, am confused with which should I start. Is it good preparing hard for CEH as a fresher or there is some other route which could be beneficial.

Kindly suggest the best beginner to expert route in your opinion.

Thanks for answering and making my career more sound..!! I greatly expecting for the answers and suggestions coming my way.


PS: I tried to put it very simple and short so that you can help in answering but am sorry if i made this more confusing, lengthy or a mess. Thanks.!!

Hello and welcome to the forums.

CEH may be too hard if you haven't have any previous working experience in the field (also note that without attending one of their officials training one have to prove two years of working experience in the field). Therefore I would recommend Security+ by CompTIA of if you would like to get more hands-on experience I would recommend one of the courses offered by Offensive Security (though it is assumed that you have basic knowledge on Security, Linux and Networking).
If possible I would go after the above mentioned ones for CEH nevertheless.

Programming languages are hard to say, but knowing a few of them or at least be able to understand their syntax is very important. Once you understand one, it shouldn't be hard to get into another. That said, I would recommend C, C++, ASM and a few scripting languages such as Python, Bash, Perl, Ruby, etc.
If you would like to get more into websecurity, take a look at SQL, PHP, CGI etc.

In terms of Operating Systems - use whatever you feel comfortable with. Although it is certainly good to have a good knowledge in UNIX/ Linux-like systems, Windows can be very important as well - this may depend in which area you are interested and moreover what your clients are seeking.

I wouldn't dwell on C if you have a good working knowledge of C++.   Memory management id different, C doesn't speak OOP, but otherwise, the base language is the same.   C++ is typically more difficult to grasp than plain C in my opinion. 

I think that OffSec courses will give you more practical knowledge in the realm of pen testing.  CEH is more of a baseline.  I hadn't realized that there is a work experience requirement for it though.   Normally, I would advise to do CEH first than OffSec courses.  I agree that Security+ is a good start.

Definitely brush up on your Linux knowledge.  Most of the cool tools are written for Linux, at least at first. 

Thank you all for such wonderful replies. 

I must admit that joining this forum was actually the best thing that I ever did. Especially when it comes to start in IT security and you don't know where to go and that too in the given wide array of certifications, boot camps blah blah blah....

All the wonderful people and their replies which are spiced up with their experience and the best part they ACTUALLY reply. Nothing like 1000 views but 0 replies.

Thanks a lot you all.