Hello everyone ,

Well well how to start, I will try to make this short, so firstly I am an undergraduate student I did not graduate yet still one year to go, I took a gap-year to have some working experience (6 months left to go back to college), my major is electronics and computer engineering, so basically I do have a good background of how circuits works inside a computer, I have worked on couples of projects on how to build up a memory and install a command program inside a processor using C++, that’s on the electronic side it actually taught me how computers works from the inside I don’t really know if that would help me in the hacking field. On the computer section I learned how to program in Java, so you could say am in between intermediate-advanced java programmer, also I studied networks, all the ISO layers and how they interact together.

Now, I love computers mostly when it comes to secure/crack a system or what so ever, so my plan is to get a foot into security field after graduation... I have done a lot of reading on how to get a foot into security field; I have chosen “networks” for that.
I have got no experience at all in hacking, actually I had few ones when I was 14, hacked my teachers computer to get final exams (only for the modules which I didn’t really think it would help me in future) using some noobs tools like sub7 when it was all over the internet back in the days, not a very good thing to do though. So what I am saying is I have no basic experience in hacking field at all and need to start from scratch.


So here are some questions for you expert out there based on some reading :


-First , and as I mentioned I am trying to get into security field via networks, I have a good background of ISO so decided to take the CCNA course, is that a good start to get into the second level in network field? And would that be enough to move to network security?

-A hacker needs to have some programming skills, well I am only familiar with Java and C++, and a little bit of assembly language... now here is the question, why does the hacker need to learn how to program? Say to modify a source code? or to build up some tools? Do I need to learn more programming languages? Some of you mentioned Python is a good one, do I need to learn it too?

-Operation systems: I believe I am familiar and have got the basic skills of dealing with windows and Linux, the question is how deep do I have to know about them to become a good hacker? And the other one is do I have to have certifications on them just to prove that I got what It takes to companies when applying for a job even as a security “guy”, is “system administrator” the level required here? If yes can you mention some good books for that?

-Hacking/security certifications, the topic that we all have talked a lot about  and still, well I really need your help on this one, now you know what knowledge do I have –programming – networking – electronics, I am absolutely noob at hacking, can you recommend a course that would get me starting with hacking? of course a network related hacking course that would get me into pen testing… etc
I have been reading a lot about the hacking courses but I can’t tell which one suits me since am a beginner, my goal is to get started with a basic course that WOULD ACCEPT MY ENTRY then move into a more advanced one.

Finally, let’s say I finished CCNA, and I had about 6 months experience of working in networks, also I had a basic hacking certification, then I went back to college and finished my last year, do I have a good chance to work in security field as a beginner? I am reading scary stuff over here and there like do you really need 3-5 years or even 10! To get into security field in a company for example? I feel I am a little late on advancing my skills I’m 24 now  (old guy)

Remember… your answer could change the way I live 

Thanks a lot for now I might have more questions later on, and hey I love this forum and planning to be active on here!

Regards,

-

Hi.

Welcome to the community, (It feels strange saying that to someone with more experience than me


I'm not experienced enough to answer your questions but all I can say is that ajohnson's post is the best way for you to follow.

So +1 for ajohnson's post     

Oh and


          (Trust me, the path laid out for you in the previous post is your best post.

A CCNA will give you enough to become a minor router admin and is not enough to get into security. Networking is important as a whole as it will assist you in being able to weave your way around networks figuring out what is connected to what, how, why and where. Unsure what you mean about "second level" of networking.

Personally, I always recommend CCDA/CCDP studies in relevance to security as it helps you understand the architecture from the 50k foot view. The CCDP forces you to understand topics such as QoS, MPLS, VPN and other topics you can run into when doing this. Unsure how many pentesters I have met that couldn't tell you default information for say BGP, OSPF and why they'd likely not pierce a hole in an MPLS tunnel. But that is going too a bit of extreme for a pentester with less than say 10 years experience. Not too many people can stomach or tolerate networking so they end up stuck on Web Application Security and other boring areas of pentesting.

So to re-answer your question: No the CCNA does nothing for you when it comes to security. Understanding the OSI would have been enough and if you wanted to immerse yourself deeper on the networking side, CCDP and IE Security studies will get you there.


Here is the reality of this: 1) Programming simplifies your work and helps you out whether you choose to build your own tools or modify someone elses. It helps in discovering and exploiting faults (fault injection aka fuzzing) in badly written programs. Whatever language you choose, is optional and always opinionated. I snicker at those posting: "You need to learn Python" when almos NOTHING I DO is in Python. It might help you in a situation but is NOT the de-facto language and anyone telling you this is underclued. Had I to recommend a language it would be: "Any that makes you comfortable."

I tend to use shell scripting almost 99.99999% of the times as I try to avoid installing anything on a system since it attracts attention. Most people touting "Learn Python! ... Learn perl! ... Learn Ruby! ..." are generally someone who is used to firing off tools from their own workstation. Throw them on a contained system where they cannot use these tools because they are not installed, and watch them fail miserably. Understanding specific systems and their tools is THE MOST crucial thing you can teach yourself however, certain languages will AID you. If YOU however, rely strictly on a specific, you will eventually fail.


The better you understand the systems, the quicker and easier you will be able to find flaws, misconfigurations while keeping your noise ratio down. I say focus on systems more than programming for now.


Any cert you have will help not hurt. Providing a measurable record of what you know goes a long way so if you want to get them, then get them. Just be aware that experience ALWAYS trumps the cert.


I started taking certs out of boredom. I already have over 13 years experience when I started taking them. Then I continued out of i) Boredom ii) a personal challenge iii) to annoy people with an annoying long signature (serious). Experience always trumps the paper in reality, and certs to nothing more but add to your salary depending on your logistics. Depending on your area of work, they may be mandatory as well. The goal to getting tangible results and your moneys worth, is to find out what interests you in the field of security. Then focus on becoming the best you can be for your own personal gain. The more you learn, the easier it will be to pass cert exams.


This sounds more to me like: How can I hurry up pass exams and make more money... Nothing wrong with the concept, but the industry is cluttered with entry level people who have beginner "hacker" certs along with CCNAs.

My suggestion, first find the area of security which most interests you and learn as much as you can about it. Focus on making yourself the top expert in that category, read study break, break study read. Understand as much as you can until any question you're asked, you will not hesitate to answer. Once you're comfortable and you start seeing many people come to you for help, to ask a question, then start focusing on the exams. By the time you get here, it will be from experience and learning. Then start banging out the exams.
   
What too many people nowadays is rush the issue. A LOOOOOONG time ago, individuals were required to learn, then apprentice for years before taking the exam. Nowadays, it seems everyone is in a rush and when things are rushed, they barely go right in the long run. This is your life, no one's comment is going to make any impact on your life, only you can make an impact by doing what is right for you. Logically: "the right way is the only way..." The right way comes from time, patience, experience and learning... Not trying to rush through 6 months experience and oh college and oh... Learn as much as you can at the pace you feel comfortable with. Learn it because you want to learn it, because it interests you, not because everyone else is doing X or Y. If I had a dollar for every answer I have to shake my head at, I would be able to dish out monthly payments on a pretty nice car.