Conversion from IT to security

Viewing 7 reply threads
  • Author
    • #8752
      le special


      even though I graduated (Master) in general IT with a specialization in IT security, I then moved on to IT support in finance for a few years. That means dealing with several technologies, doing a bit of everything (low-level to app level investigations), without being an expert in any of that.

      I’m considering moving on to IT security and was considering taking on the CEH certification as a way to ease my transition.

      I’m wondering whether my experience ticks the box of what the CEH pre-requisites, as it’s definitely IT but not IT security (even though we once in a while have to deal with security problems).

      I also saw the OSCP but i think this requires too much work right now as i have some reasonable theoretical knowledge but never really practiced apart from in lab conditions “for the fun” (so for instance i once did a few buffer overflow but with randomization turned off ;D just to check by myself how it worked ). In that regard CEH looks a bit easier to me as a quick way to reorientate my career.

      Any advice is welcome !


    • #53970

      Hi, Welcome to

      CEH can be a good introduction to ethical hacking in general. Honestly ECC doesn’t really care what you have done as long as someone will signoff on the form and they get your money. 🙂 If you have applied patches you have security experience as far as most companies are concerned.

      Once you attain it you should check at your company and see if you can assist the security team in any way it will likely be defensive in nature at first. Good Luck.

    • #53971

      I have to echo the statements of SephStorm, he is spot on here.

      If you have any interest in the OSCP, you should consider checking out some of the vulnerable machines that are referenced in several parts of the forum. De-ICE being a very popular one. They will begin to give you an idea of the challenges involved in the OSCP.

      I have to agree that the CEH will help you to move into the direction of security but true applicable experience is going to speak volumes. Good luck on your journey!

    • #53972

      Its true that OSCP is not an easy course and it needs dedicated time and regular practice to crack through. CEH is much simpler comparing to OSCP but the quality is also low compared to the same. As a beginning, you can go for CEH if you cannot dedicated much time and effort. It can help you in brushing up your basics and later, you can take OSCP to really understand what Pentesting is all about 😉

      If you ever change your decision from CEH to OSCP, make sure you are prepared very well and are clear about the basics concepts of linux and Networking. Otherwise OSCP will be too much.

    • #53973

      You might want to look at the CISSP too. It’s hit or miss when you mention it in our community, but it looks pretty to HR, and helps get you past them. You might be a paper tiger at that point, but it gives you a broad exposure to security, and shows “you’re serious” about the transition.

      (Yes that was based on comments I’ve been told by HR, at places). As I said, it’ll start you off as a paper tiger, but you can get in the door, and then focus on the technical / other stuff.

      just my 2 cents.

    • #53974

      Opinions aside, both the CISSP and C|EH are both widely recognized from a HR perspective.

      Just to elaborate on the CISSP option suggested by rattis:

      The CISSP Professional Experience Requirement states that “You must have a minimum of five years of direct full-time security work experience in two or more of these 10 domains of the (ISC)² CISSP CBK®”. However, you can stil do the exam without that experience, and gain Associate status.

      @(ISC)² wrote:

      “The Associate of (ISC)² CISSP designation “is valid for a maximum of six years from the date (ISC)² notifies you that you have passed the CISSP exam, within which time, you’ll need to obtain the required experience and submit the required endorsement form for certification as a CISSP”.”

    • #53975

      A little more info, since I was looking at the CISSP this morning. You can get 1 year wavier for education, meaning you need 4 years not 5.

      Candidates must have a minimum of five (5) years cumulative paid full-time work experience in two or more of the ten domains of the (ISC)² CISSP CBK®. Candidates may receive a one year experience waiver with a four-year college degree, or regional equivalent OR additional credential from the (ISC)² approved list, thus requiring four (4) years of direct full-time professional security work experience in two or more of the ten domains of the CISSP CBK.

      Don’t have the experience? Become an Associate of (ISC)² by successfully passing the CISSP exam. You’ll have six years to earn your experience to become a CISSP

    • #53976

      Interesting, I wasn’t aware of that.

      Looking at the Experience Waiver for the CISSP requirements, it’s actually got me considering it again.

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?