March 24, 2009 at 2:48 am #3596
Hey everybody! How’s it going? This is my first post; sorry if my topic is redundant and irritating, but I don’t know where else to turn, really.
So, I’m on the job market, actively searching out a job in IT/IT security. I’d eventually like to move into Penetration Testing (like so many others). Sadly I don’t have any work experience to speak for me; I plan on getting some certifications so as to build some credibility and make myself more marketable. I’m looking at CPTS, CPTE, Security+, CWNA and CWSP. I have the study guides for the last 3 and feel like I have a pretty good grasp on it; the others will be more difficult of course. Anyway, my question is, do you guys think this is a good start to my career? Are there any others I should look into in addition to these? Any help/ kind or encouraging comments are welcome, this is a very intimidating field to break into.
And can I just say, I REALLY HATE sounding like such a n00b child…ughghhg.
March 24, 2009 at 1:32 pm #23358MicroJayParticipant
Work experience is a plus. But since you are new to the topic, at least one cert will show that you are serious about the field. Even helping out with charitable organizations will build your resume.
Anything to get more experience is key to me.
Keep focused and you will get to where you want to be. It may take time…but you will get there. 🙂
Welcome to the board!
March 24, 2009 at 5:27 pm #23359
Without knowing more about you and your background, my suggestion would be to tweak your certification list a bit. I’d start out with Network+ or A+ if you’re completely new to the field, then move over to Security+.
I don’t have any personal experience with CPTS/CPTE, but I wouldn’t recommend that route. I’ve yet to see/hear about those certifications in the real world or on job boards.
March 24, 2009 at 8:10 pm #23360
Thanks for the positive feedback guys!
Yeah, I was a little sketchy about CPTS/CPTE as well; it’s just that it’s hard to find an affordable cert in PenTesting. Not to offend anyone but I’m sort of anti-EC Council…they just look like a scam. I had considered A+ and Network+, and they’re definitely on my to-do list, but my thought process was that I would jump straight to Security+ since that’s the field I want to go into. I’m not completely new at this; I mean, I’m great with computers, and I definitely know good chunks about the topics that are covered in Network+ and A+…I may do those first just to be safe.
So…if CPTS and CPTE aren’t legit…what is? I looked at GPEN and GSEC but they’re so expensive! Any suggestions?
March 24, 2009 at 8:37 pm #23361
You could start by elaborating a little more on “I’m great with computers” … what kind of things do you do/have you done? What brings you to security? What is your budget and how much money are you looking to spend? There may be some things you can do self-study to minimize your out-of-pocket costs, or there might be some cheaper alternatives (OffSec courses are not too expensive).
It’s really hard to pick out a certification for pen-testing (if at all possible). I honestly don’t think there’s any one certification out there that says “yes, you are now a professional pen-tester.”
Why are you anti-ECC? Many of the people here (myself included) hold EC-Council certifications.
March 25, 2009 at 1:16 am #23362
I may have gone too far when I stated that I was “anti-ECC”. I obviously don’t have much of a clue at this point, but I haven’t heard very good things about them from friends who have certified with them. A friend of mine was laughed at in an interview for listing CEH on his resume. I looked into getting my CEH cert as well but was disappointed to see that the test was mainly just an introduction to tools, and no real application. I also don’t want to be known as a “hacker”. I know they have an alternative course…but still. Just little things.
As far as being ‘great with computers’, I’ve been building and upgrading PC’s since I was little. My stepfather worked in IT (and later security) and bestowed upon me little gems of inspiration here and there. I have a strange love for wifi technology as well- I later set up a WLAN for his office. I’m not great by your standards by any means but for someone with no work experience or certifications I feel like I’m okay.
My budget isn’t very impressive. I do have a small bit in savings that I’m going to dedicate to training but see, I’m a prep cook at a pizza restaurant- I don’t make much.
March 27, 2009 at 2:26 pm #23363
BillV, perhaps you’re right. I shouldn’t base my opinion of ECC on a few isolated incidents. I’ve been reading what other members of this community have to say about CEH and ECCouncil in general…it seems like it’s sort of the ‘industry standard’. Does anyone here have an LPT certification? I read on ECC’s website about their tiger team…can anyone tell me how that works? Is LPT worth the time and effort that I would have to put into it?
March 27, 2009 at 6:02 pm #23364
Yup, I have an LPT as well 🙂
There was actually a recent discussion in the EC-Council members portal regarding the TT, I’ll just quote what was posted on behalf of EC-Council for you to read:
The LPT Tiger Team is a mix of Penetration Testers who have expertise across various domains. Members who get certified as LPT are automatically enrolled into the LPT Tiger Team. Please note that the members of this team are not considered as Official Employees of EC-Council or its associates. The team can be considered as an association of experts in the area of Penetration Testing. Based on experience and proven capability members from the LPT Tiger Team have a chance to work with EC-Council Global Services(EGS) for future Penetration Testing assignments and consultation projects as part-time consultants .
EC-Council Global Services(EGS) is a Consulting Division of EC-Council.
Currently we are in the process of finalizing the operations at EGS. Once EGS projects start the LPT community would be intimated about future proceedings.
That being said, EGS was formed last year, so it’s still getting off the ground. I believe that once it does, the TT may come into play a bit more. As of now (to the best of my knowledge), not much has been done in that aspect.
Hope that helps.
March 27, 2009 at 6:41 pm #23365
Oh…so, they’re kind of like the Fed’s red teams? That’s really interesting and something that I’d like to know more about…anything else of interest you can tell me?
Also, I didn’t mean to come across as offensive to you or any of the other ECC advocates, I was merely basing my opinion on the opinions of my friends and coworkers.
I’m beginning to think that CEH/ECSA/LPT is a better route to go than CPTS/CPTE. BillV, do your certs (especially your LPT) hold credibility with employers?
March 28, 2009 at 1:28 am #23366
Hmm, in a way it’s like that I guess. My view of it is more like sub-contracting with ECC-GS who is the prime consultant for security services. Though I’m not quite sure how they’ll have to do that or have the paperwork written for that to work properly.
If you haven’t already, you might want to glance at the ECCGS website: here. They have some information there (but keep in mind this is still a newly formed group).
Also recently formed was the LPT Governing Board to oversee LPT designations and so forth. I think we’ll see some good things coming from this group in the future as well as the other boards. Specifically, I expect the LPT to gain more acceptance throughout the industry as the board makes their changes and as EC-Council becomes fully ANSI accredited (which they are in the process of doing now).
As for the certs holding credibility, I think they have certainly helped me. Hopefully some other CEH holders can share their experiences as well – I’m still fairly early on in my career.
I can say that they definitely played a role in getting me promoted at my previous position and they surely caught the interest of the people interviewing me for my current job – I’m not directly doing penetration testing (I’m in more of a system admin role) but they noticed the security certifications and thought the knowledge would be beneficial.
Like I said earlier, I don’t have any personal experience with CPTS/CPTE (in fact, the only person I’m aware that I know that holds one of these is Chris Gates – maybe he’ll chime in about it), but I definitely think that the CEH stands out more than either of those.
You certainly didn’t come across offensive and I respect criticism, but I will obviously question or challenge any comments as needed 🙂
Hopefully my rambling gave you what you were looking for, but if not feel free to keep asking until I get it right 😀
March 29, 2009 at 7:03 pm #23367
That pretty much answers that question. I’m seriously looking into the CEH now, instead of the CPTS. On their site they state that a candidate must have 2 years of security related experience to take the test, and I don’t. When I was in school (not currently due to economic crisis- can’t afford tuition) I studied Internet Systems Security…does that count for anything? I was under the impression that CEH was entry-level and was for those of us who were trying to break into the field.
March 29, 2009 at 7:23 pm #23368
Entry-level ethical hacking, yes, not entry-level computer security. You’ll take a lot more from the course if you have experience/familiarity with general security concepts like those found in Security+ or GSEC.
You can certainly fill out the application for the exam and be accepted to take the exam (I believe they look at that on a case-by-case basic). There are some other threads here of people stating they’ve done just that, try the forum search. I would highly encourage a thorough self-study plan if you decide to go that route.
The application is available here: CEH Exam App.
March 29, 2009 at 9:12 pm #23369
I see. I’ll probably do that then, just put down what school experience I have as well as some sidework I’ve done with WLANs. Surely that will be enough… :-[
- You must be logged in to reply to this topic.