Infosec career

This topic contains 1 reply, has 2 voices, and was last updated by  Don Donzal 3 months ago.

  • Author
    Posts
  • #168152
     b34zyb33 
    Participant

    Hi all

    I’m after a little advice.

    I work in IT, done first and second line support in the past. The last 8 years I have been managing the IT business requirements (non technical for the most part) for a small public sector business (100 users).
    My role has just been modified as there is the requirement for internal IT security knowledge. This is to work alongside our external IT support contract that we have who provide our IT security.

    I have been interested in infosec for some time, so this is great news for me. I have no specific area of interest, just in general. I find it interesting and am always reading up on current events and lot’s of stuff I just don’t understand.

    Due to the IT security requirement my company have they are willing to put me on a training course. They have already put me through the CISMP, which i have passed. Now i am thinking I would like something a little more hands on, and as they are likely only going to pay for one course per year I want to make the most of the training.

    I am thinking the Certified Ethical Hacker training would be really good and teach me loads. I’m not sure that with my experience I could pass the exam, but I think the knowledge I would gain would be invaluable to many areas of IT Security.

    Do you agree that someone with little technical knowledge (it has been a few years!) could take the CEH and not get lost before they even start?
    Are there other recommendations for a better placed course?

    Looking forward to seeing your replies and sorry for the long winded post.

  • #168201
     Don Donzal 
    Keymaster

    Congrats on jumping into the security side of the house, although I’m sure you know that a lot of what you’re already doing has at least some security component to it.

    Couple things…

    First of all, it’s always good to get knowledge on things that you outsource. As an example, if you have no idea what a pen test is, how do you know who to hire? When you do hire someone and they hand you a Nessus report and they claim it’s your pen test results, do you know to call BS?!?!? So even a basic knowledge is good for you and your organization.

    For your own learning, keep this in mind. CEH is a very basic entry level cert. You can read a book and take a multiple choice exam and pass. It’s a good toe in the water, but by no means will prepare you for the job or even a technical portion of a job interview. IMHO, it’s kind of like a CompTIA cert where it is a good basis of knowledge but does not make you a pen tester.

    With that, are you looking more for pen testing knowledge IE Red Team side or more Blue team side with defense? I can probably help direct you better.

    In the meantime, try out the eLS Pen Testing Student bare bones course you should have received when you registered with EH-Net. The bare bones version doesn’t come with the cert exam or the custom virtual labs for hands on practical exercises, but it does contain all of the course materials. Let me know what you think.

    And by all means, others should add their opinions, too.

    Hope that helps,
    Don

    • This reply was modified 3 months ago by  Don Donzal.

You must be logged in to reply to this topic.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Copyright ©2018 Caendra, Inc.

Sign in with Caendra

Forgot password?Sign up

Forgot your details?