Infosec career

This topic contains 2 replies, has 3 voices, and was last updated by  sgt_mjc 1 week, 5 days ago.

  • Author
    Posts
  • #168152
     b34zyb33 
    Participant

    Hi all

    I’m after a little advice.

    I work in IT, done first and second line support in the past. The last 8 years I have been managing the IT business requirements (non technical for the most part) for a small public sector business (100 users).
    My role has just been modified as there is the requirement for internal IT security knowledge. This is to work alongside our external IT support contract that we have who provide our IT security.

    I have been interested in infosec for some time, so this is great news for me. I have no specific area of interest, just in general. I find it interesting and am always reading up on current events and lot’s of stuff I just don’t understand.

    Due to the IT security requirement my company have they are willing to put me on a training course. They have already put me through the CISMP, which i have passed. Now i am thinking I would like something a little more hands on, and as they are likely only going to pay for one course per year I want to make the most of the training.

    I am thinking the Certified Ethical Hacker training would be really good and teach me loads. I’m not sure that with my experience I could pass the exam, but I think the knowledge I would gain would be invaluable to many areas of IT Security.

    Do you agree that someone with little technical knowledge (it has been a few years!) could take the CEH and not get lost before they even start?
    Are there other recommendations for a better placed course?

    Looking forward to seeing your replies and sorry for the long winded post.

  • #168201
     Don Donzal 
    Keymaster

    Congrats on jumping into the security side of the house, although I’m sure you know that a lot of what you’re already doing has at least some security component to it.

    Couple things…

    First of all, it’s always good to get knowledge on things that you outsource. As an example, if you have no idea what a pen test is, how do you know who to hire? When you do hire someone and they hand you a Nessus report and they claim it’s your pen test results, do you know to call BS?!?!? So even a basic knowledge is good for you and your organization.

    For your own learning, keep this in mind. CEH is a very basic entry level cert. You can read a book and take a multiple choice exam and pass. It’s a good toe in the water, but by no means will prepare you for the job or even a technical portion of a job interview. IMHO, it’s kind of like a CompTIA cert where it is a good basis of knowledge but does not make you a pen tester.

    With that, are you looking more for pen testing knowledge IE Red Team side or more Blue team side with defense? I can probably help direct you better.

    In the meantime, try out the eLS Pen Testing Student bare bones course you should have received when you registered with EH-Net. The bare bones version doesn’t come with the cert exam or the custom virtual labs for hands on practical exercises, but it does contain all of the course materials. Let me know what you think.

    And by all means, others should add their opinions, too.

    Hope that helps,
    Don

    • This reply was modified 5 months, 4 weeks ago by  Don Donzal.
  • #169423
     sgt_mjc 
    Participant

    Welcome to EH-Net. As Don said, there is a lot going on in security and no one cert will make you into that role. I did the CEH years ago and what Don said was true then and seems to be true now. I still had an education to get after getting my certification. Same with the CompTIA certs. They are great for giving and assessing a baseline level of knowledge. That baseline is important to achieve.

    And as Don said, it all comes down to what you are looking for. IF you want to go technical, then CEH is a good get your feet wet cert and will at least give you an idea of if you want to really get into pentesting. It will also give you the foundation you need to know when to call BS and when to accept the report. It will not make you an expert.

    In my career, I have found that knowing when I don’t know something and asking the right questions are often more important than being the expert.

You must be logged in to reply to this topic.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Copyright ©2018 Caendra, Inc.

Sign in with Caendra

Forgot password?Sign up

Forgot your details?