September 27, 2012 at 3:28 am #7925sooriyanParticipant
I have 6+ years of exp in Microsoft development & have Masters in Computer Science. I would like to change my track to ethical hacking. Where do I need to start with? Can someone post list of certifications to be taken in the order (like foundation, basic, intermediate & advance). As far Microsoft, they MCP -> MCAD/MCPD -> MCA -> MCM in order starting from developer to Master. Is there something like that here?
I would like to be a Pen tester/reverse engineer and having years of experience, I would like to be an independent consultant.
September 27, 2012 at 8:06 am #50137unicitydParticipant
Do you have any security background now?
With your background in CS and development, you can probably jump around a lot more than someone starting out in IT altogether, but you will need to learn basic networking, system administration and security.
Sil provides a good outline of the networking and system administration skills you’ll need here:
There is no set order to security certs and the certs you pursue depend on your ultimate goal. The advice I’ll give is pretty generic and safe, but others may advise you differently. Choose your own path.
To start out with, you might want to pursue the Cisco Certified Network Associate (CCNA). Networking is an essential skills if you want to do pen testing and going after the CCNA is a good place to start.
You also need to be comfortable with Linux and Windows. I don’t think any of the certs would be worth your time, but you should make sure you’re comfortable setting up a server, using the command line and troubleshooting basic problems.
The next cert I would pursue after the CCNA is the
Certified Ethicla Hacker (CEH). It’s the most widely recognized penetration testing cert. The easiest thing to do is probably to take a course, but you can also self-study. Other certs such as the Offensive Security Certified Professional (OSCP) get more respect on this board, and probably around pen testers in general, but they aren’t as widely recognized by employers so they will probably be less helpful in getting a job.
After the CCNA and/or CEH, focus on getting a job in security or network administration. You need experience to backup the certs.
After that, it depends on where you want to go. If you’re going to go into consulting or management, the CISSP is really important and you want want to get the CISA as well. The CISSP catches a lot of flak, but mostly because it’s oversold as an end-all-be-all cert; it’s not. It’s a management-oriented cert with a broad scope but it’s highly desired for managers and consultants. If nothing else, get it to check the box.
If you want to stay technically focused, look at the SANS certifications. The classes are expensive, but the classes and certs are pretty well respected and recognized by employers. You might even want to skip the CEH and go straight for the GCIH and/or GPEN. SANS even has a cert for reverse engineering malware, but your degree and any experience with reverse engineering will probably count for a lot more than the cert if that’s where you want to go.
Other certification options include the CCNA Security and/or CCNP.
To be very clear, this isn’t the only path. You may choose something very different depending on your interests. Just try to have fun.
March 18, 2015 at 4:51 am #50138DelimitingCharacterParticipant
Curious, from a security standpoint- how valuable is a Cisco CCIE Security?
You must be logged in to reply to this topic.