My new career path..tell me what you think?

Viewing 18 reply threads
  • Author
    Posts
    • #6940
      YuckTheFankees
      Participant

      I’m really interested in linux/wireless/wireless security/ and pentesting.

      Currently I work as NOC/ linux support, so I’m gaining networking and linux experience. I just obtained my Linux+ this week and I want to learn more about linux but  would the RHCSA/RHCE be useful for pentesting or is that just overkill?

      For the wireless portion; I would like to get all 4 of the CWNP’s certs and maybe the cisco wireless certs but most people say to focus on the CWNP certs.

      After I get the CWNA, that’s when I’ll start studying for the pentesting certs. I would really like to get the GPEN and GAWN certs first then maybe OSCP or GWAPT. But then again, maybe start with eCPPT/OSWP/ security tube wireless cert than SANS?

      Tell me what you think?

    • #43107
      impelse
      Participant

      You just said the everybody dilema. ” I want to be this and this and this” after that I want to be a pentest, etc, etc. The problem is that only those fields cover a lot/time/knowledge.

      This is my way, maybe I am wrong but I’ve been moving around and I never get anything done. So I did my plan in writing:

      1. Linux Skills (selfstudy) – Done – Took 1 month and 20 days (10/20/11)
      2. Python skills (selfstudy) – Process
      3. Wireshark skills (monitoring) (selfstudy)
      4. Wireless certification from Offensive Security (Online training)
      5. Web pen tester certification from Elearnsecurity (online training)
      6. OSCP certification from Offensive Security (online training)
      7. CEH (selfstudy)
      8. GPEN (selfstudy)

      I am working on that plan and sometimes I want to change it. Yes I will do it (the order) but no the subjects. When I begin to read specially this forum I want to begin to do this and that again, then I open my plan and see where I am and keep going.

    • #43108
      YuckTheFankees
      Participant

      Yeah I almost had the same plan but my python and wireshark study is up in the air. But I should probably learn python before I try GPEN.

    • #43109
      hurtl0cker
      Participant

      I am more interested in Network part of Security. For now most of my learning part is going on self pace, thanks to my college library for having awesome books.
      One major reason that I aint going for any certs now is not having $$  😛
      I can be pretty stingy on things  ;D but I really don’t mind spending money on two things:
      – Hardware
      – Good Documentation

      My path is some thing like:
      – Linux Skills (Self pace) – there is a huge amount of material online.
      – Protocols (TCP/IP…) – some good books like TCP/IP Illustrated
      – nmap – lucky to have Fyodor’s book at library
      – Wireshark Skills – Wireshark has really nice user guide and wiki.(and lots n lots of practice)
      – Higher concepts like Firewall’s and IDS
      – Python Skills – there are plenty of good books(some are free), this is something I have been focusing mostly on because at some point you feel like you can’t turn your ideas into code. So my focus is more on coding.

      This list and some others  will keep me busy for quite some time.

      My certification path would be something like:
      CWNA – To get started with wireless things.
      OSWP – getting deeper into wireless security
      OSCP  – Once I am comfortable with the above skill (and some other skills) I am going for OSCP. I am not in for eCPPT, as it covers almost the same stuff like OSCP except it focuses more on Web App’s security.

      Coming to your point,
      “Linux +” skills will be pretty much fine for going further into security. if you have time & bucks, you can consider RH certs.

      In the wireless portion, I would rather suggest to focus on CWNP certs because they are vendor neutral certifications.
      After CWNP certs, as your focus is wireless you can go for OSWP, that course is pretty nicely laid out. SANS certs are good but they come with a big $$, I feel like Offensive Security certs come with a good learning curve and are not too pricey for what they offer. GPEN would be a nice place to start with.

      eCPPT is good with the Web Apps security modules and you can also take a look at “So You Want To Be A Web App Pentester” by Joe McCray.

    • #43110
      YuckTheFankees
      Participant

      hurtl0cker thanks for the input. So now I’ll probably put the RH certs on hold if they wont benefit me that much for security.

    • #43111
      n3r
      Participant

      Hi !
      here is my way :

      Right now i’m passing my degree in networking so i have started with TCP/IP Protocol, Linux skills, C Language, SQL, Java.
      In my free times i study on Python skills and wireless. I plan to go to OSWP when i’ll be comfortable and have the money.

      After i’ll probably go to OCSP and CEH as CEH is most important for the french companies…

    • #43112
      YuckTheFankees
      Participant

      How often will pentesters use SQL and Java?

    • #43113
      n3r
      Participant

      i don’t know  ;D
      but in my degree we have a C course and introduction to others languages, so SQL and Java. I didn’t choose  ::)

    • #43114
      YuckTheFankees
      Participant

      oh lol. Well it’s good you’re learning those languages..only if I had enoug time in the day. When do you think youll start your 1st pentesting cert?

    • #43115
      n3r
      Participant

      I don t know. I have been working hard on wireless pentest and my virtual wireless lab.
      But I have no idea if I m ready for OSWP.

    • #43116
      YuckTheFankees
      Participant

      My goal is to have 2-4 pentesting certs before next DefCon. I really want to try the challenges against other professionals and see how I compare.

    • #43117
      impelse
      Participant

      Great. Remember one thing, it is not the certification when you compare with other people, it is skills and knowledge

    • #43118
      idr0p
      Participant

      One thing to remember is to expect to be derailed. My path has changed sooo much since i started, for example i expected to do the OSCP and CISA among other things by now. Like the greats you must be able to adapt.

      My path was the following.

      Linux (When i was in H.S.)
      Network Security (College Degree)
      Learned Python (In College)
      I got a Info Sec Analyst Job (which I am now.)
      Took GCIA
      Took GCIH
      Took GPEN
      Taking GWAPT exam – err… thursday *crosses fingers*
      Going Back to School for M.S. CIS
      Looking to take EnCe
      Then GCFA and CCE
      Then GSEC, CISSP
      Finally GSE

      I really want to throw the OSCP in there somewhere. it may have to wait until i complete school.

      As for impulses path i would change it to the following.
      1.  Linux Skills (selfstudy) – Done – Took 1 month and 20 days (10/20/11)
      2.  Python skills (selfstudy) – Process (this will be a never ending step. push to background look at ‘gray hat hacking with python’) &
      3.  CEH (do this earlier it will set a good foundation)
      4.  tcpdump / Wireshark skills (monitoring) (selfstudy) (first understand tcp dump and packet analysis, you will get wireshark better.)
      5.  Wireless certification from Offensive Security (Online training)
      6.  Metaploit / Nessus Skills (self study) (understand how exploits and payloads work. pre and post exploitation)
      7.  OSCP certification from Offensive Security (online training)
      8.  GPEN (selfstudy) (the business side of pen testing)
      9.  Web pen tester certification from Elearnsecurity (online training)
      10. GWAPT?

    • #43119
      YuckTheFankees
      Participant

      impelse,

      In no way do I think certs will put me in elite status, but they do help my learning and hopefully point me in the right direction.

      idr0p,

      Thanks for the input. Right now I’m hoping to take a SANS course next april/may with my tax returns =) lol but then again..maybe I should hold off until I actually get a security job (since you have to renew them every 4 years).

      I have a few questions for you…
      How long after college did it take for you to land a info sec job?
      Which of the SANS courses did you like the most so far?

      thanks

    • #43120
      impelse
      Participant

      Those are good ideas.

      When i said learn Python is only read two books, I am reading Python® Programming for the Absolute Beginner, Third Edition and then Hacking: The Art of Exploitation, Second Edition

      For wireshark I am watching Laura Chapell videos (going deep to tcp).

      I will stuck there until I complete and keep according the plan with some modifications.

    • #43121
      idr0p
      Participant

      YuckTheFankees,

      If you want to take a SAN course, GSEC or GCIH would be good to start out and get your foot in the SEC door.

    • #43122
      YuckTheFankees
      Participant

      I would really prefer to start with GPEN/GWAPT/ GAWN but when I look up jobs..GSEC comes up with the most jobs..but I feel like if I get the sec+, CEH, CPTE..then GSEC wouldnt do that much for me

    • #43123
      idr0p
      Participant

      GSEC, even though i havent taken it… yet, looks like it has some good stuff in it. I think it is a step up from the Sec+ and the main thing about SANs tests is you want to get a feel for them it is a good cert to start with in general.

      On a side note the GPEN does cover python, but no too deep. OSCP is where you will need the py skills more.

    • #43124
      p0et
      Participant

      I took and passed the GCIH.  It was an awesome course and loved the CTF event at the end.  Since I won the CTF contest, they gave me the GSEC course materials for free.  I had a look at these and yes, it has a ton of valuable info but I never wrote the exam.  Just my opinion but if you already have your Sec+, CEH and CPTE, I would think you’re beyond GSEC.  I must admit that I’ve seen job ad’s with GSEC in there too.  I’d hope if they see you have a more advanced cert then GSEC, that would be sufficient.

Viewing 18 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?