March 11, 2010 at 7:57 pm #4790
This is my first post here and hopefully it makes sense.
I am going to take the security+ exam here soon and am wondering what is the next logical step in certs for security related knowledge? I want to take the sscp, gsec, ceh, and possibly scnp. The question is what order? I don’t have much of a desire to take the cissp as its more for management from what i hear and I want the technical hands on stuff.
So in your opinions what is next out of those certs?
Is the gsec harder then sscp?
Thanks for the help guys.
March 11, 2010 at 8:05 pm #30015KamiCrazyParticipant
From what I know of the SSCP it is a subset of the CISSP material.
GSEC is probably worth more to you if you are still starting out.
Although I would have to say that your choice of certs is not exactly the best choices for getting technical.
CEH is probably the most technical of the bunch and I would say that the amount of labs in CEH disappointed me.
I would heartily recommend OSCP if you are relatively proficient in areas of linux, scripting and networking. If you have those key basics down pat then OSCP will give you the maximum return on your money for learning hacking techniques.
Thats if you want to learn “Offensive Security” I assume you do because you are on an ethical hacking site. Rather than defensive measures like hardening, firewalls etc.
March 11, 2010 at 8:21 pm #30016
You are right that I dont want to learn to just harden systems and firewalls. I want to know ethical hacking as well. I just think I would understand the ethical hacking side better if I had a strong foundation of security topics and get the basics down. I have heard that the SSCP is a technical test where it goes deeper into the how and why then cissp where it is as they say a mile wide and an inch deep. I figured that the sscp was more deep then wide and could help me focus on the technical.
March 11, 2010 at 8:39 pm #30017KamiCrazyParticipant
The thing with SSCP is that there are just so many other more technical certifications to do, granted many of them are vendor specific but in the real world thats the gear you work with.
Also I think its important for you to decide on a specialisation and draw up a plan based on that goal.
Do you want to focus on networking, system security or coding? All 3 are important to ethical hacking but it is highly unlikely that you will be a guru in all 3.
March 11, 2010 at 8:59 pm #30018UNIXParticipant
From the ones you mentioned I probably would go for CEH first, as it should give you a good introduction to many topics of ethical hacking. Afterwards you might go for OSCP, as already recommended by KamiCrazy, which is very lab oriented and should teach you many practical techniques.
Btw, welcome to EH-Net. 😉
March 11, 2010 at 9:06 pm #30019KrisTeasonParticipant
Ill also second KamiCrazy on the suggestion of opting for the OSCP certification. Not only is it offered at an affordable price, it’ll actually teach you hands-on network penetration testing techniques.
If you really want to eventually obtain the CEH cert – I think the OSCP certification would definitely help just because you’ll have that BackTrack/Pen-Testing edge over people who haven’t taken the course.
I think we have a member on here named Dark_Knight who went for the CEH first before the OSCP (And Obtained Both) – maybe he could comment on this one?
In the end, if you don’t have much too much hacking experience – I’d go for what awesec said and do the CEH first, if your comfy with BackTrack – I’d go the Off Sec route.
Good luck on your test. 8)
March 11, 2010 at 9:14 pm #30020snortymcsnortParticipant
I found the GSEC to cover a wide range of areas (WindowsLinuxNetworking) and gave some really good information on tools you need to know if you want to do security. The training is kind of pricey, but it was definitely worthwhile. I did the CEH v.5 through self study and did not really find the class materials to be that good.
March 12, 2010 at 9:30 am #30021j0rDyParticipant
the best answers have already been given, but depending on your prior knowledge, it might be a bit different.
first of all, do you have ANY experience in the IT security field? if not i’d go with sscp first. then again if your going for sscp just skip that and go for cissp straigth away. its covers all the topics more widely (someone once told me its a mile wide, but an inch deep) and in the long run, your cissp will help you further in your carreer then sscp.
if you have prior knowledge about security and want to go to the dark side 😉 but have no knowledge about things like malware, virusses, etc. i’d suggest you go with ceh first. this will lay down the basics you have to know about all these things. ceh is perfect for getting that hacker mindset. it will also give some in depth experience with the standard tooling used. even though it is mostly focussed on windows tooling, the concept of the tooling is the same, regardless if its written for windows or linux.
when you get your foot in the tooling used, and the concept behind the tooling you can start on oscp. i think this particular one is significantly harder because of the (extremely) technical focus of the course. i must say i havent got the experience with this certificate yet, but i’m planning on starting it in a few days/weeks.
my opinion is that if you get through this in the order i described above, you are qualified to operate properly in a organization because of the knowledge you have got by cissp, you know the hacker mindset of a hacker by ceh, and have the technical skill to perform pentests by oscp.
in the future you can look at expanding your knowledge in the pentesting field by attending the ctp by offensive security or move over to the other side by going for certs like lpt.
good luck with your decision!
March 15, 2010 at 11:26 pm #30022d3l0nParticipant
Welcome to the forum kriscamaro68,
I would suggest either OSCP or CEH, with a preference to OSCP as the material and the labs are very informative and hands on. You will definitely learn a lot from it.
This is just my 2c.
April 3, 2010 at 3:38 am #30023dynamikParticipant
I wouldn’t go straight for the OSCP. While it’s definitely one of the more interesting and fun of the bunch, it’s going to be a bit of a jump from Security+ level.
I’d read these two books:
http://www.amazon.com/Network-Security-Bible-Eric-Cole/dp/0470502495/ref=sr_1_1?ie=UTF8&s=books&qid=1270264969&sr=1-1 (GSEC-type material by one of the GSEC authors)
You’ll probably want to pick up a solid Linux book as well. I like this one but there are lots of good beginner books: http://www.amazon.com/Practical-Guide-Commands-Editors-Programming/dp/0131367366/ref=sr_1_8?ie=UTF8&s=books&qid=1270265112&sr=1-8
Having some knowledge of Python/Perl/Ruby will come in handy too.
If you want a cert path, I’d do GSEC > SSCP > CEH > OSCP. That’ll take you from the foundation/conceptual/theoretical material to the more technical/in-depth/hands-on material.
Keep in mind, you certainly don’t need to do a previous cert in that list in order to take a more advanced one. Just make sure you’re at a comparable level of knowledge/skill. For example, you have a limited amount of time in the labs for the OSCP, and purchasing more time is relatively expensive, so you don’t want to squander that trying to learn Linux basics.
April 3, 2010 at 6:20 am #30024
As usual thanks for the info dynamik. That was the cert route I was thinking as well. Would you recommend throwing the GPEN in before the CEH? I have full access to safaribooksonline.com and will use that to its fullest extent. I will look for the books on there that you recommend. I signed up for SANS work study for the Salt Lake City forensics bootcamp. I will just have to wait to see if a get accepted.
April 3, 2010 at 1:44 pm #30025dynamikParticipant
I think GPEN would best fit in between CEH and OSCP. The CEH is entirely theoretical. I would think it’s possible to pass that exam without using a single tool. On the other hand, the OSCP is entirely technical. They do cover some theory in the training materials, but it’s mostly down-and-dirty in the labs. The GPEN is a nice blend of both, which is why I think it would fit best between those.
As mentioned earlier, that’s just the order I’d take them in if you were going to do all of them. I certainly wouldn’t tell someone you have to do all those certs before attempting the OSCP. Just make sure you’re at the appropriate level for whatever you’re going after, so you don’t find yourself in over your head. That’s no fun, and you end up wasting your time and money.
Let me know how that forensics course goes; that seems fascinating. I might make that my 2012 project once I get the rest of my to-do list cleared up.
April 7, 2010 at 6:52 am #30026TecknoParticipant
Hey, I am really new in this site and the reason i register here myself in is it becouse i have done three years studying the computer engineering and now i really wanna have knowledge and specialization in security and ethical hacking field. I have read several post out in internet like how to become a hacker. Those were good ones but they only want the reader to do the basis right. Don’t have info what to do next and how to start. I am studying certain languages and have knowledge of networks little bit. Now i am wondering if anyone can guide me to a good way. Thanks all
April 7, 2010 at 10:21 am #30027UNIXParticipant
Welcome to the forums, Teckno.
Can you give more details on what areas you are already comfortable with and where exactly in security you would like to go? Ethical Hacking is a broad area, so more information on your knowledge might give you more accurate recommendations.
- You must be logged in to reply to this topic.