.

Blank Canvas looking for advice

<<

cptl_G_1949

Newbie
Newbie

Posts: 2

Joined: Wed Sep 10, 2008 8:15 am

Post Wed Sep 10, 2008 9:33 am

Blank Canvas looking for advice

I realize the search function may yield better results for my questions, but if I could get some real time advice I would very much appreciate it. I have perused the site and forum for a few days now and would like to get some personally tailored advice.

Right now you're looking at someone who is a blank canvas of knowledge to be painted on. I have been working as a systems admin for 4 years in various forms of the DoD. This is a short time, but then again I'm only 21. Over those years, I've been exposed to, and become very interested in network security. For awhile I thought Forensics was where it was at, but I've slowly wandered away from that and in to Pen-Testing.

It's come to a point now where I am forced to take Security+ to keep my job (I only ever got A+ because I had to, I don't believe the certs make the man, the experience and proven applied knowledge do). I figure now that I'm going to take a cert, as rudimentary and basic as it is to some in this field, is going to start me down a security path, I ought to take a look at what is also available to enrich myself with.

So my question for you all, as long winded as I may sound, is...

If you were to give advice to someone who's goal is to become a pen-tester, and that person was at the very beginning of their career path, what would you tell them? What education would they need? What certs should they want?

My idea of what is needed goes as follows:

Sec+
Linux+ or RHEL
CCNA
CEH
OSCP

I realize this isn't glamorous or what the movies make it out to be, but it doesn't make me any less interested and it doesn't make me enjoy Sneakers any less either ;)
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Wed Sep 10, 2008 9:50 am

Re: Blank Canvas looking for advice

Looks like you are on the right path, but i will just alter the list slight just based on my experience to

CCNA
Sec+
Some sort of Microsoft cert
Linus+ RH
GSEC
OSCP

I moved the CCNA up because u need to have good understanding of networking before you dive into INFOSEc, the Microsoft cert is there because no matter how much you hate it still have a major share of the targets in pen testing and you should know about them. GSec if you can afford to do is a great security cert and training.

Hope this helps

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

cptl_G_1949

Newbie
Newbie

Posts: 2

Joined: Wed Sep 10, 2008 8:15 am

Post Wed Sep 10, 2008 10:11 am

Re: Blank Canvas looking for advice

Thanks for the reply vijay2! I really appreciate it.

I'm forced to do the Security+ first because of rules and regs, but it's completely free for me and I've been studying for it for a few months so I'm not concerned (all the practice exams I've taken have been passing).

I was debating between Net+ and CCNA, but from the sound of it I think I'll go with CCNA. My only caveat with that is how it expires in 3 years. Is it going to be frowned upon if I let it lapse because I've moved on to other subjects. Of course I could always go after one of the Cisco pro exams before my 3 years are up.
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Wed Sep 10, 2008 10:19 am

Re: Blank Canvas looking for advice

I don't think it will be frown upon if you let it expire in a few yrs time if your job requirements don't require it. I had a few of CISCO certs which i let expire because it was not part of my job. I don't even mention them anymore. Always put the relevant certs on the resume according to job requirements.

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Wed Sep 10, 2008 11:19 am

Re: Blank Canvas looking for advice

Rather then let you CCNA expire, I would just take one test on the pro tracks like you said. That's what I do, and the tests rarely take longer then a month to prepare for depending on your available time.
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Wed Sep 10, 2008 4:35 pm

Re: Blank Canvas looking for advice

I'm also in a similar situation as the op, about to embark on retraining for a potential pen-tester/information assurance job, with the difference that I've been a developer for quite a while now and want to move into the infosec side of things. 

I obviously can't speak from experience, but the way I'm going about it is to learn Assembly language and reversing software first, then moving onto other aspects.  I havn't really got a plan for it past learning to reverse at this stage, but I chose this way because it teaches the fundamentals of how computers work at a very low level.  it is also foundational for finding and executing buffer overflows for example and understanding exactly how malware works.

Thoughts?

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software