.

New guy after some advice.

<<

Phyr3Ph0x

Newbie
Newbie

Posts: 10

Joined: Sun Jul 05, 2009 10:27 pm

Post Sun Jul 05, 2009 10:40 pm

New guy after some advice.

Hiya!  This is my first post on here, so I'll add some history in aswell...  Sorry if this is a bit long  ;)

I got out of the British Army 2 years ago after having been in for 10 years.  For that time I was just a regular PC user at work, but for the last 2 years in, and the 2 years since, I've been really interested in network security and hacking.

My resettlement training was pretty crap, with no real qualifications or certification and I managed to stumble into a helpdesk job purely from the fact I have security clearance!

In the last 4 years I've been studying on my own in view of moving into security / pen-testing, but I have no idea about how to go about this.
I've been a regular at 2600 meetings and have been using backtrack since it was Auditor, but my experience is still limited.
My current job is as a helpdesk bod on a nationwide network running unix, linux and windows, but I have NO chance of moving into the security side of it as that's all done from the states.

Any courses / certification will have to be self funded, as my employers won't pay for anything that has (in their oppinion) nothing to do with my job!

Essential, what I'm asking is, What are the best certifications to go for for someone starting at the very bottom, and how much will they actually influence me getting a job in that field?

Any help on this would be greatly received.

Regards,

`ph0x
Last edited by Phyr3Ph0x on Sun Jul 05, 2009 10:45 pm, edited 1 time in total.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Jul 06, 2009 2:19 am

Re: New guy after some advice.

I'd honestly say the Security+ is a great start to get you on your feet wet and into the field. From there you may want to work your way upward, perhaps along the road of : Sec+ -> C|EH or OSCP (Depending on how comfortable you are with Back Track, The OSCP isn't too highly recognized yet in the industry like it should be, but it'll prove your hands on practical skills in pentesting). Employers also like to see people with a CISSP cert too, so that's definitely something you want to set your eye on. I don't hold any of these personally so if someone wants to put me in my spot and say which he should go for first (or maybe even add a few in between), go for it.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Jul 06, 2009 5:16 am

Re: New guy after some advice.

Security+ by CompTIA and then CEH (certified ethical hacker) from Ec-council would be a good way to go as recommended by xXxKrisxXx.
Employes like to see someone with a CISSP on their resume but it is really quite hard to get and it will take probably too long to be on your todo-list at this point..still something you should consider after you got more experience.

Another thing which may help you is to support some opensource projects or write articles if you feel comfortable with this.

Another thing which is often recommended is to start a blog where you could write about your projects and proceeds.
<<

Phyr3Ph0x

Newbie
Newbie

Posts: 10

Joined: Sun Jul 05, 2009 10:27 pm

Post Mon Jul 06, 2009 4:27 pm

Re: New guy after some advice.

Hiya!
Thanks for the replies and advice.

I've been thinking about doing the comptia certs...  The N+, S+ and Linux+ ones.
I have some older CBT nuggets videos for all three and a few inherited study guides for them, but they're all a few years old.  Hello Amazon!  ;D

I'm not sure how I'd be able to convince EC to let me have a go at the CEH, as I have no official security experience and as far as I'm aware, they want 2 years proveable in-job experience.  Hmmm...

As for the OSCP, that sounds like so much fun! ;)  I'd love to give that a go in the future!

Regards,

`ph0x
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Mon Jul 06, 2009 7:03 pm

Re: New guy after some advice.

Unless you just need to demonstrate your networking knowledge, I'd avoid Net+.  I have it and can honestly say the test was completely worthless.  Security+ isn't a bad way to go for an initial cert if you want to work in the field. 

My personal recommendation for a networking certification is the CCNA.  While it is harder than N+, employers know that.  It demonstrates that you have actual marketable skills including basic configuration and troubleshooting of Cisco routers and switches.  Some people will say that CCNA doesn't prove you can do anything marketable.  I disagree.  Others will say that CCNA isn't as good as Net+ because it is vendor specific.  While that's true, lets face it, Cisco rules the market.  Additionally, I find that the knowledge for CCNA is a superset of the knowledge required for Net+. 

For that matter, if you can pass CCNA on your best day, you can pass Net+ after an all night bender (hangover included).

This is my unbiased advice.  I don't work for Cisco or Comptia and I have both certs (although if I trade my Net+ paper for my $125, I'd take it).
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Jul 07, 2009 12:32 am

Re: New guy after some advice.

Phyr3Ph0x wrote:[...]
I've been thinking about doing the comptia certs...  The N+, S+ and Linux+ ones.
I have some older CBT nuggets videos for all three and a few inherited study guides for them, but they're all a few years old.  Hello Amazon!  ;D

I'm not sure how I'd be able to convince EC to let me have a go at the CEH, as I have no official security experience and as far as I'm aware, they want 2 years proveable in-job experience.  Hmmm...
[...]


Although they are older it shouldn't be a big problem as the basics did not change that much. ;)
If you already have them use it for studying as it won't hurt anyways. Additionaly there are plenty of free resoruces available too on networking stuff (as well as some excellent books).

I did the CCNA some time ago and really liked it, tough I can't compare it with N+. As former33t already wrote, Cisco is the leader in this area and it is surely a good thing to have the CCNA cert. Besides you won't learn only Cisco specific stuff but also networking in general.

In terms of EC - I don't know how hard they adhere to the 2 years rules. But I would try to still ask if you can do it and explain your situation. When you have already done some other certs (e.g. CCNA and Security+) and write you work done so far, projects you worked on etc., maybe you could do it even without the 2 year rule.
<<

Phyr3Ph0x

Newbie
Newbie

Posts: 10

Joined: Sun Jul 05, 2009 10:27 pm

Post Wed Jul 08, 2009 1:42 pm

Re: New guy after some advice.

Hiya.
Thanks again for the responses...

The main reason I was thinking of doing the N+ first is that my basic network knowledge still has some pretty big gaps, mainly in the whole 7 layer model...
My reckoning was that I'd do the N+ to get those basic's down and then move on to the CCNA...

Regards,

'ph0x
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Jul 09, 2009 12:08 am

Re: New guy after some advice.

If you can afford the money, doing N+ and CCNA is not bad, but some topics still may be covered twice. However, after you have finished one of them you still can decide to do the other or move to a third one such as Security+.
<<

Phyr3Ph0x

Newbie
Newbie

Posts: 10

Joined: Sun Jul 05, 2009 10:27 pm

Post Thu Jul 09, 2009 2:22 pm

Re: New guy after some advice.

Hiya.
That was pretty much my thoughts on it...  I'm now planning on the N+, followed by the S+, with the required top-up for the CCNA somewhere along the way...

Once, again, thanks for the comments, thoughts and info!

Regards,

`ph0x
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Thu Jul 09, 2009 2:46 pm

Re: New guy after some advice.

This is the order that I earned my certs and it has helped get my current job.

Security+ -> OSCP -> CEH

And I'm currently considering taking a review course on CISSP. This is the cert I want to take next.

I graduated college with a bachelor degree in Civil Engineering which had nothing to do with security, however, during the course of my studies I  read books, practiced and experimented with everything that had to do with security and hacking. With this knowledge and because my first employer was a start-up security company I was able to get a job as a beginner security analyst.

So it looks like you have the basic concepts and enough knowledge to get yourself a job in this field. Just try look for a company that is starting out but remember since its a start-up company the pay maybe low but you have to start somewhere, right?

Good luck!
Security+, OSCP, CEH
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Thu Jul 09, 2009 2:49 pm

Re: New guy after some advice.

Oh yeah, I forgot to mention that I had no certs when I got my first security job.
Security+, OSCP, CEH
<<

Phyr3Ph0x

Newbie
Newbie

Posts: 10

Joined: Sun Jul 05, 2009 10:27 pm

Post Fri Jul 10, 2009 12:20 pm

Re: New guy after some advice.

Hiya.

Blackazarro, that's the type of comment I really want to hear!  I'm worried that I'm going to push myself through this, paying for these certificates with my own money, and end up back on the Helpdesk as I can't find a job in network security or pen-testing.
Also, with the way the economy is in the UK, I don't know how many start-ups there are going to be, or companies hiring (very) new people.
Oh well, time will tell I suppose!

Regards,

`ph0x
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Jul 10, 2009 12:26 pm

Re: New guy after some advice.

If you want to get into penetration testing and live in UK you should also take a look at CHECK, which is required when testing goverments. Though this might be interesting for you after you did one of the others.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jul 10, 2009 2:04 pm

Re: New guy after some advice.

If this is what you really want, then a bad ecopnomy shouldn't stop you. It will push your time frame back, but then again so will you if you don't start right now. If you keep pushing, eventually when all this economic mess is done, you'll be much further along them if you waited to start getting certified, educated, etc.

Just Do It!!

Don
CISSP, MCSE, CSTA, Security+ SME
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Jul 10, 2009 2:19 pm

Re: New guy after some advice.

Although a little off topic.. Don's post reminded me on his very good presentation he gave some time ago which is titled "DIY Career in Ethical Hacking", which might motivate you even more. It is certainly worth to listen too. ;)

Normal version
R-Rated version

If you liked it then be sure to check out Rob Fuller's Couch to Career in 80 hours or less presentation too.
Next

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software