.

Reply…

<<

sharabhs

Newbie
Newbie

Posts: 20

Joined: Mon Jul 20, 2009 8:26 am

Post Mon Jul 20, 2009 8:32 am

Reply…

Hi All,

I am basically from Black box testing background, and involve in security testing from last 1yr. Now I really want to take security as a career.

So, Please guide me how I can proceed and which certificate is best to start with.

Thanks In Advance.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jul 20, 2009 9:10 am

Re: Reply…

We need a bit more on where you want to go?  What exactly do you want to do in security?  Pentesting, IDS / firewall management, etc?
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Jul 20, 2009 9:15 am

Re: Reply…

Hi and welcome to EH-Net, sharabhs.

When you have already experience in (black box) pentesting you should have some knowledge in security and have many requirements needed to "make career" in security.

Don gave some time ago a very good presentation which is titled "DIY Career in Ethical Hacking", which might give you some tipps.

Normal version
R-Rated version

If you liked it then be sure to check out Rob Fuller's Couch to Career in 80 hours or less presentation too.


I would recommend you to search through the forums as many others have the same desire as you. A recent thread which might help you can be find here.
<<

sharabhs

Newbie
Newbie

Posts: 20

Joined: Mon Jul 20, 2009 8:26 am

Post Tue Jul 21, 2009 7:09 am

Re: Reply…

Hi Ketchup/awesec,

Thanks a lot for your reply, ketchup exactly i want to go for pentesting, can you explain what about the career prospect as a pentester.

awesec, thanks for sharing really good and motivated pdf.

Actually, i am looking for guidance for certifies

Thanks,
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Jul 21, 2009 7:20 am

Re: Reply…

Depending on where you are located different certificates may be more important than others.

Because of your first post I assume that you have already at least basic knowledge in security, therefore I won't recommend Security+ by CompTia and similar ones.

Most job offers I saw asked for at least one of the following (in no particular order): OPST, OPSA, CISSP, CEH;

CEH (Certified Ethical Hacker) by EC-Council and CISSP by (ISC)² seems to be the ones one should definetily have on his/ her CV/ resume. But again, if you have only the possibility for one or two certificates, e.g. because of money, it should be considered in which area in security/ pentesting you would like to work. E.g. if you are more interested in malware analysis and research, the GIAC Reverse Engineering Malware (GREM) certificate by SANS may help you more than CISSP.

There are various different areas in penetration testing, so it may help to know in which specifically you are most interested.
In general or if you don't know which area caught your interest most, I would recommend CEH and CISSP.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Jul 21, 2009 7:23 am

Re: Reply…

Certification for pentesters has also been discussed quite a bit around these forums.  A good starting point is the CEH, which is a pretty basic but pretty well rounded cert.  OSCP would be a great hands-on certification and is very well respected by the folks here and out there. SANs has quite a few great courses as well, which are a bit more expensive than others.  
~~~~~~~~~~~~~~
Ketchup
<<

sharabhs

Newbie
Newbie

Posts: 20

Joined: Mon Jul 20, 2009 8:26 am

Post Wed Jul 22, 2009 1:06 am

Re: Reply…

Hi All,

I have the same plan in my mind, start with security + and then go for CEH.

So first talk about security +, can anybody share which is the best place for study material and anything related to security +, that can help.

Well, i am from INDIA, anyone have idea about security JOB prospect here.


Thanks,
Sharabh Sharma
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Jul 22, 2009 1:28 am

Re: Reply…

It shouldn't be too hard to find resources for Security+ as it covers mostly basic stuff.

On CompTIA's official website you will find Exam Objectives, Practice Tests, Training Materials and more.
CBT also offers free videos to get a first impression on the video trainings. You will also find one for Security+ (2008).

When you take a look at amazon you will find some books which focuses on security+, but be careful as those often were written for S+ 2003 and not S+ 2008. However, I don't know how big the difference is.

There are also quite a few video trainings available, e.g. from CBT Nuggets. Haven't worked through them yet, but I heard that they are good.

Maybe this site will help too.

You may also browse through the forums as there are a few threads about the S+ certificate.
Last edited by UNIX on Wed Jul 22, 2009 1:36 am, edited 1 time in total.
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Wed Jul 22, 2009 4:47 pm

Re: Reply…

I found this book to be the best one for the exam:
http://www.amazon.com/Security-Study-Gu ... 14&sr=8-12
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software