.

URGENT: Need advice

<<

nikhilnangia

Newbie
Newbie

Posts: 3

Joined: Tue Jan 26, 2010 7:18 pm

Post Sun Jan 31, 2010 1:33 am

URGENT: Need advice

I am a Masters student of IT at UNC Charlotte. I have decided to take up Information Security as the concentration.
Can you please advice me what all certifications i need to do in this field? I know abt CEH only. I want general advice on how to get knowledge abt latest security issues.
I am already a CCNA, but donot think CCNP is useful for me.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Jan 31, 2010 10:03 am

Re: URGENT: Need advice

There are many avenues you could pursue, dependent upon where you want your career to go.  Additionally, if you're looking for what may qualify for course credits, etc, you'd obviously need to check with the university.

That said:

If you're looking for management style, or overall infosec, you might look at CISSP, CISA / CISM, etc.

If you're looking to be more of the proactive, penetration testing / malware analysis side of things, you could look into the follow-up to CEH, the ECSA/LPT.  You could also look at the OSCP, or look into the SANS security certifications, such as the GPEN (SANS 560)

If you're looking for more of a law-enforcement, forensics side of things, you might pursue something along the line of the CHFI (Forensics Investigator) or others of that nature.

It's all dependent on what you want to do, etc.  I wish you luck, and you've found the right place to ask the questions, so fire away, and we'll all be glad to discuss!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Jan 31, 2010 10:15 pm

Re: URGENT: Need advice

SANS (sans.org) has a wide range of classes that are just related to pen testing. They have classes for managers, auditors, and coders too. In my experience the training has been top notch. I highly recommend them.
twitter.com/timmedin | http://blog.securitywhole.com
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Mon Feb 01, 2010 9:34 am

Re: URGENT: Need advice

My advise is to look at the different forums on this site, because as previously mentioned there are a lot of paths to take in Information Security.  Some of the certifications are entry level, like the CompTIA certs and even some of the SANS classes, like SEC 401, others are intermediate C|EH, OSCP, and others still are more advanced like the CISSP, CISM, CISA.

A lot of certifications require you to meet prerequisites, which usually deal with experience or education.

I would recommend that you take some time, look through the forums.  See what you may be interested in.  There are areas like Incident Handling (cleaning and mitigating hacker attacks), Intrusion Detection (catching the hackers when they strike), Penetration testing/Ethical hacking (making sure the hackers can't get in), Malware (studying what tools hackers use and how to defend against them), etc.  Just kick back and read, read, read.  there is no easy path into information security.

Btw, welcome to the site.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

nikhilnangia

Newbie
Newbie

Posts: 3

Joined: Tue Jan 26, 2010 7:18 pm

Post Mon Feb 01, 2010 3:00 pm

Re: URGENT: Need advice

THANKS A LOT everyone for the guidance.

I am looking at acquiring skills to become a penetration tester/ethical hacker with the use of tools. I have the following questions in this regard:

Q1. What certifications do u recommend- CEH by EcCouncil or certifications by SANS?
Q2. Do we have tutorials on the forums for my field of interest?
Q3. My friend told me that i shud get my hands on Backtrack or Nessus.. can I learn them without professional training?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Feb 01, 2010 3:15 pm

Re: URGENT: Need advice

You can pretty much learn any tool without 'professional training'  However, the drawback is you have to measure the time to research and learn the tools against the time it might save by learning them from a professional instructor, or in a formal class setting.  What you'll need to do is to do some analysis and spend some time really deciding on which approach is best suited for you. 

If you're capable of self-study, and have a nice lab setup that you can 'play' against, then by all means, it can be more affordable to study for yourself.  If you learn better by watching and listening to someone else (if you're more of a senses learner than a reading learner,) then you would probably be better served attending a bootcamp or more formalized class.  Being that you're pursuing your degree at UNC, I'd be willing to bet you know your best-suited learning style, and comfort zones, and will probably make the best choice for YOU! 

As for tutorials, if you browse the site, there are plenty of links to sites where tutorials abound.  De-ICE and other pre-built distros exist to 'hack against' and learn with.  (implied search hint here for the EH-Net forums ;D )

Good luck, and as you find more to play with and learn, feel free to continue to ask.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Mon Feb 01, 2010 4:15 pm

Re: URGENT: Need advice

Yes, I recommend you to see the http://heorot.net/ trining
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Fri Feb 19, 2010 10:30 pm

Re: URGENT: Need advice

Both Backtrack and Nessus are handy tools.  Just a few things to keep in mind (I am on the path of transitioning from Sys Admin to Info Sec)... I have observed the newest version of Nessus can produce a good amount of false positives.  Not good to tell someone there site is vulnerable to something when it is not.  Learn to not fully rely on the tools and learn to work your way through the vulnerability.  Which I found, as someone who loves puzzles, the most fun part of the game! :D  Backtrack is great but one thing I found with that is there are so many tools crammed into it that you might find yourself wondering which one is the correct one to use.

As for certs, I too am trying to determine where to proceed.  One suggestion I found was the GISF cert.  It is a pricey cert to get, but could be worth it.  An important factor with Info Sec is knowledge and experience.  If you can gain those, then getting the certs won't be as difficult.

Good luck!!
Certs: GCWN
(@)Dewser
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Feb 21, 2010 12:31 am

Re: URGENT: Need advice

I think that formal training will help with the methodology.  While you can learn how to be effective with just about any tool, it can be more difficult to learn how to put them together to achieve results.  This is where learning from others' experience is helpful.  It can be difficult to assemble this knowledge on your own.
~~~~~~~~~~~~~~
Ketchup
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sun Feb 21, 2010 11:03 am

Re: URGENT: Need advice

CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com

Return to Career Central

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software