H1t M0nk3y wrote:
But guys, I really feel like I wrote a few posts that nobody read!
You're spot wrong
I read your post in fact I read everyone's comment before I post my own just in case I want to add more than one response. The fact is, I was going to add your initial comment in as well but it would have been an extremely long thread. I also wanted to avoid "adding to SOMEONEs" comment so no one feels that I'm singling them out or correcting them since I can be misunderstood. Meaning, I wouldn't have wanted you to think I was disagreeing or singling your comment out as being wrong/inconsistent/incorrect/etc. So here goes...
You gave solid advice that you followed that has helped you so far: studying about 2 hours a day, 5 days a week for the last 20 months will lead me somewhere. I have planted seeds and it is growing. OSCP is one seed for sure, but not the entire field
You too have realized that there really isn't a definitive beginning nor path. There are different routes one *can* take in an effort to get closer to a destination. That destination however is something that only the person posting a question can answer.
I posted a summary (a long one) about my foray into security when I won the GIAC last year and rather than repost it all, I will submit the link so that hopefully, cd1zz, skitch and others can get an idea of my background http://www.ethicalhacker.net/component/ ... /#msg31286
... Experience boils down to what you GAIN from something you have done and or learned. Collectively I STILL spend way too much time in front of a machine (almost 14 hours solidly per day). When I first started getting heavily involved in security, there were times I would spend an entire 24 hours or more in front of a machine learning. The difference between say when I started and now is, now it is much easier to do things... This does not equate to understanding what you are doing.
For example, ask any 10 network admins or engineers with 5-10 years experience immediately in your range to explain what's a NAT tuple or how is aggressive mode BETTER for networking, yet worse for security and I guarantee you the likelihood of any one of them truly understanding it is zero (you MIGHT find one.) Does this mean they're dumb or less experienced, no, just means they've learned differently at a more rapid pace overlooking the intricacies which sometimes make or break a "senior" versus regular engineer or admin.
So to everyone here who takes the time (and aspirin) to read my posts, I'm no better than anyone here. I may have more experience in certain arenas and I certainly enjoy sharing an alternative point of view. This is what dialogue is all about, learning from one another. Never take any of my posts as "demeaning" or trying to lessen either experience or an area. I offer an opinion as does everyone else. Everyone has an experience to share however, not everyone knows the route which is proper for one another, else we'd all be mind reading millionaires bored out of our mind.
My suggestion skitch, is that of Offensive Security... Try harder ... Not to crack, but at opening up your mind because at the end of the day, your mind is the greatest tool. Not some cert, not some tool, not someone's advice or opinion. Remember in school, they always taught you that 1 + 1 = 2 yet when you got into programming that whole framework was shatter when you realize that 1+1=1 ... One drop of water plus one drop of water equals one BIGGER drop of water. Its all about interpretation and creativity.