.

Looking for advice for career path as a Ethical Hacker

<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Sep 13, 2011 11:49 am

Re: Looking for advice for career path as a Ethical Hacker

don - this should be bookmarked forever. sil, thanks for taking so much time to write this up, now we can forever refer folks to this post and that other detailed page on your site...
<<

Disneycrack

Newbie
Newbie

Posts: 16

Joined: Sun Sep 11, 2011 8:08 am

Post Tue Sep 13, 2011 1:02 pm

Re: Looking for advice for career path as a Ethical Hacker

I would like to personally thank everyone for their help. I have been searching high and low for around 3 months trying to get some solid information, and you guys have laid everything out that I had questions about. Thank you so much for pointing me in the right direction, and I will be sure to stay around and contribute to the community as I further my studies in whatever I decide to do.

I extremely appreciate the time everyone has taken to help me. Thank you
<<

l33t5h@rk

Post Mon Oct 10, 2011 1:48 pm

Re: Looking for advice for career path as a Ethical Hacker

rance wrote:My typical answer to these types of questions is, you need to know a little bit about everything.


This is the worst part of answering this type of question. How does one explain that a person needs to know everything, and in great detail?
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Wed Oct 19, 2011 8:29 pm

Re: Looking for advice for career path as a Ethical Hacker

sil wrote:I think you need to pick your own poison and go from there. Think of security in terms of a baseball team. Here you are saying: "I want to play which position should I aim for?" What are your strengths and weaknesses. Focus on your weaknesses to bring them up to par with your strengths while in parallel upping your strengths.

In security, there are a lot of avenues to choose from. Forensics, pentesting, application security, cryptography, networking, etc. Each have their unique methodologies, technologies, protocols, pros and cons.

Examples:

++++++++++

Forensics. Where would you want to fit in? Working as an incident responder researching malware, researching e-Discovery, researching the cause of a compromise? What field? Pros: Banking, insurance, defense industries, huge Fortune 100s are always in demand for these types of individuals.

Cons: Job can be linear, stressful, repetitive.

Certifications: (real world relevant) GCFE, GCFA, EnCe, GCIH, ACE, CCE, GREM, WCNA (Wireshark), GCIA

++++++++++

Pentesting: Where would you want to fit in? Define pentesting. Too many companies have turned this field into a tool (Core Impact, Metasploit, Nessus, etc) however there is more to pentesting than running tools. In order to fit into a well rounded position, the document I linked you too will give you excellent foundations needed. You then need to progress into a more linear stage (focus on applications (which web application, business applications (SAP, etc)).

Pros: Can be fun, creative, non-linear (no two pentests are ever the same)

Cons: Industry has created too many retards that rely far too much on tools. Many industries are now mandated to have penetration testing (PCI requirement). With that stated, many companies are relying on point and click drop boxes (QualysGuard) and calling it a "pentesting day."

Certifications: (the ones that count) GPEN, CEPT, OSCP, OSCE, CPT, RWSP

++++++++++

Network security: Where would you want to fit in? Managing firewalls, IPS, IDS, DLP, acronym hell? Performing network analysis' with tools and hardware such as nGenius, Netwitness, Wireshark, etc., this can criss-cross the forensics realm.

Pros: ALL COMPANIES need network security period.

Cons: Can be as linear as in point A to point B

Certifications: (ones that count) WCNA, CC{N,D,S}P, GCIH, GSEC

++++++++++

Take note, all the certifications I listed are TECHNICAL, for those wondering why CISM, CISA, CGEIT, CISSP, etc isn't listed. And NO, the SSCP to me is not a technical cert. When I state "ones that count / relevant" I mean the ones you *truly* want to aim for as you WILL LEARN while getting them. Not to take anything away from say the C|EH, CHFI but it is what it is. I felt the certifications I listed would help you LEARN something as opposed to dumping a billion tools on your lap and telling you "hey this is a security tool, learn this tool's syntax and we will give you a shiny certificate!"

Your best bet regardless of any advice you see from me or anyone else is to determine something that you can enjoy while making money. I would hate to focus on Forensics only to have a job I hated doing e-Discovery 24x7x365. I know people that dread getting into the field. They work to dissect/analyze info, go to court, are stressed out as all hell. The money they make doesn't cover sanity, happiness.

Go over to Dice.com and check the markets for certs also. Search for the certification itself to see its demand and WHO is asking for that particular cert. That is a good baseline as is e.g:

http://www.payscale.com/research/US/Cer ... %29/Salary
http://www.payscale.com/research/US/Cer ... %29/Salary
http://www.payscale.com/research/US/Cer ... %29/Salary
http://www.payscale.com/research/US/Cer ... %29/Salary
http://www.indeed.com/salary/q-Forensic ... k,-NY.html
http://www.indeed.com/salary?q1=GREM&l1=New+York%2C+NY

Hope that helps


How did I miss this??? Great post Sil....I also agree that this post should be a sticky.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

millwalll

Post Thu Oct 20, 2011 4:17 pm

Re: Looking for advice for career path as a Ethical Hacker

Not a problem Disneycrack glad you found what you was looking for.
Previous

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software