.

My new career path..tell me what you think?

<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 22, 2011 6:28 pm

My new career path..tell me what you think?

I'm really interested in linux/wireless/wireless security/ and pentesting.

Currently I work as NOC/ linux support, so I'm gaining networking and linux experience. I just obtained my Linux+ this week and I want to learn more about linux but  would the RHCSA/RHCE be useful for pentesting or is that just overkill?

For the wireless portion; I would like to get all 4 of the CWNP's certs and maybe the cisco wireless certs but most people say to focus on the CWNP certs.

After I get the CWNA, that's when I'll start studying for the pentesting certs. I would really like to get the GPEN and GAWN certs first then maybe OSCP or GWAPT. But then again, maybe start with eCPPT/OSWP/ security tube wireless cert than SANS?

Tell me what you think?
OSCP in progress
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Sat Oct 22, 2011 9:11 pm

Re: My new career path..tell me what you think?

You just said the everybody dilema. " I want to be this and this and this" after that I want to be a pentest, etc, etc. The problem is that only those fields cover a lot/time/knowledge.

This is my way, maybe I am wrong but I've been moving around and I never get anything done. So I did my plan in writing:

1. Linux Skills (selfstudy) – Done – Took 1 month and 20 days (10/20/11)
2. Python skills (selfstudy) - Process
3. Wireshark skills (monitoring) (selfstudy)
4. Wireless certification from Offensive Security (Online training)
5. Web pen tester certification from Elearnsecurity (online training)
6. OSCP certification from Offensive Security (online training)
7. CEH (selfstudy)
8. GPEN (selfstudy)

I am working on that plan and sometimes I want to change it. Yes I will do it (the order) but no the subjects. When I begin to read specially this forum I want to begin to do this and that again, then I open my plan and see where I am and keep going.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 22, 2011 10:19 pm

Re: My new career path..tell me what you think?

Yeah I almost had the same plan but my python and wireshark study is up in the air. But I should probably learn python before I try GPEN.
OSCP in progress
<<

hurtl0cker

User avatar

Jr. Member
Jr. Member

Posts: 73

Joined: Thu Nov 18, 2010 10:09 am

Location: WWW

Post Sat Oct 22, 2011 10:20 pm

Re: My new career path..tell me what you think?

I am more interested in Network part of Security. For now most of my learning part is going on self pace, thanks to my college library for having awesome books.
One major reason that I aint going for any certs now is not having $$  :P
I can be pretty stingy on things  ;D but I really don't mind spending money on two things:
- Hardware
- Good Documentation

My path is some thing like:
- Linux Skills (Self pace) - there is a huge amount of material online.
- Protocols (TCP/IP...) - some good books like TCP/IP Illustrated
- nmap - lucky to have Fyodor's book at library
- Wireshark Skills - Wireshark has really nice user guide and wiki.(and lots n lots of practice)
- Higher concepts like Firewall's and IDS
- Python Skills - there are plenty of good books(some are free), this is something I have been focusing mostly on because at some point you feel like you can't turn your ideas into code. So my focus is more on coding.

This list and some others  will keep me busy for quite some time.

My certification path would be something like:
CWNA - To get started with wireless things.
OSWP - getting deeper into wireless security
OSCP  - Once I am comfortable with the above skill (and some other skills) I am going for OSCP. I am not in for eCPPT, as it covers almost the same stuff like OSCP except it focuses more on Web App's security.

Coming to your point,
"Linux +" skills will be pretty much fine for going further into security. if you have time & bucks, you can consider RH certs.

In the wireless portion, I would rather suggest to focus on CWNP certs because they are vendor neutral certifications.
After CWNP certs, as your focus is wireless you can go for OSWP, that course is pretty nicely laid out. SANS certs are good but they come with a big $$, I feel like Offensive Security certs come with a good learning curve and are not too pricey for what they offer. GPEN would be a nice place to start with.

eCPPT is good with the Web Apps security modules and you can also take a look at "So You Want To Be A Web App Pentester" by Joe McCray.
Last edited by hurtl0cker on Sat Oct 22, 2011 11:10 pm, edited 1 time in total.
“Knowing is not enough; we must apply. Willing is not enough: we must do.”
- Bruce Lee
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 22, 2011 10:45 pm

Re: My new career path..tell me what you think?

hurtl0cker thanks for the input. So now I'll probably put the RH certs on hold if they wont benefit me that much for security.
OSCP in progress
<<

n3r

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Wed Sep 28, 2011 1:06 am

Location: paris

Post Sun Oct 23, 2011 2:56 pm

Re: My new career path..tell me what you think?

Hi !
here is my way :

Right now i'm passing my degree in networking so i have started with TCP/IP Protocol, Linux skills, C Language, SQL, Java.
In my free times i study on Python skills and wireless. I plan to go to OSWP when i'll be comfortable and have the money.

After i'll probably go to OCSP and CEH as CEH is most important for the french companies...
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sun Oct 23, 2011 3:08 pm

Re: My new career path..tell me what you think?

How often will pentesters use SQL and Java?
OSCP in progress
<<

n3r

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Wed Sep 28, 2011 1:06 am

Location: paris

Post Sun Oct 23, 2011 3:15 pm

Re: My new career path..tell me what you think?

i don't know  ;D
but in my degree we have a C course and introduction to others languages, so SQL and Java. I didn't choose  ::)
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sun Oct 23, 2011 3:26 pm

Re: My new career path..tell me what you think?

oh lol. Well it's good you're learning those languages..only if I had enoug time in the day. When do you think youll start your 1st pentesting cert?
OSCP in progress
<<

n3r

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Wed Sep 28, 2011 1:06 am

Location: paris

Post Sun Oct 23, 2011 4:11 pm

Re: My new career path..tell me what you think?

I don t know. I have been working hard on wireless pentest and my virtual wireless lab.
But I have no idea if I m ready for OSWP.
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sun Oct 23, 2011 10:17 pm

Re: My new career path..tell me what you think?

My goal is to have 2-4 pentesting certs before next DefCon. I really want to try the challenges against other professionals and see how I compare.
OSCP in progress
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Sun Oct 23, 2011 10:25 pm

Re: My new career path..tell me what you think?

Great. Remember one thing, it is not the certification when you compare with other people, it is skills and knowledge
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

idr0p

Newbie
Newbie

Posts: 49

Joined: Fri Jun 17, 2011 8:46 pm

Post Mon Oct 24, 2011 12:43 am

Re: My new career path..tell me what you think?

One thing to remember is to expect to be derailed. My path has changed sooo much since i started, for example i expected to do the OSCP and CISA among other things by now. Like the greats you must be able to adapt.

My path was the following.

Linux (When i was in H.S.)
Network Security (College Degree)
Learned Python (In College)
I got a Info Sec Analyst Job (which I am now.)
Took GCIA
Took GCIH
Took GPEN
Taking GWAPT exam - err... thursday *crosses fingers*
Going Back to School for M.S. CIS
Looking to take EnCe
Then GCFA and CCE
Then GSEC, CISSP
Finally GSE

I really want to throw the OSCP in there somewhere. it may have to wait until i complete school.

As for impulses path i would change it to the following.
1.  Linux Skills (selfstudy) – Done – Took 1 month and 20 days (10/20/11)
2.  Python skills (selfstudy) - Process (this will be a never ending step. push to background look at 'gray hat hacking with python') &
3.  CEH (do this earlier it will set a good foundation)
4.  tcpdump / Wireshark skills (monitoring) (selfstudy) (first understand tcp dump and packet analysis, you will get wireshark better.)
5.  Wireless certification from Offensive Security (Online training)
6.  Metaploit / Nessus Skills (self study) (understand how exploits and payloads work. pre and post exploitation)
7.  OSCP certification from Offensive Security (online training)
8.  GPEN (selfstudy) (the business side of pen testing)
9.  Web pen tester certification from Elearnsecurity (online training)
10. GWAPT?
GCIA GCIH GPEN GWAPT
Up Next: CISA CISSP
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Mon Oct 24, 2011 8:00 am

Re: My new career path..tell me what you think?

impelse,

In no way do I think certs will put me in elite status, but they do help my learning and hopefully point me in the right direction.

idr0p,

Thanks for the input. Right now I'm hoping to take a SANS course next april/may with my tax returns =) lol but then again..maybe I should hold off until I actually get a security job (since you have to renew them every 4 years).

I have a few questions for you...
How long after college did it take for you to land a info sec job?
Which of the SANS courses did you like the most so far?


thanks
OSCP in progress
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Mon Oct 24, 2011 11:19 am

Re: My new career path..tell me what you think?

Those are good ideas.

When i said learn Python is only read two books, I am reading Python® Programming for the Absolute Beginner, Third Edition and then Hacking: The Art of Exploitation, Second Edition

For wireshark I am watching Laura Chapell videos (going deep to tcp).

I will stuck there until I complete and keep according the plan with some modifications.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
Next

Return to Career Central

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software