I'm new to this community, but I have read a lot of good & interesting articles in here and that's the reason why I need your advice
I'm currently working as a network administrator for about 4 years now (it's my first job) and would like to go deeper into InfoSec. I spent most time of my day on router, switch and firewall shells, so I've got quite good networking fundamentals. Beside this I am a LPI - certfied Linux fanboy - well, I don't use Windows unless there's no other way, like in the world of Active Directory and I am a VMware enthusiast, because I love this technology and its impact.
I've got coding knowledge in VB.NET, PHP/SQL and basic ASM, C++.
Now I would like to realign my focus on InfoSec like attack and prevention mechanisms. I'm interested in InfoSec for over a year now and already have some basic fundamentals (like WebSecurity, BufferOverflows, usage of Metasploit and some other common tools) but I'm missing the in-depth details. That's the reason why I started to blog about things but this only helps a little. Now I've read a lot about certifications on EH and think those courses and (practical) exams are the best way to learn the details.
I'm currently thinking of going this way during the next 2 years:
CEH -> eCPPT Pro -> OSCP -> OSCE
(Taking the CEH and eCPPT Pro until summer, and the OSCP until end of 2012).
What do you think ?
By the way: My problem is that I have to pay most of the courses/exams out of my own pocket because my employer doesn't want to pay them. I hope that they'll pay at least the CEH
Thanks & Regards