.

need advice: which cert to go for

<<

kriss332

Newbie
Newbie

Posts: 5

Joined: Sun May 27, 2012 2:09 am

Post Tue Jun 12, 2012 4:44 am

need advice: which cert to go for

Hello to  all,
   
    Well, this is my first post and a question about what to do. Presently I want to get OSCP or any equivalent cert madly. So that i could get into ifosec field.  Further plans laterz.  About my present condition:-
   
    I have started to learn everything that could help me get Certs. I already learnt C,C++, CCNA. Presently learning RH linux, Python and MS Servers (all through Cbt Nuggets). And I started all this 1 year back. I have once prepared for CEH but later I dropped the idea about CEH cert.
      I have a good grasping power, provided I get good study material. The wholesole resource of my study material is Torrents only. . 
 
    I want to get advice from all of u on what all things i should opt. OSCP is is quite hard for newbies. So before opting for it i want to get a deep
understading of everything.
    e-learning security course material is also not available on torrents. I have seen SANS security stuff on torrents. Any stuff anybody would suggest worth studying? Plz keep in mind that in my country $ has a high price. I cant signup a course just for learning.I can spend on certs only. Moreover i have got 7 yrs remaining in my job. By that time i want to get to an expert level. So plz suggest the needed path. Welcome to all advices. Thanks...Kriss332
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Tue Jun 12, 2012 8:52 am

Re: need advice: which cert to go for

The wholesole resource of my study material is Torrents only


*Sigh* My first suggestion would be to stop stealing the results of other folks hard work. This is the Ethical Hacker Network and these sorts of things are frowned upon around here. As an author, this particularly makes my blood boil.

Secondly, sitting around and watching security videos so you can accumulate more certs (I'll assume there are some braindumps involved here as well) isn't going to get you anywhere. The first time you have to sit for an actual technical interview you'll go to pieces. You need to jump in and get some real hands-on time with the tools and technologies and apply the concepts.
<<

kriss332

Newbie
Newbie

Posts: 5

Joined: Sun May 27, 2012 2:09 am

Post Tue Jun 12, 2012 9:22 am

Re: need advice: which cert to go for

It is not about stealing others hardwork. I dont have good financial background, so that i could spend on gathering basic knowledge, sorry if it hurts u.well, today sombody can act like shouting on me, becoz i am seeking for guidance. But tomorrow if I master these things, I am going to welcome everybody open heartedly when someone asks for any help. Here i just wanted to ask for guidance about what to do,not for any help from anyone. I am capable of helping myself, thanx alot.
Last edited by kriss332 on Tue Jun 12, 2012 9:35 am, edited 1 time in total.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Jun 12, 2012 9:43 am

Re: need advice: which cert to go for

kriss332 wrote:It is not about stealing others hardwork. I dont have good financial background, so that i could spend on gathering basic knowledge, sorry if it hurts u.well, today sombody can act like shouting on me, becoz i am seeking for guidance. But tomorrow if I master these things, I am going to welcome everybody open heartedly when someone asks for any help. Here i just wanted to ask for guidance about what to do,not for any help from anyone. I am capable of helping myself, thanx alot.


There really is no need for you to go on the defensive. The fact is that it is stealing. Even if you are not on sound financial footing there are several other options outside of torrents that can get you started.

Jason also offered you solid advice. Maybe its not what you wanted to hear.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

kriss332

Newbie
Newbie

Posts: 5

Joined: Sun May 27, 2012 2:09 am

Post Tue Jun 12, 2012 10:27 am

Re: need advice: which cert to go for

Jason, dark_knight ! Thanks for posting. I understand i have to get into doing it all. I am absolutely ready for that. I have my own VM Ware lab for that. But i should know atleast what to choose. There are plenty of courses out there. But which one will suit me at this situation. Offcourse i will sign up for a security course. And seriously i have money saved for just that only. One bitter truth is that:-  torrent is stealing only. I accept it.
    Ok apart from this can someone suggest me the path? I'll be very grateful.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Jun 12, 2012 11:25 am

Re: need advice: which cert to go for

kriss332 wrote:Jason, dark_knight ! Thanks for posting. I understand i have to get into doing it all. I am absolutely ready for that. I have my own VM Ware lab for that. But i should know atleast what to choose. There are plenty of courses out there. But which one will suit me at this situation. Offcourse i will sign up for a security course. And seriously i have money saved for just that only. One bitter truth is that:-  torrent is stealing only. I accept it.
   Ok apart from this can someone suggest me the path? I'll be very grateful.


This should get you started:
http://infiltrated.net/TechnicalSecurityRoadmap.html#

Sil:
I think you need to pick your own poison and go from there. Think of security in terms of a baseball team. Here you are saying: "I want to play which position should I aim for?" What are your strengths and weaknesses. Focus on your weaknesses to bring them up to par with your strengths while in parallel upping your strengths.

In security, there are a lot of avenues to choose from. Forensics, pentesting, application security, cryptography, networking, etc. Each have their unique methodologies, technologies, protocols, pros and cons.

Examples:

++++++++++

Forensics. Where would you want to fit in? Working as an incident responder researching malware, researching e-Discovery, researching the cause of a compromise? What field? Pros: Banking, insurance, defense industries, huge Fortune 100s are always in demand for these types of individuals.

Cons: Job can be linear, stressful, repetitive.

Certifications: (real world relevant) GCFE, GCFA, EnCe, GCIH, ACE, CCE, GREM, WCNA (Wireshark), GCIA

++++++++++

Pentesting: Where would you want to fit in? Define pentesting. Too many companies have turned this field into a tool (Core Impact, Metasploit, Nessus, etc) however there is more to pentesting than running tools. In order to fit into a well rounded position, the document I linked you too will give you excellent foundations needed. You then need to progress into a more linear stage (focus on applications (which web application, business applications (SAP, etc)).

Pros: Can be fun, creative, non-linear (no two pentests are ever the same)

Cons: Industry has created too many retards that rely far too much on tools. Many industries are now mandated to have penetration testing (PCI requirement). With that stated, many companies are relying on point and click drop boxes (QualysGuard) and calling it a "pentesting day."

Certifications: (the ones that count) GPEN, CEPT, OSCP, OSCE, CPT, RWSP

++++++++++

Network security: Where would you want to fit in? Managing firewalls, IPS, IDS, DLP, acronym hell? Performing network analysis' with tools and hardware such as nGenius, Netwitness, Wireshark, etc., this can criss-cross the forensics realm.

Pros: ALL COMPANIES need network security period.

Cons: Can be as linear as in point A to point B

Certifications: (ones that count) WCNA, CC{N,D,S}P, GCIH, GSEC

++++++++++

Take note, all the certifications I listed are TECHNICAL, for those wondering why CISM, CISA, CGEIT, CISSP, etc isn't listed. And NO, the SSCP to me is not a technical cert. When I state "ones that count / relevant" I mean the ones you *truly* want to aim for as you WILL LEARN while getting them. Not to take anything away from say the C|EH, CHFI but it is what it is. I felt the certifications I listed would help you LEARN something as opposed to dumping a billion tools on your lap and telling you "hey this is a security tool, learn this tool's syntax and we will give you a shiny certificate!"

Your best bet regardless of any advice you see from me or anyone else is to determine something that you can enjoy while making money. I would hate to focus on Forensics only to have a job I hated doing e-Discovery 24x7x365. I know people that dread getting into the field. They work to dissect/analyze info, go to court, are stressed out as all hell. The money they make doesn't cover sanity, happiness.

Go over to Dice.com and check the markets for certs also. Search for the certification itself to see its demand and WHO is asking for that particular cert. That is a good baseline as is e.g:

http://www.payscale.com/research/US/Cer ... %29/Salary
http://www.payscale.com/research/US/Cer ... %29/Salary
http://www.payscale.com/research/US/Cer ... %29/Salary
http://www.payscale.com/research/US/Cer ... %29/Salary
http://www.indeed.com/salary/q-Forensic ... k,-NY.html
http://www.indeed.com/salary?q1=GREM&l1=New+York%2C+NY
Last edited by Dark_Knight on Tue Jun 12, 2012 11:30 am, edited 1 time in total.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

kriss332

Newbie
Newbie

Posts: 5

Joined: Sun May 27, 2012 2:09 am

Post Tue Jun 12, 2012 12:37 pm

Re: need advice: which cert to go for

Thanks a tonns DARK_KNIGT. U gave a heavenly direction. Thanks alot. One more question, if u have time.
    Is pentesting or hacking skill mandatory for gorensics and if yes, then upto what level? I love to learn pentesting skills but  I have a dream to go for forensics only. What would u suggest? Is forensics considered next step of pentesting/hacking or is it parallel on knowledge grounds?
  Thanks...
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Jun 12, 2012 1:42 pm

Re: need advice: which cert to go for

kriss332 wrote:Thanks a tonns DARK_KNIGT. U gave a heavenly direction. Thanks alot. One more question, if u have time.
    Is pentesting or hacking skill mandatory for gorensics and if yes, then upto what level? I love to learn pentesting skills but  I have a dream to go for forensics only. What would u suggest? Is forensics considered next step of pentesting/hacking or is it parallel on knowledge grounds?
   Thanks...

I wouldn't say pentesting is mandatory to get into forensics. The two are separate disciplines. What I will say though is that as a penester with forensics skills with no doubt set himself apart from the rest.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

kriss332

Newbie
Newbie

Posts: 5

Joined: Sun May 27, 2012 2:09 am

Post Tue Jun 12, 2012 9:40 pm

Re: need advice: which cert to go for

thanks a tonns DARK_KNIGHT. thanks alot. U really gave a very helpful advice. Thanks again.

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software