Path to security

HatakuHataku ■□□□□□□□□□ Posts: 2Registered Users ■□□□□□□□□□
Hello all!

I've been working on a help desk for around 2.5 years and am now wanting to specialist more in IT security/net pen. I've been acquiring skills to help with this, e.g I've spent quite a bit of time using Kali and playing around in my own test labs.

I've also got a solid 3 years of programming experience with a wide range of technologies(C#,C++, Java, PHP) which apparently helps when trying to create bash scripts.

I don't have a degree as I had to drop out in my 2nd year(Personal reasons) so finding an entry level job in security with no relevant experience is quite hard.

So what I came here for was for advice on certifications. I've looked around quite a lot and the route I'm currently thinking of taking is as follows:

1) Comptia Security+ (To confirm I know the fundamentals of security)
2) OSCP (For more practical knowledge and hands on experience)
3) CEH (To get past HR)

And then I'll hopefully get a security job! What do you guys think?


  • Danielm7Danielm7 ■■■■■■■■□□ Posts: 2,262Member ■■■■■■■■□□
    Security job is pretty broad, if you want to be a pen tester specifically that's a good plan. Depending on the company the CEH might be pointless, but some HR people eat it up as you mentioned. Like all other IT jobs, some places will have a hard requirement for a degree, some won't care The security field seems much more set on just knowing how to do what you need to do, and if you can pass the OSCP you should be able to find a position, even in a jr role. Networking is big, and I mean people networking (although the IT kind is really important too), look for local security groups, cons, meetups, etc, anyone you can meet in the field can be another step towards getting a job. You never know, you might find someone who likes you and gets you in a jr analyst role right now, it's all about who you know.

    If you're not looking to be a pen tester, then the advice will vary.
  • HatakuHataku ■□□□□□□□□□ Posts: 2Registered Users ■□□□□□□□□□
    Thanks for the reply,

    I've have a decent amount of knowledge when it comes to networking(Computer wise) I've passed the first half of my CCNA(ICND1). The reason I didn't do both at once was because only the first part is necessary for the CCNA security cert. I was going to finish this instead of the security+ but the CCNA focuses too much on vendor specific issues.

    I've always wanted to get into pen tester but even if I change to a more analystic role or sys admin, I think the pen testing knowledge would come in handy. It gives you a different perspective when it comes to securing your own systems and a different mind set.

    Is the OSCP the only practical exam for security? Is there any infrastructure exams out there that make use of hands on knowledge through out the exam? I'm not too keen on multiple choice exams.
Sign In or Register to comment.