TechGuru80 wrote: » For a small/medium size business, you are going to have to know more than just infosec. More than likely you will need to know a little about everything because generally either consulting or large enterprises have pure infosec teams. Do you have Network+? I probably would pickup either a OS (MCSA / Linux) or Networkig cert (CCNA). I don't think Sec+ then straight to CEH would provide you with enough knowledge...you need that background knowledge.
636-555-3226 wrote: » If it helps any:http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html
supasecuritybro wrote: » It sounds like you are willing to receive input on the next step. A computing environment is best as mentioned. I would go into Linux personally. Whether a Linux + or RedHat its not a waste. The best thing to do is build the foundation nice and solid to grow from there. If the end state is pentesting... you have a long road. Between experience in the field as sysadmin or net admin to truly get your axe nice and sharp before you go into trying to go into that. I know no one wants to hear about the part where you have to build the base but if you don't you will be forced through it and not even know where to start. For example, to know why you need to use a certain exploit on a machine based on a vulnerability, you need to know why it is a problem and how it will circumvent the security on the OS so you can do what you want. Set your roadmap with the end in mind. If you want the OSCP, build up to it. Go into the OSs this year, next year really grow in networking, then the year after start getting those offensive security things out the park. In my organization, I hear a lot of the Help Desk guys wanting to get their certs so they can come to security but they are not skilled at handling a workstation problem without just reimaging it. They do not understand the nature of workstations in the domain, nor have exposure to servers/network stacks and expect to get a CEH and come into the security response team because they have a cert. I will say from personal experience, I walking into an interview for a vulnerability assessment team and they handed my a$$ to me in that interview because I wasn't well versed in computing environments and they were kind enough to encourage me to grow before trying to put myself out there again. I appreciated that and now I have built the roadmap (not only about certs) but of what I need to get my hands on to grow in knowledge and apply it to make it into wisdom. Good luck!
eth0 wrote: » if you want work for small/medium companies you probably almost don't need anything to be honest . I worked with man who don't know that 192.168.* is LAN and they work as pentesters for banks, also PoC for clickjacking for him is phishing etc. Really, you don't need very care, just learn and learn what you like and you will be very good tech skilled person. I work only few years and around 1y in each infosec job, because of this I have wide experience and almost there is no competition in job, funny but real. Most people don't care about IT, they just work there and that is all. In infosec most people are just noobs, if this will be your real hobby then for sure few years and you will work for some well known companies. My advice is just don't care about others what they think and say, when people irritate me then I quit job. When I can't learn anything new (80/20 rule!) then I look for another job. Maybe my CV because of this don't look great (1-1.5y and job changed) but my experience, projects, certificates etc are much more that this. Today after less that 5y of professional (have less that 30y) work I am specialized in both red and blue team with achievements (i.a. job in higher tech positions). If you want be good, just don't look on others, keep own rules because most of people and your collaborators are just noobs even when they have 20y experience because of sitting opposite PC . Good luck!
NetworkNewb wrote: » Good post eth0! I think it is crazy how many people in IT don't actually care to learn more. People who are on these forums, looking for ways to improve, are definitely in the minority from my experience.
detroitwillfall wrote: » I'm just eager to learn, hungry and think the way the world is its ever increasingly important. Can never know "enough"
eth0 wrote: » thanks, this is just real life, people as we are - who take care about carrer and want have certificates is almost noone, there is sometimes few people who say like this but most of them don't do anything, only talk about that most important is to do this long time - you can't be hacker in 3 years. I started when was 13y old with hacker wannabe and that was reason why people look at me in short time as some kind of expert, because I got real practical knowledge how it all work. I am also not very nerd, have girl friend and normal life because most time I don't spend around PC. Most important as above is long time interest about infosec, not to spend whole life researching something. Remember also that you don't need best, you need only be better that avg people and will never have problem with job. You don't need work for Google/Facebook, you can work for well known banks and same way it will be very prestige. For example I am not good with math and programming, so I started with PHP (stupid and easy language ), today I know few script languages and can do a lot helpful tools (i.a. in pentester job). Some of my friends started with C and today they still don't know almost nothing about programming and doing tools. As above, just don't look on others, think your self and don't care . Of course I also know people who started with C and are better but they are good in math etc, so you know as above, you don't need best, there is a lot job positions and best people is very small group so you don't need really care about them. Also please remember when your first language is English then you are always on better position that for example me as you see with my very high language skills ... you can easy found job in half of world. Travel and work is my dream to be honest...
