The Dilemma

TerabyteTerabyte Member Posts: 15 ■□□□□□□□□□
So I'm 20 years old working on the service desk, achieved a good bit of certifications wanting to do security / penetration tester. Also finishing my bachelor's in cyber security next September, currently have an associates in it. I have worked hard for my CCNA / ccna security. But the problem is i can't see myself working with routers / switches for years and years but what I can see myself doing is working with Linux with security related roles. Doing hacking so to speak. My question is do I just continue Cisco doing the CCNP or do I go the Linux route? I also feel like it would be hard to find Linux related jobs with no real world experience.

Comments

  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    You're in a somewhat similar situation as myself. I also started working at the service desk, did my CCNA and other certs while there. Then I moved on to a sysadmin role, working with Linux and other systems and now I'm pursuing a pentester job. I had an interview in January but both the boss over there and myself knew I wasn't ready yet so I'm starting the OSCP course next month so hopefully that'll help me.

    I also think it wouldn't be too easy getting a Linux related job without real world experience. Maybe someone somewhere will give you that chance though!
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    If Linux is what you're interested in, start studying Linux. Getting something like Linux+ could be sufficient to getting yourself into a Jr Linux Admin role, if you actually learn the concepts and are able to prove yourself in an interview.
  • kohr-ahkohr-ah Member Posts: 1,277
    It is hard finding Networking jobs with no real world experience so it all works out :)

    Go the Linux route. There is no reason to do your CCNP if you have no interest in doing networking. You are going to need to understand networking in depth if you want to be a white/grey hat but you dont need to get certified in it right now. I'd start going Linux+ -> RHCSA -> RHSE route if I was you and keep at the security certifications as well.

    You are going to need to understand Windows OS systems inside and out as well to learn how to exploit them but same thing. No need to get MCSA
  • TerabyteTerabyte Member Posts: 15 ■□□□□□□□□□
    Thank you for the replies everyone. Also I enjoy networking also but my true passion is cyber security in the sense. But im scared if I jump over to Linux my CCNA training will be sort of a waste in a sense. And for Linux I would have a hard time getting a job kinda like networking right now.
  • OctalDumpOctalDump Member Posts: 1,722
    So, if you put this in red team/blue team perspective, a role in networking or system administration might lead quite natural into network defence and blue team type things. This might then lead to the red team, pentesting type things. You could also short cut this process and go more directly to pen testing.

    If you go the network defence route with Cisco, then CCNP R+S and CCNP Security are likely the path to take. That would probably be a couple of years at least in networking, probably closer to 5. But you'll have a pretty solid grasp on securing your typical enterprise network. As part of this, you'll likely get exposed to lots of the knowledge that a Pen Tester would be expected to have - attack types, vulnerability scanning, how networks operate, common network applications etc etc.

    If you go down the sys admin path with Linux before getting to Pen Testing, then probably the only really useful thing in the CCNP would be layer 3 switching, which you could learn in a couple of hours. The thing there would be quite similar, but you'd be focussed on Linux network applications and Linux optimisation, hardening, deployment, monitoring and management. You'd get a deeper understanding of how Linux network applications work, how Linux works, how it is secured etc. This is particularly useful for Linux and web focussed pen testing.

    To go down that path, Linux+ is ok, but not the most practical of certifications since it tries to cover the breadth of Linux. The certs from Linux Foundation and Red Hat are probably more worthwhile. I think initially you want to get comfortable with Linux, so just download a distro or three and get a feel for them. Installation, set up some common services (Apache, MySQL), create users, play with permissions, write a simple script, find out where stuff is (/etc /bin /root etc)

    The next step would be studying more methodically for an exam. RHCSA or LFCS. From there you can either go deeper into the system admin side with the Certified Engineer qualifications, or start exploring the pen tester side. Kali linux is a great thing to explore here, regardless of which direction you take. If you are in the System Admin world, then you'll likely need to learn a whole bunch of tools for administering machines, and not all of those tools are necessarily relevant to pen testing.

    The long and short of it is, that although going deeper with Cisco or Linux will give you some good background for Pen testing, a lot will also be irrelevant.

    So, the shorter path is to get familiar enough with Linux that you can set up common services, write scripts, install and update etc, and then jump deep into Kali and learn those tools. This would give you more than enough background to attack the CEH, and start on OSCP.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • TerabyteTerabyte Member Posts: 15 ■□□□□□□□□□
    @Octal Thank you for that great reply! My biggest concern is getting the next job, I feel like I can start studying Linux / ethical hacking but how will I use that in the next role only having technical support and a help desk job.

    Thanks once again
  • OctalDumpOctalDump Member Posts: 1,722
    I think it might be a challenge finding a role to transition through. My experience is that smaller organisations are more flexible and give you broader experience, but tend to care less about security. Larger organisations tend to take security more seriously but tend to have specialised silos.

    I have two thoughts, one is to look for a SOC role which is likely the easiest transition from your networking background, and the other is to call around your local Pen Test companies and see what skills they want in a new hire. It's possible that a company specialising in Pen Testing will be flexible about experience if you can demonstrate the skills they are after. Capture the Flag events seem to be a popular 'benchmark' for aspiring Pen Testing.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • TerabyteTerabyte Member Posts: 15 ■□□□□□□□□□
    @Octal I think that's a great idea, I really want to get into a security role then start focusing on Linux / penetration testing. Think that would be the perfect opportunity to learn about how to works and how to break it. But the problem is finding the job, but I think calling the company's is great idea also. Thanks for the input. Also from your first post, where you saying to down a system admin role?
Sign In or Register to comment.