Networking for Information Security/Penetration Testing
LonVenu
Member Posts: 44 ■■□□□□□□□□
Hello TechExams' amazing community, this is my first post ever on the internet, so kindly excuse my faults. And I apologize for the long post in advance, but I really need your help, as my whole future depends on your help, and this important post.
I am interested in Information Security, in fact, I have a strong passion in it, and that's why I chose IT Security over Medicine, Passion over Money/Prestigious. So I decided to make it my job field.
I am enrolled in a Computer science program in a university, 1 month and 12 days left for it to start. I plan to have a master degree in CyberSecurity/IT Security if it's worth it. I have prior experience in hacking some machines, but nothing major, I was just a script kiddie unfortunately.
And as I want to be a professional hacker/penetration tester, I am building the right strong skillset, including programming, networking, operation systems...before I start hacking any machine, or studying any security related degree/certification.
I reached the part of my plan where I learn networking, my plan was like this: Network+ > CCENT > CCNA R&S. I was planning to study them now, and take the exams in my last university year. The main reason I wanted to have those certification (or the CCNA R&S) in my resume is to approve that I understand networking.
So, I got the "CompTIA Network+ All-In-One Exam Guide, Sixth Edition(Exam N10-006)" Mike Meyer's book, and got shocked by how much information is need to be memorized in order to pass the exam, and understanding that information (which is the only needed in the real world field) isn't enough to. And, this is just the basic network+ cert., so the CCNA R&S has much more to memorize (probably 1000+ pages). Also, all that memorization is not needed in the security/hacking field, I just need to understand TCP/IP, know how to pivot, understand wireshark, understand how firewalls work..I don't need to know how to configure 100+ switches with 30+ firewalls, and some load balancers, that is the networking man job. I understand that to hack a network protected using a firewall, and an IPS for example, i need to understand both of them in order to hack it, and that's what I am gonna do, I want to understand and memorize what's needed for hacking, but not 4000+ pages of networking at least. And i am gonna deploy that practically in labs. I am gonna configure switches, routers, firewalls, IPS & IDS.., but I am not gonna memorize tons of things, just to pass a certification, that I am not gonna use, neither in the job, nor in my own hacking journey.
Then, I kept thinking, is studying them using "books maybe + cybrary + labs -packet tracer, virtual networks using vmware workstation-" enough to fill this gap ? I checked indeed.com to see some job posts, and what they require, and no one required having those certifications, just a few required understanding TCP/IP.
This same thing applies to Microsoft, and Red Hat, I planned to get some of their certifications, to approve that I understand Windows and Linux, but i think there is no need anymore. I can self-study them without getting a certification, for my knowledge base only, and focus on the security certifications, so I can now achieve the CEH (just to pass the HR), OSCP, maybe elearnsecurity (their courses are good, but their certifications are not well known unfortunately, so I don't know if it will help me getting a good job), and much more.
And I thought, doesn't achieving OSCP approve that I understand the needed knowledge to do a penetration test ? Such as TCP/IP understanding, wireshark, linux, windows, scripting...as this knowledge is required to pass it! So, I can approve it to the employer this way.
So now, I can achieve some important security certifications within my bachelor years, then I can join a master security degree if it's worth it (in USA or EUROPE) OR I will get a good security-related job immediately after graduation (I don't study in USA or Europe currently, but I would like to work there, as the people there appreciate Information Security much more than here), and then, I will start harvesting SANS certifications -i wish i can afford them on my own now-, and after some years, I will get the CISSP, and maybe then I can work as a CISO! Which is my goal, to be a CISO (As I know, it's the most paying and prestigious job in this field).
In the same time, I will study security books as much as I can, I will build my own lab, I will use vulnerable machines such as the vulnhub's ones, i will use ctf365.com, I will stay up to date with security news and vulnerabilities, I will donate to penetration test local companies, i will attend CTFs, conferences, and bug bounty programs, I MAY make a blog, and I will do my best to fill up my resume (I will make a seperate post to gather as much as possible on what things can help my resume).
You may ask, why did I post this if I already made my decision ? I didn't. I am still worried what is the right thing to do, that's why I need your help. I don't know what is better. I don't know if my path will work or not.
I apologize for the long post. I hope you answer my following questions, and I appreciate any additional advice and suggestions. I hope you correct and direct me to the right path. My whole future depends on your help.
1. Can I get a security-related job immediately after graduation (I mean my first job is security-related one) with a CS BA degree, CEH cert., OSCP cert., and the self-study stuff that can be put on the resume (such as: books, online courses, achievements, donations, a blog, CTFs, conferences, bug bountry programs...) ?
2. Is my plan/path realistic ?
3. Can the CISO level be achieved this path ? (I think I need a management/Business certification to be a CISO)
4. Additional notes, advice, and suggestions are appreciated.
Thanks in advance.
-LonVenu | TechExams
I am interested in Information Security, in fact, I have a strong passion in it, and that's why I chose IT Security over Medicine, Passion over Money/Prestigious. So I decided to make it my job field.
I am enrolled in a Computer science program in a university, 1 month and 12 days left for it to start. I plan to have a master degree in CyberSecurity/IT Security if it's worth it. I have prior experience in hacking some machines, but nothing major, I was just a script kiddie unfortunately.
And as I want to be a professional hacker/penetration tester, I am building the right strong skillset, including programming, networking, operation systems...before I start hacking any machine, or studying any security related degree/certification.
I reached the part of my plan where I learn networking, my plan was like this: Network+ > CCENT > CCNA R&S. I was planning to study them now, and take the exams in my last university year. The main reason I wanted to have those certification (or the CCNA R&S) in my resume is to approve that I understand networking.
So, I got the "CompTIA Network+ All-In-One Exam Guide, Sixth Edition(Exam N10-006)" Mike Meyer's book, and got shocked by how much information is need to be memorized in order to pass the exam, and understanding that information (which is the only needed in the real world field) isn't enough to. And, this is just the basic network+ cert., so the CCNA R&S has much more to memorize (probably 1000+ pages). Also, all that memorization is not needed in the security/hacking field, I just need to understand TCP/IP, know how to pivot, understand wireshark, understand how firewalls work..I don't need to know how to configure 100+ switches with 30+ firewalls, and some load balancers, that is the networking man job. I understand that to hack a network protected using a firewall, and an IPS for example, i need to understand both of them in order to hack it, and that's what I am gonna do, I want to understand and memorize what's needed for hacking, but not 4000+ pages of networking at least. And i am gonna deploy that practically in labs. I am gonna configure switches, routers, firewalls, IPS & IDS.., but I am not gonna memorize tons of things, just to pass a certification, that I am not gonna use, neither in the job, nor in my own hacking journey.
Then, I kept thinking, is studying them using "books maybe + cybrary + labs -packet tracer, virtual networks using vmware workstation-" enough to fill this gap ? I checked indeed.com to see some job posts, and what they require, and no one required having those certifications, just a few required understanding TCP/IP.
This same thing applies to Microsoft, and Red Hat, I planned to get some of their certifications, to approve that I understand Windows and Linux, but i think there is no need anymore. I can self-study them without getting a certification, for my knowledge base only, and focus on the security certifications, so I can now achieve the CEH (just to pass the HR), OSCP, maybe elearnsecurity (their courses are good, but their certifications are not well known unfortunately, so I don't know if it will help me getting a good job), and much more.
And I thought, doesn't achieving OSCP approve that I understand the needed knowledge to do a penetration test ? Such as TCP/IP understanding, wireshark, linux, windows, scripting...as this knowledge is required to pass it! So, I can approve it to the employer this way.
So now, I can achieve some important security certifications within my bachelor years, then I can join a master security degree if it's worth it (in USA or EUROPE) OR I will get a good security-related job immediately after graduation (I don't study in USA or Europe currently, but I would like to work there, as the people there appreciate Information Security much more than here), and then, I will start harvesting SANS certifications -i wish i can afford them on my own now-, and after some years, I will get the CISSP, and maybe then I can work as a CISO! Which is my goal, to be a CISO (As I know, it's the most paying and prestigious job in this field).
In the same time, I will study security books as much as I can, I will build my own lab, I will use vulnerable machines such as the vulnhub's ones, i will use ctf365.com, I will stay up to date with security news and vulnerabilities, I will donate to penetration test local companies, i will attend CTFs, conferences, and bug bounty programs, I MAY make a blog, and I will do my best to fill up my resume (I will make a seperate post to gather as much as possible on what things can help my resume).
You may ask, why did I post this if I already made my decision ? I didn't. I am still worried what is the right thing to do, that's why I need your help. I don't know what is better. I don't know if my path will work or not.
I apologize for the long post. I hope you answer my following questions, and I appreciate any additional advice and suggestions. I hope you correct and direct me to the right path. My whole future depends on your help.
1. Can I get a security-related job immediately after graduation (I mean my first job is security-related one) with a CS BA degree, CEH cert., OSCP cert., and the self-study stuff that can be put on the resume (such as: books, online courses, achievements, donations, a blog, CTFs, conferences, bug bountry programs...) ?
2. Is my plan/path realistic ?
3. Can the CISO level be achieved this path ? (I think I need a management/Business certification to be a CISO)
4. Additional notes, advice, and suggestions are appreciated.
Thanks in advance.
-LonVenu | TechExams
Comments
-
MeanDrunkR2D2 Member Posts: 899 ■■■■■□□□□□I'll answer what I know for sure. Number 1 is highly unlikely. Security isn't a graduate and start in that field. You need to be experienced in IT to truly understand how it all works. Yes you can start on that path but it won't be the hacking and pen test route. Script kiddies are quickly outed and fail in those roles. I'll write back later more bout the others as I have to tend to a screaming baby.
-
LonVenu Member Posts: 44 ■■□□□□□□□□MeanDrunkR2D2 wrote: »I'll answer what I know for sure. Number 1 is highly unlikely. Security isn't a graduate and start in that field. You need to be experienced in IT to truly understand how it all works. Yes you can start on that path but it won't be the hacking and pen test route. Script kiddies are quickly outed and fail in those roles. I'll write back later more bout the others as I have to tend to a screaming baby.
but I am not interested in working in any other IT field! Security is the field I am good at! and, I am not depend on the graduation only, I will study 18 hours a day till the graduation, I will do OS's, networking, programming, scripting, I will take security courses and certifications as much as i can. I will help companies, I will hack as much as I can, I will participate in CTFs, I will fill up my resume! Doesn't all that show the employers that i have a pure passion in security, and that I am ready to work 24/7 !? Doesn't achieving all that approve that I understand IT ? That I can skip the IT experience step !? what a WW.
I am looking forward for your information.
I am looking -
MeanDrunkR2D2 Member Posts: 899 ■■■■■□□□□□From what I was of your post is that you are more heading this direction for the money and not the passion of the role. To be a great pen tester you need to understand the many areas of IT to understand where the vulnerabilities lie and how to do more than a metasploit hack to breach a system. If you want to jump in and become a hacker that's just not going to happen immediately no matter how good of an education you get.
IT security is not an entry level role. And to the certifications you plan on taking. If you are going to take the CCNA in your last year the N+ is worthless for you. You also need to know that you will need to fulfill the experience requirements on these higher level certs as well.
Right now IT security is the current flavor of the month with people getting degrees that specialize in this track. By the time you graduate the field and sub speciality will be flooded by guys with similar degrees but will have some experience to jump ahead. Get a degree and a career path on what you love and don't chase the money. If your passion is something needed whether in IT or Medicine you'll be successful and the money will come to you.
Self studying what a book tells you about an OS will not make you a good or even passable pen tester. You need real world experience because you will never find an environment set up like a book will say they should be. You need to understand networks and the servers equally well. That just takes experience to get there.
Be prepared for a hard shot of reality when you graduate and can only get an entry level NOC or help desk position. It will be a shot to the guy to take a job that you may deem below your knowledge. But you need experience to get to where you need to be. -
LonVenu Member Posts: 44 ■■□□□□□□□□MeanDrunkR2D2 wrote: »From what I was of your post is that you are more heading this direction for the money and not the passion of the role. To be a great pen tester you need to understand the many areas of IT to understand where the vulnerabilities lie and how to do more than a metasploit hack to breach a system. If you want to jump in and become a hacker that's just not going to happen immediately no matter how good of an education you get.
IT security is not an entry level role. And to the certifications you plan on taking. If you are going to take the CCNA in your last year the N+ is worthless for you. You also need to know that you will need to fulfill the experience requirements on these higher level certs as well.
Right now IT security is the current flavor of the month with people getting degrees that specialize in this track. By the time you graduate the field and sub speciality will be flooded by guys with similar degrees but will have some experience to jump ahead. Get a degree and a career path on what you love and don't chase the money. If your passion is something needed whether in IT or Medicine you'll be successful and the money will come to you.
Self studying what a book tells you about an OS will not make you a good or even passable pen tester. You need real world experience because you will never find an environment set up like a book will say they should be. You need to understand networks and the servers equally well. That just takes experience to get there.
Be prepared for a hard shot of reality when you graduate and can only get an entry level NOC or help desk position. It will be a shot to the guy to take a job that you may deem below your knowledge. But you need experience to get to where you need to be.
Have you read my post carefully ? I left medicine, which floods physicians with money, to join IT Security, because my passion is in penetration testing.
I know that penetration testing isn't only using metasploit, I read a lot of OSCP journys and reviews, and that's why I am studying linux, scripting, and networking.
and, as I said in the post, I was planning to get CCNA, but then I changed my mind, as it is useless for a penetration tester. "Self studying what a book tells you about an OS will not make you a good or even passable pen tester. You need real world experience bec.." That's 100% true if I was the guy who is administrating an OS, or a network. But I am the guy who breaks into it. For example, I need to understand CMD and powershell, in order to post exploit after getting a shell into a windows machine, I need to understand groups, and stuff like that, not how to configure a full network of windows servers, that's why I think getting a microsoft certification is useless for me! And some books demonstrate real world examples, and to gain real world experience, I will join CTFs for example, I will use vulnerable machines, I will exploit real world vulnerable apps, like Adobe Reader...
That's right, but someone with passion, is completely different from someone without passion. Can't I get a junior penetration testing job with a computer science BSC, cyberSecurity MSC, CEH cert., and OSCP !? -
markulous Member Posts: 2,394 ■■■■■■■■□□If I'm understanding you correctly you're just wanting to hop into Infosec and don't think it's necessary to be a windows server and/or network admin. I'll definitely disagree with that. You have to have a good understanding of what you're attacking or defending.
Network+ is pretty basic too. Don't try to take shortcuts. Get a good base knowledge first then build on that -
LonVenu Member Posts: 44 ■■□□□□□□□□If I'm understanding you correctly you're just wanting to hop into Infosec and don't think it's necessary to be a windows server and/or network admin. I'll definitely disagree with that. You have to have a good understanding of what you're attacking or defending.
Network+ is pretty basic too. Don't try to take shortcuts. Get a good base knowledge first then build on that
What I am says is, I want to be a networking guy, I want to be windows server admin guy, but for my own knowledge only, I will study them, but I won;t get a certificate, instead, I will spend the money on security certifications, which is my favorite field, will i be able to get a job in security this way ? -
636-555-3226 Member Posts: 975 ■■■■■□□□□□1. Can I get a security-related job immediately after graduation (I mean my first job is security-related one) with a CS BA degree, CEH cert., OSCP cert., and the self-study stuff that can be put on the resume (such as: books, online courses, achievements, donations, a blog, CTFs, conferences, bug bountry programs...) ?
2. Is my plan/path realistic ?
3. Can the CISO level be achieved this path ? (I think I need a management/Business certification to be a CISO)
4. Additional notes, advice, and suggestions are appreciated.
1 - Sure, employers are snapping people even without experience since there's a demand for, say, 100 jobs but only 20 qualified applicants and 50 people who want to get in on security. Still leaves a hole of 30 unfilled spots, but 50 spots have people who are at least interested in security if not really qualified. And who says you don't get paid much in infosec? Mgr roles in my area go unfilled for 130k, that's decent.
2 - You need to be experienced in all things IT to be a successful pentester (and also infosec in general). It's great if you want to be a hacker and end up spending some time in jail, but if you want to be a pentester you need to know this stuff, man. If i hire you to pentest my company and you give me a report that says we allow source routing, that's not going to cut it. I'm going to say, what the heck is source routing, and how do I prevent it. You turned on volume shadow-what to pull off my AD credentials? What's that mean? Can I safely uninstall that? You need to know what those things mean and how to defend against it on at least a 101/201 level.
3 - I prefer to see a CISO with infosec experience (not all do). Business experience is better, but I like for my boss to know what I'm talking about and be able to relate to the challenge.
4 - Start small. Network+ & Security+ to start. I'll also self-promote my thread at http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html -
LonVenu Member Posts: 44 ■■□□□□□□□□636-555-3226 wrote: »1 - Sure, employers are snapping people even without experience since there's a demand for, say, 100 jobs but only 20 qualified applicants and 50 people who want to get in on security. Still leaves a hole of 30 unfilled spots, but 50 spots have people who are at least interested in security if not really qualified. And who says you don't get paid much in infosec? Mgr roles in my area go unfilled for 130k, that's decent.
2 - You need to be experienced in all things IT to be a successful pentester (and also infosec in general). It's great if you want to be a hacker and end up spending some time in jail, but if you want to be a pentester you need to know this stuff, man. If i hire you to pentest my company and you give me a report that says we allow source routing, that's not going to cut it. I'm going to say, what the heck is source routing, and how do I prevent it. You turned on volume shadow-what to pull off my AD credentials? What's that mean? Can I safely uninstall that? You need to know what those things mean and how to defend against it on at least a 101/201 level.
3 - I prefer to see a CISO with infosec experience (not all do). Business experience is better, but I like for my boss to know what I'm talking about and be able to relate to the challenge.
4 - Start small. Network+ & Security+ to start. I'll also self-promote my thread at http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html
Thanks very much! You raised my spirits, and relieved me!
I understand that I need to understand every field in IT in order to become a successful penetration tester, for example, I need to understand operating systems, networking.., for example, to understand networking, I will study CCNA R&S (I have free materials), but I won't get the certification, so, I then can understand networking, but without a cert., and then I can put my money on a security certification instead, or security labs, or a security conference... . Can I get a job this way ? By checking Indeed.com , I searched for penetration testing jobs, no one listed CCNA or other networking certifiction, only some listed "understanding TCP/IP" as a requirement, so i need help !! -
Danielm7 Member Posts: 2,310 ■■■■■■■■□□It isn't that you can't get a security role without experience first, it's just more difficult. If you're familiar with it now, going to school, and plan on being done the OSCP as well, I don't see why you couldn't get a pen testing role. Just be willing to take a Jr level role to get your foot in the door. The typical people who post here who want to go straight into security many times don't have a degree, OSCP, etc, just want to jump in.
-
wrfortiscue Member Posts: 62 ■■□□□□□□□□lol... you dont get jobs right out the bat like that. I went and got my bachelor's in security and like 10 certs and im still in helpdesk. I am however trying to move up to a system analyst job or even junior security within the company. It's all about getting your feet wet and gaining exp. It takes patience.
I remember being younger and thinking I would have this 80k job straight after I graduate lol. -
LonVenu Member Posts: 44 ■■□□□□□□□□It isn't that you can't get a security role without experience first, it's just more difficult. If you're familiar with it now, going to school, and plan on being done the OSCP as well, I don't see why you couldn't get a pen testing role. Just be willing to take a Jr level role to get your foot in the door. The typical people who post here who want to go straight into security many times don't have a degree, OSCP, etc, just want to jump in.
Thank you!! You are relieving me guys! I was really stressed!! -
LonVenu Member Posts: 44 ■■□□□□□□□□wrfortiscue wrote: »lol... you dont get jobs right out the bat like that. I went and got my bachelor's in security and like 10 certs and im still in helpdesk. I am however trying to move up to a system analyst job or even junior security within the company. It's all about getting your feet wet and gaining exp. It takes patience.
I remember being younger and thinking I would have this 80k job straight after I graduate lol.
What certs do you have ? and isnt helpdesk for a+ guys ? or a+, network+ ones !? But you have a full degree with certs...!! -
markulous Member Posts: 2,394 ■■■■■■■■□□I have had a full degree with certs for a year now and it wasn't until a month ago I was able to get a job that had infosec duties in it. I've got slightly over 2.5 years IT experience, so it takes a minute to get there. Even now though I'm not 100% security. I still do systems admin and networking and other stuff. It takes time but you work hard and want it bad enough you'll get there.
-
wrfortiscue Member Posts: 62 ■■□□□□□□□□What certs do you have ? and isnt helpdesk for a+ guys ? or a+, network+ ones !? But you have a full degree with certs...!!
comptia security +, A+, CCNA, CCNA security, comptia linux +, project +, some CIW ones... helpdesk is entry level, and I am not happy I am still here lol. I am willing to work from the ground up, but I am kind of like you trying to figure out what I am going to do. -
Danielm7 Member Posts: 2,310 ■■■■■■■■□□wrfortiscue wrote: »lol... you dont get jobs right out the bat like that. I went and got my bachelor's in security and like 10 certs and im still in helpdesk. I am however trying to move up to a system analyst job or even junior security within the company. It's all about getting your feet wet and gaining exp. It takes patience.
I remember being younger and thinking I would have this 80k job straight after I graduate lol.
The money depends on the company and location, but you can't 100% say it's impossible to get a job like that, a number of us have hired people like that. I interviewed a bunch of people that only had internships and college for a jr security role, we ended up hiring internally in the end, but there were a few people who I would have had no problem bringing on a Jr role as long as they knew their stuff. Many of them didn't remember anything from school, no passion, etc, if someone came in and was able to confidently talk about everything they had on their resume and had certs I'd give them an interview at the very least. -
wrfortiscue Member Posts: 62 ■■□□□□□□□□The money depends on the company and location, but you can't 100% say it's impossible to get a job like that, a number of us have hired people like that. I interviewed a bunch of people that only had internships and college for a jr security role, we ended up hiring internally in the end, but there were a few people who I would have had no problem bringing on a Jr role as long as they knew their stuff. Many of them didn't remember anything from school, no passion, etc, if someone came in and was able to confidently talk about everything they had on their resume and had certs I'd give them an interview at the very least.
This is true. It is however more difficult... -
LonVenu Member Posts: 44 ■■□□□□□□□□What if i get a master degree in cybersecurity ? will it make it easier to get a job with no experience ? (Or I can work as any computer science guy for the master years "2 years", then I will have 2 experience years)
By the way, I have 5 years of repairing/technician experience, 3 years working in a repairing local service (shop), and 2 years working on my own alone, as a business. I don't know if i count that, can I ? -
LonVenu Member Posts: 44 ■■□□□□□□□□
-
MeanDrunkR2D2 Member Posts: 899 ■■■■■□□□□□What certs do you have ? and isnt helpdesk for a+ guys ? or a+, network+ ones !? But you have a full degree with certs...!!
I had a BS in CIS and graduated with honors. I had no certs at the time, but I had delusions that I'd graduate and have employers fighting to pay me 65k+ in a sys admin role with absolutely no IT experience, especially in that position. My first job in IT was half of that and was in helpdesk. I did that for 6 months before I grew into a non help desk/call center role. That was the first shot to the gut for me. It's not easy to just jump into a higher level role straight out of college (unless you graduate from a Harvard/MIT/etc) as you will be competing with guys who also have the same degree, but they have experience.
I sit next to a large group of infosec guys and talk to them daily. They got their first break in Infosec after working for 5 years in various roles (network/sys admin/help desk) and grew to understand what the exploits were. No book will ever have current and accurate information on how to penetrate those systems as they change almost daily depending on the exploit. Now, for you to get into that role and path you will need to take a different approach. While the masters will be nice, it's not necessary. I would get the CCNA R&S cert when you get close to graduation and look for a jr network/NOC type of role. A good foundation working on a network team will help you understand best practices and why you set up your firewalls/routers/etc the way you do and should. Also, jr pentest roles are hard to get. Very hard. There is a TON of competition for those roles and there will also be many with IT experience.
Good luck! Hopefully you can get a few breaks along the way, but be prepared to swallow your pride and take a role that you weren't expecting to take today. -
MeanDrunkR2D2 Member Posts: 899 ■■■■■□□□□□What if i get a master degree in cybersecurity ? will it make it easier to get a job with no experience ? (Or I can work as any computer science guy for the master years "2 years", then I will have 2 experience years)
By the way, I have 5 years of repairing/technician experience, 3 years working in a repairing local service (shop), and 2 years working on my own alone, as a business. I don't know if i count that, can I ?
Personally a CS degree will take you much further career wise than a specialty degree in cyber security. -
wrfortiscue Member Posts: 62 ■■□□□□□□□□What if i get a master degree in cybersecurity ? will it make it easier to get a job with no experience ? (Or I can work as any computer science guy for the master years "2 years", then I will have 2 experience years)
By the way, I have 5 years of repairing/technician experience, 3 years working in a repairing local service (shop), and 2 years working on my own alone, as a business. I don't know if i count that, can I ?
get your foot in the door somehow. Junior role, helpdesk whatever. -
LonVenu Member Posts: 44 ■■□□□□□□□□MeanDrunkR2D2 wrote: »I had a BS in CIS and graduated with honors. I had no certs at the time, but I had delusions that I'd graduate and have employers fighting to pay me 65k+ in a sys admin role with absolutely no IT experience, especially in that position. My first job in IT was half of that and was in helpdesk. I did that for 6 months before I grew into a non help desk/call center role. That was the first shot to the gut for me. It's not easy to just jump into a higher level role straight out of college (unless you graduate from a Harvard/MIT/etc) as you will be competing with guys who also have the same degree, but they have experience.
I sit next to a large group of infosec guys and talk to them daily. They got their first break in Infosec after working for 5 years in various roles (network/sys admin/help desk) and grew to understand what the exploits were. No book will ever have current and accurate information on how to penetrate those systems as they change almost daily depending on the exploit. Now, for you to get into that role and path you will need to take a different approach. While the masters will be nice, it's not necessary. I would get the CCNA R&S cert when you get close to graduation and look for a jr network/NOC type of role. A good foundation working on a network team will help you understand best practices and why you set up your firewalls/routers/etc the way you do and should. Also, jr pentest roles are hard to get. Very hard. There is a TON of competition for those roles and there will also be many with IT experience.
Good luck! Hopefully you can get a few breaks along the way, but be prepared to swallow your pride and take a role that you weren't expecting to take today.
Thank you. Things seem to be harder than I imagined..My imagination was from the perfect world, not the one we are living in
I also plan to graduate with honors, and get a full scholarship master program.
Should I get a microsoft certification too ?
I am taking Sighs now...I am just...shocked..i thought if i have passion, and if i am really good creative hacker, i will have an easy good job/life
Physicians at least work immediately after graduation, with a good salary -
wrfortiscue Member Posts: 62 ■■□□□□□□□□MeanDrunkR2D2 wrote: »Personally a CS degree will take you much further career wise than a specialty degree in cyber security.
yup, it sure will. -
LonVenu Member Posts: 44 ■■□□□□□□□□wrfortiscue wrote: »yup, it sure will.
Thanks. -
MeanDrunkR2D2 Member Posts: 899 ■■■■■□□□□□Thank you. Things seem to be harder than I imagined..My imagination was from the perfect world, not the one we are living in
I also plan to graduate with honors, and get a full scholarship master program.
Should I get a microsoft certification too ?
I am taking Sighs now...I am just...shocked..i thought if i have passion, and if i am really good creative hacker, i will have an easy good job/life
Physicians at least work immediately after graduation, with a good salary
You can be very successful and if your true enjoyment is in IT and you work hard and learn, you will get exactly where you want to be. I don't mean to be a buzz kill to you or anyone. I just don't want you to fall into the pit of getting a degree that may not mean much in 10 years and the field is saturated with employees. Right now there is a huge influx of people wanting to break into info sec either in pentesting or any of the other fields involved in it. You will have a hard time once you graduate and these folks have been working and gaining that experience. It's right now the new flavor of the month and when you graduate it will probably be cloud/virtualization/etc or something else that there is a huge need for.
Being a hacker is stupid though. Never consider yourself a hacker, that just screams Script Kiddie and they are NEVER taken seriously. If you want to make more money and be taken seriously get into programming, especially Android dev. It's easy to work up quickly once you have proven yourself to make 6 figures. It's a quicker path to making big bucks and you will be doing something great. It's not my thing to program, or hack. I don't want to hack. I want to stop those that hack, but that's it.
Stop thinking that you want to be a hacker, they are not pen testers. They are not good people. You can have a very good job and life working in IT and not being a hacker. Hackers are scum. And Hackers want an "easy life" which is why they hack. If you want to be successful you cannot go for the "easy route" to fortune. Be creative and create a program that is needed by society or a company. Something that you can build yourself and then if it's hugely popular you will make more than you ever imagined possible when you go to sell that program/concept.
As far as certs go, don't worry about them today. Focus on your education and pick a realistic path. Don't be a "hacker". -
wrfortiscue Member Posts: 62 ■■□□□□□□□□MeanDrunkR2D2 wrote: »You can be very successful and if your true enjoyment is in IT and you work hard and learn, you will get exactly where you want to be. I don't mean to be a buzz kill to you or anyone. I just don't want you to fall into the pit of getting a degree that may not mean much in 10 years and the field is saturated with employees. Right now there is a huge influx of people wanting to break into info sec either in pentesting or any of the other fields involved in it. You will have a hard time once you graduate and these folks have been working and gaining that experience. It's right now the new flavor of the month and when you graduate it will probably be cloud/virtualization/etc or something else that there is a huge need for.
Being a hacker is stupid though. Never consider yourself a hacker, that just screams Script Kiddie and they are NEVER taken seriously. If you want to make more money and be taken seriously get into programming, especially Android dev. It's easy to work up quickly once you have proven yourself to make 6 figures. It's a quicker path to making big bucks and you will be doing something great. It's not my thing to program, or hack. I don't want to hack. I want to stop those that hack, but that's it.
Stop thinking that you want to be a hacker, they are not pen testers. They are not good people. You can have a very good job and life working in IT and not being a hacker. Hackers are scum. And Hackers want an "easy life" which is why they hack. If you want to be successful you cannot go for the "easy route" to fortune. Be creative and create a program that is needed by society or a company. Something that you can build yourself and then if it's hugely popular you will make more than you ever imagined possible when you go to sell that program/concept.
As far as certs go, don't worry about them today. Focus on your education and pick a realistic path. Don't be a "hacker". -
MeanDrunkR2D2 Member Posts: 899 ■■■■■□□□□□wrfortiscue wrote: »Yup. Don't be discouraged OP. IT is a slap in the face but like others said you just have to work at it. I am not happy where I am at, discouraged but not giving up. Keep at it.
Same here.. Onward and upward and that's what my path has been. -
LonVenu Member Posts: 44 ■■□□□□□□□□MeanDrunkR2D2 wrote: »You can be very successful and if your true enjoyment is in IT and you work hard and learn, you will get exactly where you want to be. I don't mean to be a buzz kill to you or anyone. I just don't want you to fall into the pit of getting a degree that may not mean much in 10 years and the field is saturated with employees. Right now there is a huge influx of people wanting to break into info sec either in pentesting or any of the other fields involved in it. You will have a hard time once you graduate and these folks have been working and gaining that experience. It's right now the new flavor of the month and when you graduate it will probably be cloud/virtualization/etc or something else that there is a huge need for.
Being a hacker is stupid though. Never consider yourself a hacker, that just screams Script Kiddie and they are NEVER taken seriously. If you want to make more money and be taken seriously get into programming, especially Android dev. It's easy to work up quickly once you have proven yourself to make 6 figures. It's a quicker path to making big bucks and you will be doing something great. It's not my thing to program, or hack. I don't want to hack. I want to stop those that hack, but that's it.
Stop thinking that you want to be a hacker, they are not pen testers. They are not good people. You can have a very good job and life working in IT and not being a hacker. Hackers are scum. And Hackers want an "easy life" which is why they hack. If you want to be successful you cannot go for the "easy route" to fortune. Be creative and create a program that is needed by society or a company. Something that you can build yourself and then if it's hugely popular you will make more than you ever imagined possible when you go to sell that program/concept.
As far as certs go, don't worry about them today. Focus on your education and pick a realistic path. Don't be a "hacker".
Thank you very much.
Well, I don't want to be a hacker, but being a hacker is really money paying though Hackers can always program an exploit kit, and get thousands a day of it, or many many ways...But I won't be I want to be more like Kevin Mitnick, I don't want to be just a penetration tester, I want to be one of the best, and probably the best.
Why I left medicine, and joined this field in the first place is because I found myself like to break into things, like solving tricks, like seeing a shell and start post exploitation, I can do it all day! I found that i can keep learning it, and keep trying and searching 20 hours a day, without getting bored! I just like it! I also like physics, math, and all other subjects, but not like pentesting, I can't study those subjects the whole day as pentesting.
I am not interested in virtualisation, cloud computing, or android dev as much as pentesting, i heard that clouding is the future...but i chose what i love! And I hope I made the right decision. -
LonVenu Member Posts: 44 ■■□□□□□□□□wrfortiscue wrote: »Yup. Don't be discouraged OP. IT is a slap in the face but like others said you just have to work at it. I am not happy where I am at, discouraged but not giving up. Keep at it.
I hope so. As long as I am doing my best, I won't care about the rest. -
LonVenu Member Posts: 44 ■■□□□□□□□□If i say that I decided to get a networking certification, should I go this route: Net+ > CCENT > CCNA R&S , or study CCNA R&S immediately ? in both routes, i will get the ccna certification only. I will probably then get the CCNA Security.