Unsure what security path to take

I'm hoping I can get a little assistance with deciding on what security path I should take. I'm planning on going Net +, then Security + (and a few other random certifications after that). But I want a career in hacking and I'm not sure exactly what I should go for after that. I want to learn how viruses and trojans are created and how to hack into networks or how to brute force my way into a network (bypassing their security). I've always been fascinated by it. It may sound malicious, but I want how to do it so I can learn now to protect against it. But my question is what cert path should I follow to accomplish this?
I'm thinking Net + > Sec + > CEH. Is this a good idea? I've never held a security job so I'm unsure where to go or what's required. If I manage to get the CEH.... where do I go from there? Should I study for SSCP first instead of the CEH? Is there a completely different cert path I should take?
I'm thinking Net + > Sec + > CEH. Is this a good idea? I've never held a security job so I'm unsure where to go or what's required. If I manage to get the CEH.... where do I go from there? Should I study for SSCP first instead of the CEH? Is there a completely different cert path I should take?
Certifications: A+, N+, S+, CCNA: CyberOps, eJPT, ITIL, etc.
Comments
Cyber Free - SECURITY ZIP
Security is an ever changing field and be sure to keep up with everything you can. If you want a good book to get started with Malware Analysis i cant highly recommend "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software 1st Edition" enough. Prior to looking at this I recommend looking at the SLAE course to get a good grasp of how ASM works. If you want an example of some shellcode being written and what its doing I had some shellcode published by ExploitDB(https://www.exploit-db.com/exploits/39851/). If you want to read a sort of walk through for each part take a look at Linux x86 Execve Stack Based Bind Shell | Slyth Sec - InfoSec Tutorials.
Some will argue that will you have to get some certs to pass the HR filter, I agree wholeheartedly, but being in the field long enough and sitting through some interviews, you need to know what you do and why to do. Getting the CEH/SSCP/SANS certs will get you in the door, but beyond that you will be on your own actual knowledge.
Current Goal: CCSE
Continuous Education Plan: AWS-SAA, OSCP, CISM
Book/CBT/Study Material: Max Power
1) Network Security
2) Pen Testing
3) Risk Management
4) Computer Forensics
5) IT Security Policy
etc
Once you decide, then start analysing which certifications or courses are best to help you get there.
Sec + gives you a great general idea of the disciplines involved in IT Security and should assist in the planning of this roadmap.
Frankly, I have read enough so called "pentesting reports" that should really state something closer to this effect: The tested system may be vulnerable to exploitation by an actor skilled in penetration testing than the author of this report..." This even when I gave the last group carte blanche to destroy any system they could reach in two weeks. Afternoons only. Obviously, I ended up with yet another over vague, empty promises report.
And you people wonder why I roll my eyes at "security people" so often.
Its because so many have no creds outside of talk. We got empty talk down.
- b/eads
Network + and then Security + seems like a good starting point so I will get those first for sure, but after that I'll use all of the resources you all provided to find which direction I should do next. I'm somewhat torn on what direction to go cause although I don't mind it being harder to learn that other IT areas, I'm still somewhat limited to what I can practice at home. I'm not in school and don't have a virtual or physical lab set up anywhere yet. That... and I'm not sure when I'll actually get a job that would allow me to use what I learn.