Where do i go from here?

lmcelhinney87lmcelhinney87 Member Posts: 6 ■□□□□□□□□□
Hi All,

I've been working in IT for 12 years now and as a network & security engineer for probably the last 3 years. The network side of things i do enjoy but my true passion is with security. It's a hobby more than anything else but i'm not sure what route to go just now. I'm certified in VMware and Check Point and recently attended and passed my CEH. In truth, the CEH course was decent enough but a bit of a let down in some respects and having read a number of threads on here i can clearly see it's not a cert that's held with the highest regard but i see it as a foundation to build on. The trouble i'm having now is what to go for next.

I see a lot of talk about the OSCP but in truth i don't feel i'm ready and competent enough for that yet. I use Kali on a daily basis and have been attempting some CTF's on Vulnhub and working through the missions on Hack This Site in my own time and i'm enjoying learning as i go but i have next to no programming and / or scripting experience and i know that is probably what is holding me back. Powershell is becoming a bigger part of my job and i am definitely showing signs of improvement but that will only get me so far and looking at the OSCP it looks like i'd be wasting my time with the little programming experience i have.

Has anyone found themselves in a similar situation? ie coming from a networking background but keen to adapt into more of a pen-test type role? I've been looking at various other courses from the likes of CREST but i'm at a bit of a loss as to what to go for next.

Any advice is much appreciated.

Comments

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    If Pentesting is what you want to do, then the OSCP is great and I think you have the necessary background for it.

    If you're not 100% confident, then start with eLearnSecurity eJPT then eCPPT. This will teach you a lot and a great way to get hands on before OSCP. eCPPT is as challenging.


    If you just want a general security certification, then CISSP (if you like reading..).


    SANS certs if you have the money.


    I say try to get a security job anyway, and get more exposure.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • lmcelhinney87lmcelhinney87 Member Posts: 6 ■□□□□□□□□□
    Firstly, thanks for taking the time to reply mate.

    I think the eJPT might be a good call. Hopefully the practical experience of working through that will just give me that bit more exposure than the limited labs in the CEH classroom without hitting the inevitable wall i feel i would hit with the OSCP at this point in time.

    Regarding the CISSP - it's not really about just having the certs for me. I'd very much consider myself a 'techy' and find the practical and in particular pen testing side of things much more appealing. Maybe in years to come i'll go for the CISSP but for now it's not really doing it for me.

    Thanks again.
  • jasonperry10jasonperry10 Member Posts: 60 ■■■□□□□□□□
    Go for the OSCP. You're starting out with way more experience than I did. I didn't know crap about pentesting. I never used kali or any version of Linux for that matter. I just studied up on Linux and read a learn Python in one day book and just went for it. I learned a lot and it was tough, but once I started understanding the methodology I did well.
  • mokazmokaz Member Posts: 172
    go for the OSCP, you've got enough experience to take a quick grasp on the materials. there are really many sec certs available but i wouldn't waist my time on lower value certs, you'd rather spend two more months on the OSCP then in the end having spend 3 months here and there to still be going the OSCP route. I've done my OSCP with not much of a pen test experience and its perfectly doable, just need to invest time at it really.. and on the financial side, i think that OffSec in general are very affordable and of best value toward what you learn against what you spend. my two cents..
  • hisanmehmoodhisanmehmood Registered Users Posts: 1 ■□□□□□□□□□
    Hello All!
    I am new to tech exams one of my friends suggested me this forum to get the best recommendation about security certifications.


    I am not new to information security, but which certification should I choose "CEH from EC-Council" or "CPTE from Mile2" I know Mile2 and EC-Council was 1 body in the past.


    but I have these questions.

    1. Which one is more valuable or demanding?
    2. Which will give me up to date information and hands on?
    3. Which one is more recognized with Cyber Law Agencies or institutions "Worldwide"?


    I'm not concerned about my CV, I just want expertise in information security and recognition.
Sign In or Register to comment.