Question about best training for CNA/CNE Jobs?

blackedoutblackedout Member Posts: 16 ■□□□□□□□□□
TLDR: At bottom

I have a senior level background in network engineering ie routers/switches/firewalls and within the past 2-3 years I've been migrating over to a more cyber security focused role. I need assistance in pinning down where I need to round out my skills. I have been to multiple SANS courses (GCIA,GCIH,GPEN) and I want to know if CNE/CNA work is similar to the CTF/Netwars events that they put on. I basically am trying to get a foot in the door for some CNE/CNA jobs but most job openings are for highly specific roles, ie Mobile Malware Reverse Engineer.

I had a broad range of Cisco Certs and I currently hold the CEHv9, GCIA, GCIH and GPEN. My alst two years have been mainly blue team work, IDS/IPS etc. My biggest issue is I have 0 experience with pentesting outside of test/lab environments. While my jobs are in the related fields I am somewhat told to stay in my swimlane.

It was my assumption that CNE/CNA work would revolve around teamwork where most people had a specialty, ie one guy was the mobile dude, one was forensics, one was networking, one was pentesting web apps etc and they came together to work on projects, like if I dont know mobile I can talk to the mobile dude. Is this not the case, do you need to be an expert in all of these to get one of these jobs? Given my background which SANS course would be recommended to round out my skills. The SANS is given to me via work so I do not have to pay for it.

TLDR: I want a CNA/CNE job (can be govt), background is senior network engineering, obtained CEHv9, GCIA, GCIH and GPEN. Been doing blue team work past 2 years IDS/IPS. Very little coding experience (I can read code, but would have to google tons of stuff for syntax), familiar with broad range of pentest tools nmap metasploit kali linux etc etc. Very little forensic experience, 0 mobile experience, 0 reverse engineering. What SANS course would be recommended to give me a leg up?

GWAPT - WebApp Pen Testing - Build off of what I learned in GPEN
GMOB - Mobile Pen Testing - I know 0 about mobile apps.
GXPN - Advanced Pen Testing - Dunno if I would be overwhelmed by this.
GCFE - Forensics Baseline. - Basic forensic baseline.
CISSP - Resume Boost - I already have CEH which covers some DoD specs but CISSP would be just for resume boost.

Dunno where to really go here, I really enjoy doing netwars and downloading CTF VMS and trying to figure out how to get flags people have setup but I dont know where I want to "end up" career wise. Any ideas, suggestions?


  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    "I want to know if CNE/CNA work is similar to the CTF/Netwars events that they put on." - Absolutely not. You're thinking more of a government pentesting role, in which case it's still not the same, but at least in the same ballpark. "Given my background which SANS course would be recommended to round out my skills." - None, take PWK/OSCP. "The SANS is given to me via work so I do not have to pay for it." - Then take them all. "I already have CEH which covers some DoD specs but CISSP would be just for resume boost." - CEH covers the CND-SP positions, it does not meet qualifications for IAT/IAM levels, ANYTHING in gov't IT will require at least IAT level 2 to start, most likely IAT 3. If you have Security+ you may find a place, but getting CISSP is going to be the biggest qualifier for the government positions. CISSP + CEH will have you qualified to be hired on almost all positions, then you'll end up with 6 months to get your environmental certifications for the systems you're working on, things like a Linx cert, a Windows MCSA level cert, CCNA if you're an infrastructure specialist, a pentesting cert if you're a pentester, etc. Also, if you have a clearance you should be applying on to contractor positions. If you don't, stick to the portal. Unless you're very specialized and hard to find most contract companies won't get you a clearance, but the GS/GG positions will hire you based on everything else, then put you in for a clearance. You should also be willing to move if you really want to get in to one of these positions.
  • blackedoutblackedout Member Posts: 16 ■□□□□□□□□□
    First, thanks for the reply, however I am a bit confused.

    Based on DoD Approved 8570 Baseline Certifications

    GCIH, covers me for IAT level 3, and then CEH gives me CNDSP Analyst, infrastructure support, Incident responder and auditor. The only thing I cant do would be Manager or the IAM level 3.

    I am based in washington DC and already have a high level security clearance so that is not an issue, my biggest issue I am running into is ive been working Senior level network engineer / security engineer jobs with senior pay, and im trying to transition over to a mid level job due to my lack of experience, to do this I want to expand my background but I am only seeing highly specific expert job offerings. I am not really sure what the job title is im looking for and what is required. Should I be looking for Pentesting jobs, vulnerabilty research/exploit dev? I thought CNA/CNE had teams of people that did this, is that not how it works? Like if I went to clearancejobs or usajobs, most of the ones I see use the keyword infosec, but then it turns out to be like a sysadmin job. What keywords should I be searching on.
  • TechGromitTechGromit Member Posts: 2,151 ■■■■■■■■■□
    I think the OSCP would you best course of action, while still technically a lab environment, if you can get root/admin access 30+ systems, I don't see the difference between this lab environment and the real world pen testing. You can't beat the price either.
    Still searching for the corner in a round room.
Sign In or Register to comment.