Going round in circles
CyberCop123
Member Posts: 338 ■■■■□□□□□□
I'm looking to move into an IT Security role and possibly at some point maybe PenTesting which I have an interest in and some developing skills.
Currently I work in digital forensics but I do have some basic scripting and programming skills (Python, Shell Scripting, PHP) and I'm very confident with Linux.
I'm an ex web developer too so my knowledge of that side is fairly decent.
...
I'm going round in circles though. I'm pretty eager to just book an exam in and get started.
- I did plan to start OSCP in September but that's a lot to learn and I feel it's a very tough challenge, particularly for the first cert.
- I had done some preperation for CEH and so I thought I'd do that instead
- As I work in digital forensics I thought I'd then move straight onto CHFI which shouldn't be too huge a challenge as it's what I generally do day-to-day and all my training courses have been in that subject area
- I've now seen Network+ is a good starting point and with my current knowledge I could probably pass with some hard study over a 4-6 week period... and the exam is more affordable too
- I also considered Linux+ as I already have a good knowledge of it
- I also considered the MCSA as work agreed to fund the exams but I'd have to self-study. This is a ton of work though as my knowledge of server admin on Windows is basically nothing
...
As you can see it's a real mess really. I'm keen to get some official certs on paper and to just start. The CEH costs a fair bit but as you know it's valued by HR and Recruiters so a good place to start... and I could move onto CHFI after
I think I'm basically a bit torn between Starting with Network+ (which doesn't seem at all of value in job hunting)
OR
Going CEH/CHFI instead
Sorry for the long post but just really confused atm
Currently I work in digital forensics but I do have some basic scripting and programming skills (Python, Shell Scripting, PHP) and I'm very confident with Linux.
I'm an ex web developer too so my knowledge of that side is fairly decent.
...
I'm going round in circles though. I'm pretty eager to just book an exam in and get started.
- I did plan to start OSCP in September but that's a lot to learn and I feel it's a very tough challenge, particularly for the first cert.
- I had done some preperation for CEH and so I thought I'd do that instead
- As I work in digital forensics I thought I'd then move straight onto CHFI which shouldn't be too huge a challenge as it's what I generally do day-to-day and all my training courses have been in that subject area
- I've now seen Network+ is a good starting point and with my current knowledge I could probably pass with some hard study over a 4-6 week period... and the exam is more affordable too
- I also considered Linux+ as I already have a good knowledge of it
- I also considered the MCSA as work agreed to fund the exams but I'd have to self-study. This is a ton of work though as my knowledge of server admin on Windows is basically nothing
...
As you can see it's a real mess really. I'm keen to get some official certs on paper and to just start. The CEH costs a fair bit but as you know it's valued by HR and Recruiters so a good place to start... and I could move onto CHFI after
I think I'm basically a bit torn between Starting with Network+ (which doesn't seem at all of value in job hunting)
OR
Going CEH/CHFI instead
Sorry for the long post but just really confused atm
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Comments
-
636-555-3226 Member Posts: 975 ■■■■■□□□□□everybody wants to be a pentester! honestly you're all over the map with those listings. linux+ & network+ listed in the same topic as OSCP or CHFI isn't a good start. if you don't know the basics, don't bother with OSCP, and instead tackle network+ > linux+ > security+ > another security cert of your choice. comptia certs have the benefit of being cheap to study for ($30 books)
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□636-555-3226 wrote: »everybody wants to be a pentester! honestly you're all over the map with those listings. linux+ & network+ listed in the same topic as OSCP or CHFI isn't a good start. if you don't know the basics, don't bother with OSCP, and instead tackle network+ > linux+ > security+ > another security cert of your choice. comptia certs have the benefit of being cheap to study for ($30 books)
Well, I know I am all over the place, that was the whole point of making this thread, to vent my mixed up mindset. I don't think I fall into the category of not knowing the basics but I understand your point about working up to the OSCP as I know it is tough.
I did notice the lower cost of the Comptia certs so will give it some thought.My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
EANx Member Posts: 1,077 ■■■■■■■■□□I'm not a fan of the CEH but work on Network+ and Linux before chasing the OSCP, I'd also throw in some edumacation on Python as well. Then maybe consider doing the eJPT as a stepping stone to the OSCP.
-
ITSec14 Member Posts: 398 ■■■□□□□□□□I've heard CEH isn't even remotely close to being a pentesting cert. Only reason I would get it is because of bypassing HR filters.
Like EANx said, go for eJPT. Many other TE members have had great experiences with it and it's very affordable. -
ITSpectre Member Posts: 1,040 ■■■■□□□□□□Honestly you need to create a roadmap of where you want to go, what you want to do, and how to get there....
First I would sit down with yourself in a quiet place and think about what you want to do... what interests you, and where do you want to go... then I would research your path to your prize....
Networking - Net+, CCNA,
System Admin - MTA, MCP, MCSA
Infosec - Sec+, eJPT, OSCP, or Sec+ CASP, CSA+
Linux Admin - Linux+, RHCSA
Study the boards... I used to be all over the place myself, but I had to sit down and really think about where I wanted to go and how I was going to end up there. When you do that... it helps to keep you focused on what you want to do.... trust me it helps out a lotIn the darkest hour, there is always a way out - Eve ME3 :cool:
“The measure of an individual can be difficult to discern by actions alone.” – Thane Krios -
LonerVamp Member Posts: 518 ■■■■■■■■□□Certs have two purposes: To add to your resume to get interviews (sort of in lieu of a body of experience), or as a vehicle for you to learn something. Linux+ probably won't teach you much, but it'll look good (somewhat) for entry level stuff that involves Linux. OSCP you're going to learn a ton from, for instance. To be completely honest, OSCP is an entry level pen testing cert, though it builds on skills that are not necessarily entry level general IT skills. Look for reviews on that and start studying. Even if you don't end up doing OSCP, what you study will be directly applicable to pen testing overall. But I'd say try the OSCP when you have time and money to devote to it.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
yoba222 Member Posts: 1,237 ■■■■■■■■□□If I were you I'd do the eJPT then the CEH. Then apply.
CEH for the resume, eJPT to actually learn something useful. Your web dev & forensic background is a strong plus on your resume for a security career path. Add the CEH and you should be able to land at least a security analyst role. After landing the job you can then pick other certs.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP