Going round in circles

CyberCop123

I'm looking to move into an IT Security role and possibly at some point maybe PenTesting which I have an interest in and some developing skills.

Currently I work in digital forensics but I do have some basic scripting and programming skills (Python, Shell Scripting, PHP) and I'm very confident with Linux.

I'm an ex web developer too so my knowledge of that side is fairly decent.

...

I'm going round in circles though. I'm pretty eager to just book an exam in and get started.

- I did plan to start OSCP in September but that's a lot to learn and I feel it's a very tough challenge, particularly for the first cert.

- I had done some preperation for CEH and so I thought I'd do that instead

- As I work in digital forensics I thought I'd then move straight onto CHFI which shouldn't be too huge a challenge as it's what I generally do day-to-day and all my training courses have been in that subject area

- I've now seen Network+ is a good starting point and with my current knowledge I could probably pass with some hard study over a 4-6 week period... and the exam is more affordable too

- I also considered Linux+ as I already have a good knowledge of it

- I also considered the MCSA as work agreed to fund the exams but I'd have to self-study. This is a ton of work though as my knowledge of server admin on Windows is basically nothing

...

As you can see it's a real mess really. I'm keen to get some official certs on paper and to just start. The CEH costs a fair bit but as you know it's valued by HR and Recruiters so a good place to start... and I could move onto CHFI after

I think I'm basically a bit torn between Starting with Network+ (which doesn't seem at all of value in job hunting)
OR
Going CEH/CHFI instead


Sorry for the long post but just really confused atm

636-555-3226

everybody wants to be a pentester! honestly you're all over the map with those listings. linux+ & network+ listed in the same topic as OSCP or CHFI isn't a good start. if you don't know the basics, don't bother with OSCP, and instead tackle network+ > linux+ > security+ > another security cert of your choice. comptia certs have the benefit of being cheap to study for ($30 books)

CyberCop123

636-555-3226 wrote: »

everybody wants to be a pentester! honestly you're all over the map with those listings. linux+ & network+ listed in the same topic as OSCP or CHFI isn't a good start. if you don't know the basics, don't bother with OSCP, and instead tackle network+ > linux+ > security+ > another security cert of your choice. comptia certs have the benefit of being cheap to study for ($30 books)

Well, I know I am all over the place, that was the whole point of making this thread, to vent my mixed up mindset. I don't think I fall into the category of not knowing the basics but I understand your point about working up to the OSCP as I know it is tough.


I did notice the lower cost of the Comptia certs so will give it some thought.

EANx

I'm not a fan of the CEH but work on Network+ and Linux before chasing the OSCP, I'd also throw in some edumacation on Python as well. Then maybe consider doing the eJPT as a stepping stone to the OSCP.

ITSec14

I've heard CEH isn't even remotely close to being a pentesting cert. Only reason I would get it is because of bypassing HR filters.

Like EANx said, go for eJPT. Many other TE members have had great experiences with it and it's very affordable.

ITSpectre

Honestly you need to create a roadmap of where you want to go, what you want to do, and how to get there....
First I would sit down with yourself in a quiet place and think about what you want to do... what interests you, and where do you want to go... then I would research your path to your prize....

Networking - Net+, CCNA,
System Admin - MTA, MCP, MCSA
Infosec - Sec+, eJPT, OSCP, or Sec+ CASP, CSA+
Linux Admin - Linux+, RHCSA

Study the boards... I used to be all over the place myself, but I had to sit down and really think about where I wanted to go and how I was going to end up there. When you do that... it helps to keep you focused on what you want to do.... trust me it helps out a lot

LonerVamp

Certs have two purposes: To add to your resume to get interviews (sort of in lieu of a body of experience), or as a vehicle for you to learn something. Linux+ probably won't teach you much, but it'll look good (somewhat) for entry level stuff that involves Linux. OSCP you're going to learn a ton from, for instance. To be completely honest, OSCP is an entry level pen testing cert, though it builds on skills that are not necessarily entry level general IT skills. Look for reviews on that and start studying. Even if you don't end up doing OSCP, what you study will be directly applicable to pen testing overall. But I'd say try the OSCP when you have time and money to devote to it.

Dr. Fluxx

network+ > linux+ > security+

This.

At least to start.

yoba222

If I were you I'd do the eJPT then the CEH. Then apply.

CEH for the resume, eJPT to actually learn something useful. Your web dev & forensic background is a strong plus on your resume for a security career path. Add the CEH and you should be able to land at least a security analyst role. After landing the job you can then pick other certs.