Road-map to Success

ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
I am brainstorming my year plan to have my goals completed by this time next year or sooner. So far I have the following (I believe in planning for success because it keeps me focused on my goals)

1. complete OSCP and get certified
2. Complete CCNA and get certified
3. Get new job working in infosec (entry level willing to start at the bottom)
4. Move to a new city or stay where I am depending on job market
5. Complete SSCP or GSEC certification
6. Complete CISSP then get the experience needed to be fully certified

A lot of people discourage people from taking the CISSP because you need a certain amount of experience to earn the CISSP.... which is fine. But for me I don't let that deter me. I can sit for the exam and pass and be an associate of ISC2 until I get the needed experience and receive endorsement. My goal is to be a pentester and prevent hackers from hacking into businesses, networks, and taking valuable information which is why CISSP will be essential for me... as well as CCNA.

So by this time next year I plan to have more certs, in a different job, possibly in a different city.... and may have a girlfriend <3 if things between us go smoothly.... (I hope it does).

I want to see how others plan for the future and do you all have different ways to plan your next endeavor, your next cert, your next degree etc... Or do you just "go for it"

The reason why I chose to go for the hardest certs and hardest things to aim for.... When I was in middle school a math teacher once told me "You can get the hardest things figured out quickly, but you stumble on the easy stuff". Even today that still rings true for me... icon_cheers.gif
In the darkest hour, there is always a way out - Eve ME3 :cool:
“The measure of an individual can be difficult to discern by actions alone.” – Thane Krios

Comments

  • joshuamurphy75joshuamurphy75 Senior Member Member Posts: 162 ■■■□□□□□□□
    That's a lot for one year. Let us know how it goes.
  • E Double UE Double U Member Posts: 2,088 ■■■■■■■■■■
    ITSpectre wrote: »
    My goal is to be a pentester and prevent hackers from hacking into businesses, networks, and taking valuable information

    For red teaming (pentester) OSCP is definitely the target. If you want to self study for some basics that can prepare you for that I would say C|EH. If you go the SANS route I would recommend GPEN.

    For blue teaming (defender) I would say GCIH.

    I don't see the point of CCNA in your case. Since you have Sec+ I think you should skip GSEC and go for one (or both) of the GIAC offerings mentioned above. Skip SSCP and go straight for CISSP after you have accomplished your other goals.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, etc.

    2022 goal(s): CRISC, maybe CGEIT or TOGAF

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    E Double U wrote: »
    For red teaming (pentester) OSCP is definitely the target. If you want to self study for some basics that can prepare you for that I would say C|EH. If you go the SANS route I would recommend GPEN.

    For blue teaming (defender) I would say GCIH.

    I don't see the point of CCNA in your case. Since you have Sec+ I think you should skip GSEC and go for one (or both) of the GIAC offerings mentioned above. Skip SSCP and go straight for CISSP after you have accomplished your other goals.

    Thank you... I will skip the CCNA and go straight for the GIAC offerings. And i will skip SSCP and go for the CISSP
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,426 Mod
    mmm, see if you invest the time and finish the OSCP, I'd try and get an entry level (or even non entry level) Pentesting job. Reason being, OSCP is hard and I see pentesting positions open for years on..having OSCP might be all you need to get your foot in the door!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube Channel!

  • DatabaseHeadDatabaseHead Teradata Assc 16, Querying Microsoft SQL Server 2012/2014, CSM Member Posts: 2,724 ■■■■■■■■■■
    1. complete OSCP and get certified

    That's enough to be successful........
  • EANxEANx Member Posts: 1,078 ■■■■■■■■□□
    1 & 2 together, for someone new to both, is enough for a year.
  • DatabaseHeadDatabaseHead Teradata Assc 16, Querying Microsoft SQL Server 2012/2014, CSM Member Posts: 2,724 ■■■■■■■■■■
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.

    My goal is under a year.... take 3 months to study hard non stop.... and a month of final prep... it should not take a year to do a certification.
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • DatabaseHeadDatabaseHead Teradata Assc 16, Querying Microsoft SQL Server 2012/2014, CSM Member Posts: 2,724 ■■■■■■■■■■
    ITSpectre wrote: »
    My goal is under a year.... take 3 months to study hard non stop.... and a month of final prep... it should not take a year to do a certification.

    Correct, if you want to power through and obtain a piece of paper........

    Might as well squeeze the CCIE in as well.
  • labscloudlabscloud Member Posts: 137 ■■□□□□□□□□
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.

    The OSCP I could see taking a year. The CCNA I think someone with no prior knowledge could obtain in about 4 months or less depending on how much they put in it. Now the CCNP would definitely take a year to obtain all 3 certs for it though.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    Yup..... But the OSCP to me is more then just a piece of paper... and you really can't power through it. if you do not take time to learn the material you WILL fail time and time again. You cannot remember OSCP questions because there are none... its more a hands on type of test.
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • ITSec14ITSec14 Member Posts: 399 ■■■□□□□□□□
    The CISSP and OSCP are the only certs you should focus on in regard to your list. Doesn't make sense to get the GPEN if you have Security+.

    You should also be realistic in your goals. With little to no infosec experience they may take longer than you think.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    I like your plan on the CISSP, and achieving it will open doors. Don't forget that if you have work experience in any of the domains listed, you qualify. For instance, if you're dealing with accounts and passwords in what you do in IT...

    OSCP is the deep end. You're going to need to have working knowledge of LAN networking, firewalls, Linux, Windows, web server administration, etc. Don't shortcut anything there, or you'll drown during the exam when the lifelines and hints no longer exist. Not many experienced people will get this in 3 months, and most take 6+, I think. This might not open as many doors as you think if you have no prior IT/security experience, but you may get lucky, especially since you seem to be open to moving locales.
    ITSpectre wrote: »
    I want to see how others plan for the future and do you all have different ways to plan your next endeavor, your next cert, your next degree etc... Or do you just "go for it"

    I think everyone has different approaches. It should start out with a vision of what your goal is for a career, and then mapping out a) the certs/experience you need to pass HR and hiring filters, and b) the courses and things you need/want to learn, regardless whether you earn the actual cert at the end or not. Sometimes those overlap.

    Also, keeping in mind that sometimes you just need raw actual IT experience. This is why many entry level "how do I get into infosec" advice threads strongly suggest getting a help desk, SOC/NOC, or sysadmin type of job and build up some general IT experience while also learning and applying security concepts in relation to that.

    For me, I tend to take the above approach (big surprise there), but I also look at what my weaknesses are and try to address them with a plan of some sort. As a really big task, I've looked at everything you could do in infosec, categorizing and ranking those things for how much I'd love to do them for my work, and a general mapping of what to learn to "get there." That way when I'm "in a mood" to study or try something new, I'm not first spending hours wondering what to do; I instead can look at my priority list and pick something to play with.

    Infosec basically has a few certs at the low levels, a few good higher certs like OSCP and CISSP to achieve with experience, and then SANS when you or your team can afford it. You can also mix in various non-sec certs like Linux/MS/Cisco/VMware/AWS types of studies. But beyond that, you're left with lots of open-ended self-study and on-the-job learning tasks.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    LonerVamp wrote: »
    I like your plan on the CISSP, and achieving it will open doors. Don't forget that if you have work experience in any of the domains listed, you qualify. For instance, if you're dealing with accounts and passwords in what you do in IT...

    OSCP is the deep end. You're going to need to have working knowledge of LAN networking, firewalls, Linux, Windows, web server administration, etc. Don't shortcut anything there, or you'll drown during the exam when the lifelines and hints no longer exist. Not many experienced people will get this in 3 months, and most take 6+, I think. This might not open as many doors as you think if you have no prior IT/security experience, but you may get lucky, especially since you seem to be open to moving locales.



    I think everyone has different approaches. It should start out with a vision of what your goal is for a career, and then mapping out a) the certs/experience you need to pass HR and hiring filters, and b) the courses and things you need/want to learn, regardless whether you earn the actual cert at the end or not. Sometimes those overlap.

    Also, keeping in mind that sometimes you just need raw actual IT experience. This is why many entry level "how do I get into infosec" advice threads strongly suggest getting a help desk, SOC/NOC, or sysadmin type of job and build up some general IT experience while also learning and applying security concepts in relation to that.

    For me, I tend to take the above approach (big surprise there), but I also look at what my weaknesses are and try to address them with a plan of some sort. As a really big task, I've looked at everything you could do in infosec, categorizing and ranking those things for how much I'd love to do them for my work, and a general mapping of what to learn to "get there." That way when I'm "in a mood" to study or try something new, I'm not first spending hours wondering what to do; I instead can look at my priority list and pick something to play with.

    Infosec basically has a few certs at the low levels, a few good higher certs like OSCP and CISSP to achieve with experience, and then SANS when you or your team can afford it. You can also mix in various non-sec certs like Linux/MS/Cisco/VMware/AWS types of studies. But beyond that, you're left with lots of open-ended self-study and on-the-job learning tasks.

    Thanks for the insight!
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • E Double UE Double U Member Posts: 2,088 ■■■■■■■■■■
    ITSec14 wrote: »
    Doesn't make sense to get the GPEN if you have Security+.

    How so?
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, etc.

    2022 goal(s): CRISC, maybe CGEIT or TOGAF

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • p@r0tuXus[email protected] Member Posts: 532 ■■■■□□□□□□
    E Double U wrote: »
    How so?

    I believe ITsec meant GSEC, as was referenced in the OP's post.
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • ITSec14ITSec14 Member Posts: 399 ■■■□□□□□□□
    Whoops! Yes, I meant GSEC! Definitely pursue GPEN lol

    My bad...I would also skip the SSCP.
Sign In or Register to comment.