Need advice regards security (pentesting) path

Hi everyone,

Currently I'm working as a devops engineer (yeah, I know.. just a buzzword) and my work experience is pure OPS stuff. I'm pretty comfortable with Linux OS, scripting, automation tools etc.. Lately I started to think about a change to the stuff that is more compelling to me and because of that I decided to switch field into the security (pentesting).

I was thinking about the best possible way to approach this. I thought about taking the OSCP exam and PWK prep course, although I'm not yet sure if this is a good starting point. In the meantime, I'm planning to follow the "Penetration Testing: A Hands-on Introduction to Hacking" book by Georgia Weidman and play with VMs.

I would really appreciate any help and guidance.

Thanks!

Find more posts tagged with

Comments

--chris--

JollyJokester wrote: »

Hi everyone,

Currently I'm working as a devops engineer (yeah, I know.. just a buzzword) and my work experience is pure OPS stuff. I'm pretty comfortable with Linux OS, scripting, automation tools etc.. Lately I started to think about a change to the stuff that is more compelling to me and because of that I decided to switch field into the security (pentesting).

I was thinking about the best possible way to approach this. I thought about taking the OSCP exam and PWK prep course, although I'm not yet sure if this is a good starting point. In the meantime, I'm planning to follow the "Penetration Testing: A Hands-on Introduction to Hacking" book by Georgia Weidman and play with VMs.

I would really appreciate any help and guidance.

Thanks!

There are many ways to go where you want, what you outlined is one of them. Is there a single best way? Probably not, but learning by doing is good.

What it will boil down to is not the what & how, but instead your determination to make this happen. A lot of people chase dreams, but few "go all in"...there is a difference.

UnixGuy

I was a Unix engineer before I moved to InfoSec, there are way too many paths! What I did was I just applied to infosec job and I got it.

If you have the determination to do OSCP, then do it! It will open doors to pentesting jobs....or you can find a job in a SOC and work you way up (risky path...no pun intended)

I would say you can get an infosec job based on your linux background (won't be easy). Do OSCP if you're up for the challenge....

Think about eLearnSecurity as well, they have introductory and advanced courses which you can do before the OSCP to easy the transition

TeKniques

If you have a decent amount of IT experience and a decent Linux background (seems like you do) then I wouldn't waste any time and just go straight to OSCP. I have no idea regarding eLearnSecurity, but imo for the cost, the OSCP is a great deal for what you get out of the course if you can put in the time.

JollyJokester

Thanks everyone for the reply and hints. For now I'm going to proceed with studying by myself to cover as many topics as I can. In December/January I will take the PWK course and see how it goes.

I found plethora of books/video courses but which one would you guys recommend specifically (based on your experience)?

Thanks again!