From Zero to hero, a 6 year tale.

HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
Hello everyone, I'm HCPS123 or just HC for short. So after reading and seeing everyone's OSCP threads I was inspired to make my own thread describing my journey down the cert path and hopefully into a successful career. Hopefully this thread will help keep me motivated and pushing me forward to the end goal and when I get there I can look back on this and feel a little bit of pride. To clarify though I was planning on using this thread to describe my entire cert path, from the very first cert I plan on getting Sec+ to the ultimate pen-testing cert OSCP.

The Beginning:

To understand my goals and the path I've chosen I think it's important to state where I'm starting from. So I'm 24 and a failure. I wasn't able to get any job outside the retail (barely scrapping by) market much less an IT job. I realized halfway through college that I wanted to do something with computers and since I was already in the process of getting my Criminal Justice degree Cyber security felt like a natural fit. Sadly I was VERY naive back then and though that a Crim degree and Cyber security minor would be all I needed to get a job in Cyber Security. Yeaaaaaa that wasn't true at all.

So with the mountain of college debt looming I decided to join the military, picking my job as an IT and that's where I'm at now. I've passed basic training and am now currently in my job specific IT training. That's also where the time limit of 6 years comes from, a 6 year contract with the government. Which brings me into my goals.

The Goal:

In 6 years when my contract is up with the military I want to find myself a nice 100k+ job or a job as a Pen tester. As someone who always either had to beg for a job or go to a place that was hiring anyone that could actually dress like they were showing up to work it would also be nice if for once job recruiters came to me for a change. Which brings me to the path to accomplish my goals.

The Path:

So ideally I've arranged the certs/skills in a way that the first certs on the list will help prep me for the tougher certs on the bottom of the list. I picked these certs out based on two points, 1. That they'll teach me and make me a better pen tester or 2. Get me past the barrier which is HR. So let's start with the two things I'll definitely have once coming out of the military.

1. Clearance - While I don't have it yet I'm extremely positive I'll pass the background check and be able to get the Secret Clearance that is required for my work as a military IT. It's even possible that I might get a TS or TS/SCI (higher level clearances) but that would depend upon where I'm station. In any case this is an example of the military already paying off. Clearances are great, they're basically certs for your trustworthiness. A running joke we have is that a janitor with a TS clearance makes 75K solely because they have a TS. While that might be a little bit of an exaggeration the fact is clearances are money. They're often very expensive for employers to get for their employees and take a good amount of time to get. If an employee has never had one before that creates a huge risk for the employer (you're spending all this money and time on an employee who might not be able to get it). So already having a clearance is money. So if you know you can get a clearance and can find someone to get one for you DO IT.

2. Veteran status - While the value of this can change depending upon the rank you reach and how much time you spend in, the simple fact is people like and respect Veterans. Having it is a + for HR.

So with all that out of the way here's the list of certs and skills I want to achieve in 6 years. I've decided to start with Sec+ because my time in the military as an IT is superior to A+ and the military has already started teaching us CCNA which from what I've heard is harder than Net+, it would be like starting a Calculus class but going back to get a cert in algebra, at that point you're better off just pressing forward.

Sec+ = Completed

CCNENT = Currently studying for

CCNA

CEH

CCNA: Sec

CISSP

(Place Holder)

Powershell

Bash

Python

Assembly Language

(Place holder)

eJPT

eCPPT

OSCP

And that's the path I've currently got marked out. Of course as college has proven I can and might change my mind and adjust this path as needs arise but this is what I've got so far. Hopefully I'll keep this thread active and in 6 years we'll see where I end up.

PS: To the wonderful mods that keep this place running. Sorry if I posted this in the wrong thread, my thought process was that since most of these certs are Security focus this would be the best place to post it but if I'm wrong I apologize and am thankful for you putting this in the right place.
«1

Comments

  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    HCPS123 wrote: »
    I think it's important to state where I'm starting from. So I'm 24 and a failure.
    First of all try to change your attitude, someone at 24 is too young to be thinking of themselves as a failure. Remove this idea and the way of thinking from your head, it will help you move forward, be positive.

    I finished college at 28 and never thought to myself like that, i thought I could have done better and do better but never in that kinda state.


    HCPS123 wrote: »
    Sec+ = Currently studying for

    CCNENT

    CCNA

    CEH

    CCNA: Sec

    CISSP

    (Place Holder) SECURE (642-637)

    Powershell

    Bash

    Python

    (Place holder)

    eJPT

    eCPPT

    OSCP

    The 6 year plan is a good place to start but don't let it restrict you. Follow it and adjust it. You have select 10 certs and 3 scripting languages all possible in the 6 year time frame considering the overlap. I would do one small adjustment and place CEH after CCENT, the knowledge from Sec+ and CCENT would be more than enough to pass CEH. After you have done SEC+/CCENT/CEH/CCNA, you would have maybe 2-3 years experience already and you could easily try eJPT.

    The hardest thing in your cert path is the scripting languages, you need to keep reading, labbing and practicing those, writing small scripts etc in your everyday studies. if you don't use them, you lose the knowledge, just like any other language, if you don't practice it you forget.

    The clearance, experience, college degree and minor, plus military experience and those certs will definitely guarantee you a 100k job when you are out and maybe even more in 6 years.

    The important thing is to have a positive mindset and think about progressing, learning skills and advancing. In the beginning the steps will be small and slow but dont let that discourage you. Be a sponge and try and absorb more and more everyday and you will make it.

    Good luck to you.

    As a side note, you could create a blog about all this 6 year plan in Wordpress or similiar service that you can also use to track your progress and include anything you like.
  • EANxEANx Member Posts: 1,077 ■■■■■■■■□□
    HCPS123 wrote: »
    1. Clearance - While I don't have it yet I'm extremely positive I'll pass the background check and be able to get the Secret Clearance that is required for my work as a military IT. It's even possible that I might get a TS or TS/SCI (higher level clearances) but that would depend upon where I'm station. In any case this is an example of the military already paying off. Clearances are great, they're basically certs for your trustworthiness. A running joke we have is that a janitor with a TS clearance makes 75K solely because they have a TS. While that might be a little bit of an exaggeration the fact is clearances are money. ...

    2. Veteran status - While the value of this can change depending upon the rank you reach and how much time you spend in, the simple fact is people like and respect Veterans. Having it is a + for HR.

    So with all that out of the way here's the list of certs and skills I want to achieve in 6 years. I've decided to start with Sec+ because my time in the military as an IT is superior to A+ and the military has already started teaching us CCNA which from what I've heard is harder than Net+, it would be like starting a Calculus class but going back to get a cert in algebra, at that point you're better off just pressing forward.

    I agree, you're not a failure at 24, just inexperienced.

    While it's not typical, a janitor with a TS could certainly make 75k+ per year in the right environment.

    Don't forget that veteran's get more than respect or a +1 with HR. They also get veteran's preference with U.S. Gov't. hiring.

    Kudos for putting together a plan, just remember that your plan needs to be able to adapt to new requirements. Later in your enlistment, you might rethink going back for the basic CompTIA certs. Sometimes HR doesn't understand that one cert (CCNA/NP) is better than another (Network+) and you can lose out because you don't have the lower cert.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    What does your job training cover? Maybe you can get a few certifications from it or atleast learn the stuff to take the certifications.

    It's good that you have a plan but please keep in mind that things change... they change all the time. By the time you get out or if you reenlist, the "playing field" could change.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    1. Great plan. You are on track to enormous success, evidenced by beginning with a track.
    2. Yes the A+ is basic, but even 50 years of military experience won't even get you Dod 8570 IAT I. The A+ will: https://iase.disa.mil/iawip/Pages/iabaseline.aspx
    3. Ditch the CEH and replace it with CSA+. See DISA's chart above.
    4. Janitors don't make $75k/year because they don't give clearances out to janitors. The area gets sanitized of sensitive materials and then the janitors get escorted. When absolutely needed, they'll declassify the space temporarily for large, one-time janitorial projects.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • EANxEANx Member Posts: 1,077 ■■■■■■■■□□
    yoba222 wrote: »
    4. Janitors don't make $75k/year because they don't give clearances out to janitors. The area gets sanitized of sensitive materials and then the janitors get escorted. When absolutely needed, they'll declassify the space temporarily for large, one-time janitorial projects.
    It happens. Remember, not everything is DOD.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    HCPS123 wrote:
    So with the mountain of college debt looming I decided to join the military, picking my job as an IT and that's where I'm at now. I've passed basic training and am now currently in my job specific IT training. That's also where the time limit of 6 years comes from, a 6 year contract with the government. Which brings me into my goals.
    I wouldn't be so specific about for sure getting out after your first contract since you have barely even started...be open to the idea if you like being in the Military and doing the work you end up performing.
    TheFORCE wrote: »
    1. I would do one small adjustment and place CEH after CCENT, the knowledge from Sec+ and CCENT would be more than enough to pass CEH. After you have done SEC+/CCENT/CEH/CCNA, you would have maybe 2-3 years experience already and you could easily try eJPT.

    2. The clearance, experience, college degree and minor, plus military experience and those certs will definitely guarantee you a 100k job when you are out and maybe even more in 6 years.
    1. First OP, SECURE 642-637 is not the current exam for CCNP: Security...versions have changed. I would actually do anything you need to do your IT job first...Security+ > CCENT/CCNA > CCNA:Security > MCSA/Linux+ so you have an operating system certification...more than likely MCSA > CISSP....at this point you will have all of your basic requirements done for most jobs and you can start going down the red team path. If you group your red team certifications, you can hammer in your head the topics much better and avoid forgetting information...so go CEH > eJPT/eCCPT > OSCP. The only caveat would be if you can get GPEN/GWAPT from GIAC with the SANS training instead of eJPT/eCCPT...they carry a much better reputation and have great training material.

    2. False, not guaranteed...totally depends on a lot of factors. If you get into a GS role, very unlikely right off the bat...if you go to a govt contractor it will depend on the contractor and location. I know many people who were in IT/Security disciplines both in the military and not who couldn't crack $100k at some jobs with govt contractors. It depends on your certifications/degrees, and the actual experience you have. Try to be involved with enterprise / major efforts or initiatives so you can start building your resume...if you spend 6 years in help desk type roles or small efforts, it will be a lot harder to get the high paying jobs coming out.

    The last point is don't solely focus on govt/contractors for when you get out, be open to everything and decide based on what you know at that time (not now).
  • Codeman6669Codeman6669 Member Posts: 227
    well your not a failure man. I know and completely understand the feeling 100% though.
    But your only 24, and now your making the right steps to a career. I can tell you i often regret not joining the military as it would have been better for me at that time (so i believe). Here i am 33 working on an associates, completing certs and working in some support role. And im freaking 33. So if your a failure idk what that makes me. Not everyone is dealt the same cards, so its the choices you make right now that will get you somewhere later.
    No true failure has ever said "look this is my outline of goals, i joined the military, what do i do next". Failures just admit defeat. So im done with my motivation speech. Im impressed by your ambition and goals, and suggest you keep going.
  • N7ValiantN7Valiant Member Posts: 363 ■■■■□□□□□□
    Lol, if you're a failure at 24, then what does that make me at 30? I've never held a job outside of retail either, but I'm still confident enough that I can get my foot into the IT field even at my age.

    You only fail when you give up and stop moving forward.
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • kasgaromeokasgaromeo Member Posts: 24 ■■□□□□□□□□
    I'm in the military service as you are. However, I'm not in the IT field because of my recruiter messed up.

    Also, I'm 31 now. Then, I will be back to IT field after 2 years from now with 2 years IT experience as IT professional, manager position, and 4 years of Military Experience.

    Like you, I've been studying hard since AIT. I got the second bachelor degree and go to the master degree next year. Then, I got the eCPPT and OSCP this year. Moreover, I just started OSCE, then I will get OSEE next year.

    24 years old is very young. So, follow your plan and don't give up. I don't know your branch, but if you are in the hooah hooah, you will be able to meet me in this snow country lol.
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    Wow, I did not expect to get as many replies to this thread as I did and I really thank everyone for their positive energy. :D

    TheForce: Thanks for the advice! The reason why I choose to put CCNA before CEH is because I lack two straight years of IT experience which means I'm going to have to take the CEH class which is an additional 800 dollars on top of the 800 dollars for the actual exam itself. ICND2 is only 150 dollars with a lot cheaper study material I can purchase. So I figured I'd go for ICND2 first while I save up money for CEH.

    EANx: That's a really great point I didn't consider. After I complete my current cert list (or if I get stuck somewhere on the list due to money constraints or something else) I should think about doubling back and getting those certs. Can't beat Compita popularity after all. Thank you for the advice.

    Jamesleecoleman: So I can't go into too much detail about my training since it does require me having a Temp Sec clearance. But very broadly speaking I've taken classes that are extremely similar to an A+ class, a CCNA 1 class, a Windows 7 class and a Radio class. I've also gotten into the system administration specialty (secondary schooling/training) which I'm excited for. And you're right, the playing field could definitely change in 6 years, hell I've already proven my interest can change in 4. So the path isn't set in stone and like a writer never quite happy with his painting I'm always open to adding and changing it.

    yoda222: 1 and 2 are above but for 3. I'm confused as to why you recommend CSA+ over CEH? CSA+ seems to be more of an analysis cert while CEH is specifically dealing in hacking and theory. Looking at the DoD you provided most of the upper level positions (I assume the ones at the bottom are the upper level ones) require either a CEH or a CSA+. So while I can see the benefit of getting a CSA+ I don't understand why I should ditch CEH for it (the two certs look like they teach different things). 4. The janitor thing is more of a joke, to stress the value of a clearance.

    Techguru80: 1. I definitely am trying my best to be open to all possibilities (including staying in) but the military's first impressions are not that great to me. Granted I am in a student/trainee position right now, which basically means I get treated a lot worse then if I was not so my opinion could definitely change in 6 years but as of right now I would like to have a backup plan in place in case I do want to get out. 2. Thanks for letting me know the info I was looking at for CCNP Sec was outdated! Hmmm, I'm going to have to do more research into that since I originally put it there because the test was only 200 dollars. However I do like what you're suggesting with regards to getting an OS cert.

    The reason I didn't put any OS certs on this list was 1. Microsoft certs feel a little bit unreliable to me. Microsoft likes to change up their OS's too often for me to feel very secure in it's value, that's not to say when I'm closer to my 6 year mark I won't look to see what the most current Windows is and get that cert but I feel it's just not a cert you get to use down the line. 2. I did actually want to get a Linux cert but after looking down the Red Hat cert path I felt kinda intimidated and decided to put it off until after I got OSCP since I really do want to get OSCP in 6 years. And I was worried that if I added Red Hat certs I might not be able to meet that goal.

    I group CEH with Sec+ and CCNA: Sec because I was told that would greatly help me with getting CISSP which is from what I heard a very difficult cert.

    Everyone: Thank you so much for the words of encouragement and for telling me to stay positive. I'm not going to lie, it's been hard since I've graduated college and things haven't taken off for me like I've hope. Not to mention joining the military and seeing how successfully people who joined straight out of high school are when compared to me. There's also the part of me that's just worried that I won't be good enough, that I can try and study and work as hard as possible to get all of these certs, learn all of these tasks but that at the end of the day I won't be able to be a good IT and perform at the job because I just lack the natural talent for it. With that being said I only know how to do one thing and that's keep pushing forward, to be like a steam train and keep plowing ahead, forget my insecurities and just dive into the next task, the next objective with everything I've got.

    Update: Onto the actual update, I've currently finished reading Chap 5 of the Darril Gibson book and am in the process of studying for the post chap test. I'm kinda annoyed at myself for how long it's taking me to get through this book (going on 3 to 4 weeks now) but in my defense I do spend 8 hours a day in my military class. I do have a nice 4 day weekend though this week so I plan on trying to at least get to chap 8 before Monday. Ideally I'd like to take my Sec+ exam sometime between Dec 4 - 15 but at minimal I want it done before Dec 21.
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    Update

    So I made some tweaks to the plan, the first of many I'm sure. First got rid of the incorrect Secure 400 something test for CCNP: Sec. I'll have to reevaluate whether I want to start working on that after I get my basic certs done or save it for Phase 2: Beyond OSCP. Way to early to start talking about that though, in any case I did add Assembly Language to the list of programming Languages I want to learn before I start my hacker specific certs, it's been a language (along with Python) that I've been hearing pop up in the Pen field for a while so I added it to my list.

    Maintenance stuff aside I'm currently studying Chapter 8 of Gibson's book and feeling pretty frustrated at the speed of my progress. I've been pushing hard to try and learn this stuff so I can take my exam by the 8th but it's looking increasingly likely that it will have to be around the 15 which to be fair to myself is still before my personal deadline of the 21. Part of me wants to rush to get it done around the 8th but the safe/logic part of me wants to play it safe and give myself time not just to do all of Gibson's book but watch the Sec+ youtube videos and do more practice questions.

    I'll see where I am on Monday. If I'm not at chap 10 or 11 then it will have to be next week.
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    Update

    I've finished the Gibson book. And my exam is schedule for tomorrow. I scored an 88 on the practice test which is not as high as I would have liked to get..........definitely feeling nervous and kinda regretting not rescheduling my exam and pushing it back another day or so. But at this point I feel like i understand the majority of the concepts and thoughts for the book. It's going to come down to me being able to read the question and understand what it's asking of me.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    This is what I see is possible. I don't know your schedule so you may not have enough time, however I feel this is could be a two to two and a half year process.

    Sec+ = Currently studying for (completed in 2018, should be completed within 3-4 months)

    CCNENT (Completed in 2018, 2-3 months)

    CCNA (Completed in 2018, 2-4 months)

    CEH (Completed in 2018, 2-3 months)

    CCNA: Sec (2019 goal)

    CISSP (2020-21 goal)

    (Place Holder)

    Powershell (understand the basics in 2018, complete "Learn Powershell in a month of lunches, 3rd edition book) can be done in a month

    Bash (learn the basics in 2018, pick up some beginners guide book) give yourself 2 months here

    Python (learn basics in 2018, pick up "Python Crash Course" No Starch Press) can be done in a month

    Assembly Language (could be a 2019 goal)

    (Place holder)

    eJPT (2018 goal) You'd be surprised, but with sec+ and CEH, this course is not that hard. Can be done in 2-3 months

    eCPPT (2018 goal)

    OSCP (2019 goal)

    You can do it, don't underestimate your self and your dedication.

    I recommend this route as cisco certs are not that necesarry.

    2018
    Sec+
    CEH
    eJPT
    eCPPT
    CCENT
    CCNA (perhaps pushed to 2019 depending on your time)
    Reading books on Python, Powershell, Bash.

    2019
    CCNA SEC
    OSCP
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    chrisone = Thanks for the advice and words, I'm very grateful for your help. CCNA makes more sense given my situation. Being a military IT networking is "from what I heard" a strong part of our job and the schooling supports this. So since I need to know this and am being trained for it it makes sense to just go ahead and get the cert. That and it ultimately comes down to a financial element. As much as I would love to jump right in to CEH, that would cost me 1600 dollars (800 for the test and then another 800 for the additional schooling I'm required to take since I don't have the required time in) whereas ICND1 only costs 150 dollars. Once I'm in the military for a while they'll start paying for the certs (hopefully) but until then it's coming out of my pocket so it makes sense to go for the more cheaper certs while I save up money for the more expensive ones.

    Update

    VICTORY, VICTORY, VICTORY!!! I passed BOYAY!!!! Kinda tired right now but I'm also so f-ing hyped! I'll make another post later talking about my experience with Sec+ and the 401 exam as well as my future plans for studying for ICND1 but I just want to drink in the moment of me getting my first ever certification. The first of many.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Awesome work on the sec+! congrats!

    It looks like you have your game plan worked out. Money is a factor in anyone's decision. I guess what I am trying to say is, however you slice and dice this cake, I still see that you are more than capable of completing all these certs within 2-3 years, not 6.

    Enjoy the fruits of your labor!
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • MitechniqMitechniq Member Posts: 286 ■■■■□□□□□□
    As a fellow service member - thank you for your service.

    I would highly encourage ditching the horror that the C|EH is, with all the other certs you are planning to take C|EH does not bring you any additional value. If the end goal is looking for a 100k job then having these 3 Certs would put you in the same place as taking all of the certs you posted - CCNA Sec, OSCP and CISSP. If you want to consume as much education through certs than your plan seems pretty solid.

    Another set of highly recommended security certs is SANS GCIH, GCIA, GPEN and GCFA. I see more and more companies looking for these certs. When you get close to getting out I would recommend looking over this SANS program which is focused on training Vets that are transitioning from the military to civilian life. https://www.sans.org/cybertalent/immersion-academy
  • Bjcheung77Bjcheung77 Member Posts: 89 ■■■□□□□□□□
    HC, great job passing the Security+ exam. I wonder why you started off with Sec+ as your first certification. Do you already have your A+ and Network+ certifications? I guess you have sufficient IT experience in those fields from the military to make up for the certifications, I would skip it too if that's the case...

    For myself, I am one who like to start off on the right path and begin with the usual A+/Net+ to get the hang of things first, then would go Sec+, CCNET, CCNA. Once I have those under my belt, I would then go for CEH, CCNA Security, CASP, and end it with the CISSP.

    I like vendor neutral certifications and recommend them before going with the specialization or vendor exams. In fact, I am going for the CCNA Cyber Security right now, I will take my exam then go for CASP, and end it with CISSP. Just curious, are you going for a CASP before your CISSP, or do you think that's overkill getting so many certs?
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    Chrisone: Thank you, I just hope I can be as successful as you and the rest of the senior forum members O.o I don't think you seniors realize how much of an inspiration you are too us who are just starting out on the cert path.

    Mitechniq
    : And thank you for your service and tips. :D I had looked into the SANS certs but they were simply too expensive to justify. Don't get me wrong, if I can find a way to get the military to pay for them then they're way worth it (I might look into seeing if TA would cover them since Navy Cool won't) so thank you for letting me know about the VA services. I'm definitely going to look into them when I get closer to getting out. You make a good point about CEH, I was getting it because 1. I hear it helps get over the HR barrier for Pentester jobs and 2. It helps prep you for CISSP but if the Navy isn't paying for it I might have to rethink whether or not this cert is worth the money I'd have to pay out of pocket for it.

    Bjcheung77: You're exactly right. So here's my thoughts, every SINGLE IT should have at minimal one security cert and one network cert. Those are big things in this field. If you're new to the IT world (as in you have less then 2 years experience working in an actual IT job) I would recommend you get A+ since that shows employers that you've been trained to work in an IT environment. With that being said A+ is the weakest of all certs and if you have 2+ years of experience is essentially useless to you unless you have no way of proving your work experience to others.

    A+, NET+ and Sec+ are a great trifecta to start with for those new to the world of IT. They'll give you a great foundation to build off of, think of them sort of like your GEN-EDs for college and high school. They'll give you a good intro to all of the different areas of IT (and trust me, when I describe IT as a world that's because it's that expansive and diverse in what you can do within that category of jobs) and once you have that info you can figure out what you want to specialize in.

    With that being said I personally choose Sec+ to start with because 1. When my contract expires I'll have 6 years of experience with IT work making A+ very useless to me. 2. My military schooling is having me take courses that's very similar to CCNA. CCNA is basically a harder/higher level cert then Net+ so it doesn't really make a lot of sense in my mind to basically backtrack and take Net+ (it's sort of like being taught Calculus but going back to take an algebra 2 exam).

    Your plan looks very good and solid too me (helps that it's very similar to mine in regards to getting CISSPs ;) ). So first there's no such thing as overkill, CISSP is a high level cert so coming to it with a good amount of background knowledge will make your life a lot easier. With that being said I did look into CASP and ultimately decided that it wasn't worth it.

    So when you're mapping your cert path you want to think of yourself as a grand master chess player thinking not only of your immediate goal but several moves ahead. These certs are expensive, take a good amount of time to get and a pain to maintain so it will help you to be as efficient as possible with your selection. If a cert is only going to do one thing for you I would really take a minute and ask if that cert is worth it.

    So for example A+, NET+, SEC+ are great entry level certs, widely recognized and respected for what they are, are a great foundation to build upon with pretty much any future cert you wish to take. CCNA is a great intro to networking cert that really start getting into the fine details of networking and teaching you actual technical skills with setting up a network. It's very well respected and value in the job market and can be used as a stepping ladder for any other Cisco cert. The same with CCNA: Security, after you get this some time in the future you can decide to continue further up the cisico ladder by perusing CCNP: Security.

    CEH is when we start having to ask ourselves, "Is this really worth it?" Yes CEH will help with CISSP but what else is this doing for me? Is it worth it's insane asking price of 1000-1600 (depending upon if you need to take the class to be eligible)? For me personally CEH is helpful to get over the HR barrier for pen-testing jobs since it is a widely recognized cert (Note it IS NOT respected in actual pen-testing circles. This would be strictly to get over the HR barrier which is run by non technical people.) I'm still personally not sure about this cert and I think ultimately it might come down to whether or not my job will pay for it for me.

    Now let's look at CASP. What is CASP going to do for you? Yes it will help with CISSP but what about other certs? The problem I see with CASP is that it was made by Compita as a direct competitor with CISSP.......but it isn't. CISSP is simply better. CISSP is more widely recognized and respected than CASP and is known as the harder cert while CASP is known as the cheaper easier alternative. That's not necessarily saying CASP is a bad cert per say, it's just Compita set itself up for a bad situation by directly competing with CISSP. CASP isn't different enough to justify getting if you already have CISSP (at least ELearning (a hacking cert company) was smart enough to make their certs different enough to justify getting on top of OSCP (the gold standard hacker cert)) in my opinion.

    Ironically CASP is considered a stepping stone for CISSP which is the very thing Comptia was trying to move away from. I'm not going to tell you whether or not you should get CASP. But I would like to stress to you to ask yourself this question, "What is CASP going to do for me? Can it justify it's price and maintance in my eyes?"
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    Update:

    Alright so I'm refreshed, rested (or as rested as military personnel can be icon_sad.gif ) and ready to move forward to the next cert. CCNENT. Not going to lie, ICND1 and 2 scare the pants off me. I mean Sec+ scared me because I rarely heard of people failing it (who actually put in the time and effort to study for it) so if I did fail it it would have made me feel really bad about myself. But that's not the case with ICND1/2, they're hard certs. I hear all the time about people needing several attempts to get them (hence why they're so cheap). Not to mention unlike SEC+ ICND1, from what I heard, has actual REAL simulator questions in it where I'm going to have to be able to setup a router and network. With that being said I passed bootcamp and Sec+ even when I thought I couldn't so I'm ready to get my game face on!!!

    I bought both Lammle and Odom's books as well as signed up for CCNA 1-4 and packet tracer labs through Udemy! PLUS one of my military classes coming up next month well actually have material compatible to CCNA so that will actually be a nice change of pace rather than having to studying for my military class stuff on top of my cert stuff.
  • Masked_KingMasked_King Banned Posts: 42 ■■□□□□□□□□
    I like a 2 to 4 month plan myself. Since there is no such thing as zero to hero, I would like to think we are all trying to find that unicorn and chase for it to make you the first.
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    Masked_King: I agree :D

    Update: Holy cow, has it already been over a month since I updated this forum O.o I want to blame this all on the military and RL......and while it's true that I haven't been getting as much free as before to study, I definitely had the time and wasn't studying, a lack of discipline on my part icon_sad.gif which I hope to correct.

    So I'm currently at Chapt 9 of Todd's book and I have to say I've been frustrated with how he's setup the book. While the chapters are easy to read and understand he does little to highlight or point out keypoints, making it hard to know what I should be focusing on to study. His keynotes section is a joke as well, being so general it might as well be useless so unless I have the time to sit there and read his entire chapters several times there's just no way I can prep for his chapter tests. And I simply don't have the time (nor desire given several reports I have about Todd's credibility) to read his chapters multiple times so instead I've opted to just read them all and use his tests as the keynotes section to study off of.

    I've also gotten to Section 6 of Chris Bryant videos which have been a lot easier to follow and have a lot of knowledge. I do wish he had practice test at the end of his sections to test your knowledge of what he just taught but oh well.

    Finally I've also started my military training on networking/CCNA type material and well........got a 45 on the pre-test and a 72 on the first chapter test so yea......not making me feel real good right now. It also doesn't help that our instructor is a literal prodigy (graduated college at 1icon_cool.gif who I don't think really understands how us non-geniuses work. I asked him how I could become a network specialist in the military and his word for word respond "be a good IT" O.o He also told us "don't follow cisco material. I passed this class and learned more just by hoping on packet tracer and playing around that's what you should do too." O.o Which is definitely not how I learn so yea.......not really getting much help there.

    Oh last but not least last time I forgot to link my review of Sec+ (including a summary of the exam itself and the material I used to study for it). Here's the link in case anyone missed it and/or wanted to read it. http://www.techexams.net/forums/security/130472-review-sec-401-training-material.html

    And wish me luck in my class.
  • airzeroairzero Member Posts: 126
    6 years is plenty of time to get all those certs. I came in less then 3 years ago, had no prior IT experience or school and didn't study for the first year. I was able to get the majority of the certs your aiming for so just keep studying and knocking em out and you'll be there in no time. I can't speak for the CISSP or the CCNA:Sec but the other are definitley obtainable in a shorter time peroid. Just keep at it man!
  • _nessie__nessie_ Member Posts: 39 ■■■□□□□□□□
    Mitechniq wrote: »
    As a fellow service member - thank you for your service.

    I would highly encourage ditching the horror that the C|EH is, with all the other certs you are planning to take C|EH does not bring you any additional value. If the end goal is looking for a 100k job then having these 3 Certs would put you in the same place as taking all of the certs you posted - CCNA Sec, OSCP and CISSP. If you want to consume as much education through certs than your plan seems pretty solid.

    Another set of highly recommended security certs is SANS GCIH, GCIA, GPEN and GCFA. I see more and more companies looking for these certs. When you get close to getting out I would recommend looking over this SANS program which is focused on training Vets that are transitioning from the military to civilian life. https://www.sans.org/cybertalent/immersion-academy

    I second Mitechniq's opinion on CEH, each time I see CEH, it makes me kind of shiver ..
    Especially since I did read on of the books a couple of years back and thought: ok, now I have a book on how many tools there are out there and might do something in the field of pentesting, fine, and now?

    I also second his recommendation on SANS. If you'd be willing to spend 2x800 on CEH, please consider at least work-study (https://www.sans.org/work-study) from SANS and take GCIH or GPEN. That will cost you 1500 but you may need to stay at the premises of the event.
    You'll be working your a** off, but you certainly will be determined to go through. And you will talk with people, both SANS and attendees .. always a good thing.

    It does, however, depend on what kind of HR filters you want to pass. It's something I still don't understand. But that won't be any different from any other field that is involved with HR people not knowing what the business is they're representing/working for ...

    all the best :)
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    airzero: Thank you for your words of confidence :D

    _nessie_: I agree with you on the fact I don't like CEH. After doing more research not only have I found more proof that CEH is over priced and doesn't really give you the needed knowledge to succeed, but E-council itself has done some pretty shady ethical things in the past regarding the exam. Sadly though CEH's reputation is just unmatch from what I hear HR wise. I either need CEH or SANs and I can't get SANs, SANs is just too expensive and I can't do the work study program because I'm in the military, I just don't have the time. So CEH is looking increasingly like a necessary evil I need to get.

    Update: I am finally done with the military's version of CCNA and by god was it rough. Don't get me wrong, I love the material we were learning, by far the most interesting stuff, but it was like taking a cert boot camp on steroids. Let's cram everything you need to know for CCNA in 17 days! It was bad but what made it even worse was the instructor. Don't get me wrong, the guy knew his stuff, he was definitely a high level networking person and I have nothing but respect for him, but his teaching style didn't match my learning at all. He very much liked the idea of us just jumping straight into labs/packet tracer and F-ing around with the idea of "you will learn through failure" and at points told us straight to ignore the books.

    The books which were based on Cisco's work/design, not to mention it was clear he didn't like nor respect Cisco. Of course ignoring the books was a huge mistake I learned after the first chapter test when I scored low, because the test are based on the books. Once I started reading and studying the book my score jumped straight up and I quickly realized he was only giving us information which he deem "important" and ignoring the rest of the stuff. The labs were also a lot easier once I read the books since it actually went over in detail on how to do them.

    Then there were the tests. Now I'm sure we've all run across the "hand-holding" instructors before who would help "guide" you to the right question on a test, although in the military schooling they're surprisingly all over the place, but he was exceptionally bad. He would straight up just tell people the answer. It greatly bothered me when I raised my hand to ask him clarification regarding a question on the chapt test and his respond was to just tell me the answer to said question. To put bluntly he cared so little for the knowledge portion of the class that he openly encouraged students to **** on them and focus completely on the skills/labs of the class but even those he would walk you through it if you got stuck.

    Honestly though I have a hard time blaming him for this, I blame the military and it's inability to teach. I am now more convinced then ever that the military does not know how to teach people anything. And rather than recognize this as the weakness that it is the military takes pride in its ignorance and uses the saying "you will learn through failure" to justify its actions. It's nuts and a bad situation for everyone involve.

    I ended up scoring a 93 in the class, second highest, and went up to the instructor and asked him to unlock a practice ICND1 test I saw on the site we were using. He reluctantly opened it for me......for ten days, and then proceed to tell me that I wasn't ready for ICND1. Yea, that felt good to hear. *Sigh* In any case the other classes shouldn't be as hard so I should get back on track to doing studying on my free time for ICND1.

    I'll report next week on where I'm at with all of that.
  • t17hhat17hha Member Posts: 52 ■■■□□□□□□□
    Good luck HCPS123!! Looks like you have a similar journey to what I had planned, it' definitely achievable.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    HCPS123 wrote: »
    I ended up scoring a 93 in the class, second highest, and went up to the instructor and asked him to unlock a practice ICND1 test I saw on the site we were using. He reluctantly opened it for me......for ten days, and then proceed to tell me that I wasn't ready for ICND1. Yea, that felt good to hear. *Sigh* In any case the other classes shouldn't be as hard so I should get back on track to doing studying on my free time for ICND1.

    I would never rely on another person telling if I was ready for a test or not. If you understand and are able to describe all the exam topics Cisco has listed for the exam, I'd assume you would be ready for the exam. There will always be in life who don't think you can accomplish things and try to hold you down. Or just because they couldn't do it or because it took them a long time to accomplish it they think the same rules should apply to you... Screw those people.

    Keep up the hard work! icon_thumright.gif
  • shochanshochan Member Posts: 1,013 ■■■■■■■■□□
    yeah, in my mid 20's, I was SO broke and sort of feeling lost on what to get into...but then finally decided to get into computers after building my first system from scratch (Athlon AMD 650, lol). Once I did this, I was really motivated to get my AAS CIS degree & try to get my foot in the door somewhere...it was definitely tough at first, many failed interviews and failed CCNA twice (v1 & v2)...So, I went after & passed my A+, Net+ and that started getting me some more interviews and finally a job, it wasn't a great paying job, but I knew I had to gain more experience before I could land a more technical position. Just keep in mind, experience is really what you are after because a paper cert will give you some of the knowledge & maybe foot in the door somewhere, but actually doing the setups & configurations in real world experience is what you really want. Cheers & Hi5!
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • cshkurucshkuru Member Posts: 246 ■■■■□□□□□□
    Former Navy here, very familiar with their instructional techniques. It's the firehose method the idea is to expose you to as much material as possible and then have you achieve mastery in the Fleet under the mentorship of your LPO / LCPO. It works mostly but you have to take the imitative to learn on your own too.

    Like most of the others here I think you should skip the C|EH, especially if you are planning on going for the OSCP.

    One thing I have noticed is you seem to be skipping over some great free resources. Cybrary and Udacity have some great free course. As a military member you can sign up for FedVTE and there are a lot of distance learning programs available for realtively cheap (i.e. Stanly Community College) also don't write off the SANS course. They do quite a bit of training for the military. When you get to the Fleet keep your eyes open for the opportunity to attend.
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    Good luck HC, your plan sounds like a good approach. My only advice would be to consider doing SLAE before learning Assembly. You'll pick up a lot (do the SLAE certification, it's only 300 dollars or so for both 32bit and 64bit). The cert is where you'll learn a lot and SLAE will teach you assembly and linux, and some GDB etc. I also advise starting some CTFs and joining a local hacker/security club. If you can, try and do a talk every now and then about a particular topic you've learned about (you can typically do these at sectalks or local security club, or even the bigger conferences if you did lots of research on a particular topic and want to rub off some of your experience on others) - this will build some rep and help build confidence in public speaking - it also helps retain knowledge. Best of luck!
  • HCPS123HCPS123 Member Posts: 54 ■■■□□□□□□□
    I LIVE!!!!

    t17hha, NetworkNewb, shochan: Thank you so much for the words of encouragement.

    cshkuru: Thank you so much for the advice. I actually haven't heard of those resources so that's very useful to know, thank you. I definitely want to do more research into them later. And I definitely will be reevaluating CEH on my list.

    JollyFrogs: Hmmmm, I've never heard of SLAE before. I'll look into it. As for the other things, I'd definitely like to do that as soon as I can get some free time :D Sadly just finding the time to study for ICND1 has been a struggle recently.

    Update: So as one can see I greatly over estimated how much free time I would have to study for my cert icon_sad.gif I've had to push my exam date back twice at this point and I swear if I don't take it by the end of March I'm going to be very disappointed in myself.

    Study wise I've started from scratch on watching the Chris Bryant videos and I'm currently on his Section 11 out of 18 for CCENT. I've also switch to using Wendell Odom's book and was pleasantly surprised. Many people had warned me Odom's book was written like a tech manual (aka very dry, wordy and boring) but I find that not to be the case at all. While Odom does go into a lot of detail about the subjects (which I prefer), it's still an interesting and pleasant read and I find his passion and personality still comes on through. I also just like how his book is setup more. Currently on Chapter 10 out of 36.....or 38, can't remember off the top of my head.

    I'm also in a unique weird situation. So my military class was like a bootcamp style CCNA class where I was forced to cram and **** (despite my best efforts to learn the material as much as I could in the given amount of time) so I've been regoing over a lot of stuff I've already seen in said class from the other material. That's kinda created this feeling in me where part of me feels like I'm ready, that I should just schedule my exam for this Friday and take it. The logical/fearful part of me though thinks this is just false confidence. That I should complete Odom and Bryant's study material first like I originally planed to to cover any missing knowledge and really hammer in what I need to know.

    Going the safe route wouldn't normally be a problem it's just that recently finding the time to study has been very hard so it's become frustrating since I was planning to have already taken the exam by this point and moving on to ICND2. But I don't want to waste my money and rush things when the goal should be to calmly sit down and master the material so that I can use these skills in a work environment. The hardest thing I've had to do so far is restrain myself, to teach myself that mastery doesn't come from a sprint but practice and patience.
Sign In or Register to comment.