From Zero to hero, a 6 year tale.

Hello everyone, I'm HCPS123 or just HC for short. So after reading and seeing everyone's OSCP threads I was inspired to make my own thread describing my journey down the cert path and hopefully into a successful career. Hopefully this thread will help keep me motivated and pushing me forward to the end goal and when I get there I can look back on this and feel a little bit of pride. To clarify though I was planning on using this thread to describe my entire cert path, from the very first cert I plan on getting Sec+ to the ultimate pen-testing cert OSCP.

The Beginning:

To understand my goals and the path I've chosen I think it's important to state where I'm starting from. So I'm 24 and a failure. I wasn't able to get any job outside the retail (barely scrapping by) market much less an IT job. I realized halfway through college that I wanted to do something with computers and since I was already in the process of getting my Criminal Justice degree Cyber security felt like a natural fit. Sadly I was VERY naive back then and though that a Crim degree and Cyber security minor would be all I needed to get a job in Cyber Security. Yeaaaaaa that wasn't true at all.

So with the mountain of college debt looming I decided to join the military, picking my job as an IT and that's where I'm at now. I've passed basic training and am now currently in my job specific IT training. That's also where the time limit of 6 years comes from, a 6 year contract with the government. Which brings me into my goals.

The Goal:

In 6 years when my contract is up with the military I want to find myself a nice 100k+ job or a job as a Pen tester. As someone who always either had to beg for a job or go to a place that was hiring anyone that could actually dress like they were showing up to work it would also be nice if for once job recruiters came to me for a change. Which brings me to the path to accomplish my goals.

The Path:

So ideally I've arranged the certs/skills in a way that the first certs on the list will help prep me for the tougher certs on the bottom of the list. I picked these certs out based on two points, 1. That they'll teach me and make me a better pen tester or 2. Get me past the barrier which is HR. So let's start with the two things I'll definitely have once coming out of the military.

1. Clearance - While I don't have it yet I'm extremely positive I'll pass the background check and be able to get the Secret Clearance that is required for my work as a military IT. It's even possible that I might get a TS or TS/SCI (higher level clearances) but that would depend upon where I'm station. In any case this is an example of the military already paying off. Clearances are great, they're basically certs for your trustworthiness. A running joke we have is that a janitor with a TS clearance makes 75K solely because they have a TS. While that might be a little bit of an exaggeration the fact is clearances are money. They're often very expensive for employers to get for their employees and take a good amount of time to get. If an employee has never had one before that creates a huge risk for the employer (you're spending all this money and time on an employee who might not be able to get it). So already having a clearance is money. So if you know you can get a clearance and can find someone to get one for you DO IT.

2. Veteran status - While the value of this can change depending upon the rank you reach and how much time you spend in, the simple fact is people like and respect Veterans. Having it is a + for HR.

So with all that out of the way here's the list of certs and skills I want to achieve in 6 years. I've decided to start with Sec+ because my time in the military as an IT is superior to A+ and the military has already started teaching us CCNA which from what I've heard is harder than Net+, it would be like starting a Calculus class but going back to get a cert in algebra, at that point you're better off just pressing forward.

Sec+ = Completed

CCNENT = Currently studying for

CCNA

CEH

CCNA: Sec

CISSP

(Place Holder)

Powershell

Bash

Python

Assembly Language

(Place holder)

eJPT

eCPPT

OSCP

And that's the path I've currently got marked out. Of course as college has proven I can and might change my mind and adjust this path as needs arise but this is what I've got so far. Hopefully I'll keep this thread active and in 6 years we'll see where I end up.

PS: To the wonderful mods that keep this place running. Sorry if I posted this in the wrong thread, my thought process was that since most of these certs are Security focus this would be the best place to post it but if I'm wrong I apologize and am thankful for you putting this in the right place.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

K-9

So glad to hear you are not giving up on this. Review those goals every week and don't be afraid to adjust the order or content.

I did a similar thing several years ago. I made a five year plan that seemed like a dream list of certs. I was actually amazed that I did hit my goals.

It works. Don't give up.

Best of luck!

HCPS123

Update: I live!!! Again, ok this time I'm more determine to keep to a better schedule! I'm ashamed to say it but it's taken me WAAAAAAY too long to get ready for ICND1, almost five months I want to say (almost scared to find out real date) O.o Good news is that I've finished both Odom's book and Chris's videos!!! I learned a great deal from them and had a lot reinforced to me. With nothing holding me back now (except my fears) I've scheduled my exam for Thursday. Until then I plan on bunkering down, practicing my packet tracer skills, good old port memorizing and other random facts with self made flashcards.

Definitely feeling nervous because of how long I've been studying for this, that and I've sort of become the running joke of the class with everyone wanting to crack a joke about me carrying around my book so if I fail I'm definitely going to feel really bad. Still despite my fears and insistence from other people in the class, I'm NOT going to use ****. I LIKE CCNA, I like configuring routers and learning about networking and beyond the fear of failure there's a need in me to know how good I really am at this now. It's a weird feeling to describe, but in the words of anime, "even if a good part of me is scared I'm about to fall, and even bigger part wants to see how high I can get before that moment".

Oh and in other sad news, because I waited so long to check in the forum I missed my chance to get an elearning bundle *cries in corner*. See kids, this is why you should stick to your update posts.

HCPS123

Update: PASSED ICND1!!!!! VICTORY! VICTORY! That's my battle cry!!!!!

I am now CCENT certified!!! I'm going to go ahead an update my posts and post a review on ICND1 in a bit, but needless to say I'm super happy and ICND2 you're next!!!

Techand$$

HCPS123 wrote: »

Update: PASSED ICND1!!!!! VICTORY! VICTORY! That's my battle cry!!!!!

I am now CCENT certified!!! I'm going to go ahead an update my posts and post a review on ICND1 in a bit, but needless to say I'm super happy and ICND2 you're next!!!

Congrats !!, I enjoyed reading your posts. Your plan looks solid, it took me around the same time to get all the certs i.e. 5-6 years. Just take it one at a time, and keep the momentum, eventually it will snowball into something much bigger than you have ever imagined.

HCPS123

Techand$$ = Thank you so much for the kind words and I will!!

Update: So apparently there's a limit to how far back you can edit a post O.o So I won't be able to edit my first post like I thought, instead I'm just going to post the updated goal list as they update so here we go. Oh and here's a link to my review if anyone is interested in it. http://www.techexams.net/forums/ccna-ccent/132378-review-ccent-icnd1-100-105-study-materal.html#post1142567

Sec+ = Completed

CCNENT = Completed

CCNA = Currently Studying for

CEH

CCNA: Sec

CISSP

(Place Holder)

Powershell

Bash

Python

Assembly Language

(Place holder)

eJPT

eCPPT

OSCP

julioiglesiasp

I'm an OSCP since 2016, and let me advise you (with all respect):

Sec+ = Completed

CCNENT = Completed

CCNA = Currently Studying for

CEH > Don't take, I see a lot of jobs opportunities telling you something like this: "OSCP & OSCE won’t hurt your chances, CEH might."

**** From this point, I don't see why to take all these exams:
CCNA:

CISSP

eJPT

eCPPT

***** Till here.... If you ask me why I don't recommend CISSP, the answer is: If you want to me a Security Manager or CISO, or something like that, you should take CISSP, but you're looking for Pentesting, so focus in pentesting courses and learning

*******

Powershell > Pospose this to the future

Bash > Sure, and it's not that hard

Python > Sure, I recommend you SPSE from pentesteracademy, Vivek course, great course!!, but I passed the exam using the Kali scripts, and tools, and a lot of bash, when you take the PWK course, you'll learn some basis of python. But if you know programming, you'll not have troubles.

Assembly Language > Pospose this when you get the OSCP, and if you wan't to get OSCE (I'm on this right now)

Notes:
Look for OSCP reviews, and don't forget to visit, and read fuzzysecurity and g0tm1lk's blogs, specially for Windows and Linux privs. escalation.
Practice with some vulns VM like, metasploitable, de-ice, kioptrix, and vulnhub's website.

Best regards

b0Ris

julioiglesiasp wrote: »

I'm an OSCP since 2016, and let me advise you (with all respect):

CEH > Don't take, I see a lot of jobs opportunities telling you something like this: "OSCP & OSCE won’t hurt your chances, CEH might."

**** From this point, I don't see why to take all these exams:
CCNA:

CISSP

eJPT

eCPPT

***** Till here.... If you ask me why I don't recommend CISSP, the answer is: If you want to me a Security Manager or CISO, or something like that, you should take CISSP, but you're looking for Pentesting, so focus in pentesting courses and learning *******

Notes:
Look for OSCP reviews, and don't forget to visit, and read fuzzysecurity and g0tm1lk's blogs, specially for Windows and Linux privs. escalation.
Practice with some vulns VM like, metasploitable, de-ice, kioptrix, and vulnhub's website.

I'll disagree with the CISSP thing. HC is starting their career and it may be beneficial to their career while in the military to pass the CISSP. I wouldn't underestimate what passing the cert (and a few others as listed in the original post) could help to promotion or increased responsibilities.

The CEH on the other hand I hear is a much more interesting situation. Some people hate it. Some people love it. Thats probably a personal decision.

K-9

HCPS123: After every certification, always look back over your list and reassess. It is ultimately your time, money, and choice. I changed my list a bit over time. Always look it over after every cert and decide for yourself.

TechGuru80

julioiglesiasp wrote: »

I'm an OSCP since 2016, and let me advise you (with all respect):

Sec+ = Completed

CCNENT = Completed

CCNA = Currently Studying for

CEH > Don't take, I see a lot of jobs opportunities telling you something like this: "OSCP & OSCE won’t hurt your chances, CEH might."

**** From this point, I don't see why to take all these exams:
CCNA:

CISSP

eJPT

eCPPT

***** Till here.... If you ask me why I don't recommend CISSP, the answer is: If you want to me a Security Manager or CISO, or something like that, you should take CISSP, but you're looking for Pentesting, so focus in pentesting courses and learning *******

Powershell > Pospose this to the future

Bash > Sure, and it's not that hard

Python > Sure, I recommend you SPSE from pentesteracademy, Vivek course, great course!!, but I passed the exam using the Kali scripts, and tools, and a lot of bash, when you take the PWK course, you'll learn some basis of python. But if you know programming, you'll not have troubles.

Assembly Language > Pospose this when you get the OSCP, and if you wan't to get OSCE (I'm on this right now)

Notes:
Look for OSCP reviews, and don't forget to visit, and read fuzzysecurity and g0tm1lk's blogs, specially for Windows and Linux privs. escalation.
Practice with some vulns VM like, metasploitable, de-ice, kioptrix, and vulnhub's website.

Best regards

If you are going to go red team, CCNA:Security probably isn't necessary. There is some good knowledge but honestly you will learn enough from a CCNA...a company isn't really going to have you looking at the tools covered in CCNA:Security, but they might have you look at firewall rules.

CEH is not going to "hurt you" in any way except paying the cost of the exam / materials. CEH still serves as a good starter certification for red team because it gives you broad exposure...with that being said, be prepared to continue onto higher level certifications (GPEN, OSCP, etc.) to get the big impact.

The CISSP is a great certification to have, but especially as a junior level pen tester you probably won't need it. As you become more senior you should have the knowledge to help organizations at a deeper level, but at the junior level you are going to be trying to find technical flaws.

Prior to CEH, learn bash and powershell at the same time. These can get complex but honestly you will get to an intermediate level pretty quick. Then after going through OSCP (or maybe before) start to learn Python. After OSCP, learn C and C++ so you can start to learn the exploit development side of things...you can also learn Assembly, especially if you are going to go for OSCE.