Advice for a beginner/noob

VagrantChordVagrantChord Registered Users Posts: 2 ■□□□□□□□□□
Hello everyone!

I've recently passed my Security+ after deciding to finally take the plunge into cyber-security. My best friend and I took the exam after a month of studying mostly the Darril Gibson materials, though I found the actual Security+ exam far more difficult than the study materials. I have professional experience in web design and administration; my work situation is complicated, and leaves me plenty of time for study.

What are some good next steps? I love the idea of eventually ending up in forensics or pen testing, but I understand it's a long road to get the required knowledge and experience. Are there other vendor-neutral certifications I should aim for, like Network+ or Server+ or something? Or should I start specializing in Microsoft or Linux systems?

Any guidance on next steps would really help me out! I tried to find posts here on this topic, but the best match I found was from ten years ago. I hope I'm not breaking any rules with this post- please let me know if I haven't done something right here.

Comments

  • mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
    Welcome to the forum! Take a look at the newly released Pentest+ from CompTIA. Build some labs at home and start learning Windows/Linux and networking. You don't need to get certified in everything, but the knowledge will help during interviews/and on the job.

    I would also suggest to start job hunting now as a Junior level SOC or even helpdesk. Some experience under your belt will make you progress a lot quicker to your end goal. Good luck.
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    Yes, go for the MCSA and focus on practical skills like Active Directory. Also, look at job boards and job descriptions so you are in touch with what employers are requesting for skills. Cheers and welcome to forums!
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Start by doing job board searches. See what certs are asked for in job descriptions that interest you. Personally I avoided help desk and Microsoft certs and it's worked out well for me so far. SOC role sounds like a good choice.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • N7ValiantN7Valiant Member Posts: 363 ■■■■□□□□□□
    I'm not sure Network+ would do much for you since Security+ is technically a higher level cert. I wouldn't put too much stock into vendor neutral certifications given that in my Help Desk job, none of my 3 certs(A+, Net+, Sec+) did a lot to help me with any of the work other than expose me to basic concepts. None of the material would help me understand why a Windows 8 machine was crashing repeatedly and had problems booting up. But actually studying for the first part of the MCSA Windows Server 2016 left me with a decent chunk of real practical knowledge of how to get started in installing and configuring, you guessed it, Windows Server 2016.

    I wouldn't try to look at certs as "this is what I need to pick up in order to get into Security" but more along the lines of "which cert will give me the knowledge and skills I need to take the next step up in my career?"

    I'm at Help Desk, and I'd like to do more work with servers, maybe work my way up to SysAdmin. Hence the MCSA.

    I too would like to be a pen tester at some point, but the lack of contribution to my current job from the certs I previously got was a wake up call that if I'm going to spend the time and money to get a cert, there should be immediate gains I can get from pursuing it.
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • scaredoftestsscaredoftests Mod Posts: 2,780 Mod
    Welcome to the forum! A great bunch of people here! icon_smile.gif
    Never let your fear decide your fate....
  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    If you're interested in penetration testing, a good place to start is at www.elearnsecurity.com and their Junior Penetration Tester (eJPT) course and certification.
  • H-bombH-bomb Member Posts: 129 ■■■□□□□□□□
    explore your options and find what interests you. Don’t let anyone on here tell you that you can’t do something or that you need (x) years experience before attempting certain exams.
  • renzoncruzrenzoncruz Member Posts: 14 ■■□□□□□□□□
    First thing to do is to find your REAL interest. Don't follow the trend, just focus on the activities that you are enjoying at. Are you more focus on the offensive side (Red Team) or you are enjoying dissecting every evidence and protecting the whole organization (blue team). There are lots of opportunity when it comes to Information Security. eJPT is really a good one for you to learn basic pentest concept with hands on exam for 299$. You may also consider the rising cert of Logical Operations (CFR) which was DOD approved where you will learn more of Incident Response side. It's up to you and you may take time also to visit free MOOC platform there like cybrary.it to grasp the different routes of infosec. Enjoy :)
Sign In or Register to comment.