GUIDE TO BECOMING A CERTIFIED SECURITY EXPERT

YinkaarYinkaar IIBAPosts: 5Member ■■□□□□□□□□
can anyone please guide on what to do to become a certified security expert?
from a non IT experience, what step and certification is the best route?
Also which of the training centers would you recommend?

Comments

  • beadsbeads Posts: 1,442Member ■■■■■■■■□□
    As a career InfoSec practitioner and overall generalist, let me assure you no such all encompassing guide exists as the field is broad enough and changes fast enough never to delude oneself that any of us are truly experts in the field on any topic, any given day. Many specialty books come in small 500-1000 page tomes these days.

    What you need to do is figure out or decide what it is you want to do within InfoSec be that: Incident response, disk forensics, telecom, GRC, audit, SoC, threat hunting, penetration testing, assessment, business continuity and disaster recover, I mean we have dozens of sub fields under the same umbrella. We cannot master them all but we do spend alot of time learning, labbing and honing our skills.

    Start small and grow into the field. Otherwise, your trying to boil the ocean.

    - b/eads
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIPosts: 363Admin Admin
    I think @beads is absolutely right here - there is no one-size-fits-all career track for IT security. Could you elaborate as to what you'd like to do in the field? I'd be happy to throw out some recommendations for a career path if you have something specific you're shooting for!
    Community Manager at Infosec!
    Who we are | What we do
  • YinkaarYinkaar IIBA Posts: 5Member ■■□□□□□□□□
    Thanks guys, i am looking at becoming a certified ethical hacker and then grow from there, so from my enquiries, i got the following steps:
    • CompTIA Fundamentals+ Exam
    • CompTIA A+ Exam
    • CompTIA Network+ Exam
    • CompTIA Security+ Exam
    • ITIL Foundation + Exam
    • CompTIA CySA + Exam
    • Certified Professional Ethical Hacker (CPEH) Exam with Free Retake
    • Any other specialist certification…. CDRE, CISSO, CSWAE, CPTE or CIHE +Exam With Free Retake
    Please advise if thats the way to go and how best to get in from a business data analyst industry
  • NetworkNewbNetworkNewb Posts: 3,263Member ■■■■■■■■■□
    Is this some weird bot? 
  • YinkaarYinkaar IIBA Posts: 5Member ■■□□□□□□□□
    I erroneously posted the messages several time. 
    I don’t understand what you meant by “weird bot”
  • NetworkNewbNetworkNewb Posts: 3,263Member ■■■■■■■■■□
    You posted the same message like 5 times in a row.  A couple in slightly different format.  All within the same minute.  Doesn’t seem like a person would usually do that.   I’m wrong apparently 👍
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIPosts: 363Admin Admin
    edited April 10
    Yinkaar said:
    Thanks guys, i am looking at becoming a certified ethical hacker and then grow from there, so from my enquiries, i got the following steps:
    • CompTIA Fundamentals+ Exam
    • CompTIA A+ Exam
    • CompTIA Network+ Exam
    • CompTIA Security+ Exam
    • ITIL Foundation + Exam
    • CompTIA CySA + Exam
    • Certified Professional Ethical Hacker (CPEH) Exam with Free Retake
    • Any other specialist certification…. CDRE, CISSO, CSWAE, CPTE or CIHE +Exam With Free Retake
    Please advise if thats the way to go and how best to get in from a business data analyst industry
    I don't think the CompTIA Fundamentals+ exam is really necessary unless you're coming from a background of zero technical knowledge. The A+ would be a great place to start, followed by the Network+ and the Security+. At that point, it's up to you as to which direction you want to go. If you like CompTIA's format, there's nothing wrong with sticking with their pathway. The CySA+ will be more of a blue team (defensive) certification, so you'll learn more about how to keep systems secure. On the other hand, the Pentest+ is your red team (offensive) certification, so you'll learn how systems can be compromised, and how to search for those vulnerabilities.

    Paired with entry level IT experience, those certs should be enough to get you into an entry/mid-level cybersecurity role. If that's not where you want to stop, then you have some more options for higher learning. CompTIA's CASP+ cert is their top-level security cert, and will round out your blue team/red team knowledge even more. If you'd prefer to dive even deeper into penetration testing, the OSCP is a great cert for that. The reason I would choose this over the CEH as this point is because this exam involves actually pentesting an isolated network and preparing a pentest report, whereas the CEH is all about theoretical knowledge, making it a more entry level cert. At this point, you should have 3-5 years experience in cybersecurity, and you'll have very little trouble finding the job you want. 

    So, to summarize:

    1. A+, then Network+, then Security+
    2. CySA+(defensive) OR Pentest+(offensive) AND/OR CEH
    3. Casp+ AND/OR OSCP
    4. Whatever else you want

    This is totally just my opinion based on what I've seen in the market and what you told me you're interested in, so keep in mind that there are a TON of other options out there if you ever do change your mind. Anyone else, feel free to critique this cert path!

    Community Manager at Infosec!
    Who we are | What we do
  • YinkaarYinkaar IIBA Posts: 5Member ■■□□□□□□□□
     I sincerely appreciate your guide and i want the best possible smooth entry coming from a Data analyst role.
    Please can you suggest a good and reputable training center where i can train then write exams for certification? I am presently in London but will go for a commercial planning consulting in dubai come August.
    I also want to tow your advise.i.e: A+, Network+, security+, Pentest+, Casp+/OSCP.
    If I have minimum of 10 hours a week study, do you think i can achieve something tangible in the nearest weeks/months.
    I'm asking all this because i'm a lay man in this new journey i want to take.
    Your response is of great value to me. Thank you

  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIPosts: 363Admin Admin
    You're very welcome! So as for where to take your exams, they will generally all be taken through a global company called Pearson Vue. Here's a link to their testing center search site. I see they have some locations in London and Dubai, so you should be good on that front. To answer your other question, the A+, Network+, and Security+ should all go by pretty quickly if you're able to commit 10+ hours/week to them. The higher level exams might take a bit longer, as they'll go much more in-depth and cover quite a bit more material. It may be wise to just focus on one at a time and make incremental career steps towards that ethical hacking/penetration testing role, such as going from service desk to security admin to penetration tester. I will say that even with certifications, it may be tough to enter into a role like that with no direct IT experience.
    Community Manager at Infosec!
    Who we are | What we do
  • NetworkNewbNetworkNewb Posts: 3,263Member ■■■■■■■■■□
    edited April 10
    Personally if you are looking to becoming a "certified ethical hacker", assuming you mean a pen tester, I wouldn't get most of the certs... I would recommend first creating a lab and reading a couple books like the following: 

    https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking-ebook/dp/B00KME7GN8/ref=sr_1_2?keywords=pentesting&qid=1554923281&s=gateway&sr=8-2

    https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/ref=sr_1_3?keywords=web+application+hacker&qid=1554923439&s=gateway&sr=8-3

    Then:
    - Join some security/hacking groups in your area, look for them on MeetUp.   (Might want to do this right away too... Also,not sure if that website is a thing in Europe)
    - Try out some bug bounties.   Look at sites like BugCrowd or HackerOne
    - Then go after your OSCP

    Those entry level certs (A+, Net+, Sec+) are only good if you are looking for your first job in IT imo.  Certs are to just get past HR filters for the most part, look at the jobs you are wanting to get see if they list any of those. 

  • YinkaarYinkaar IIBA Posts: 5Member ■■□□□□□□□□
    Thank you All...I will revert on my progress or if i have more questions. Thank you again.
Sign In or Register to comment.