Advice request on getting into InfoSec Pen Testing..

NullifyNullify ■□□□□□□□□□ Posts: 4Member ■□□□□□□□□□
Hello I am new to posting on the forums here.

All of you here on have been a big inspiration for me to actually figure out the technical career I want to end up in, rather than floating from call center to call center. As the subject suggests I want to Pen Test.

I have 6 years (total) troubleshooting experience for two different ISPs providing technical support for customers (callcenter) from various tiers of support in a Windows environment.

My current plan is this:

1) CCENT (90% ready) in Nov. 2009 - to get me into NOC for the current ISP I work for and to obtain Network Surveillance experience. My concern with this is that it is little to no physical experience with networking equipment, everything is done remotely. I still have concerns this would not help my career goals. Does NOC experience carry alot of weight in InfoSec?

2) Security+ by the end of 2009 - to begin InfoSec

3) Finishing out CCNA before June 2010

4) I am not sure where to go after that certification wise.. C|EH or Linux+ or LPI - 1.. maybe all of them?? How much actual overlap is there between Linux+ and LPI -1?

5) SSCP? - for more of the technical side of InfoSec

6) My eventual goal is to obtain the OSCP

The idea is to use CCNA to get into networking, which is going quite well. Then InfoSec certs to transition to where I really want to be. Is this a bad idea?

I have been digging through job search websites and talking to people at my current job to find some way into IT/InfoSec. Due to budgets being tight and my lack of experience (I assume) not much is coming from that.
ICND1 Prep 90%
ICND2 Prep 0%


  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAPosts: 5,735Member ■■■■■■■■■■

    Security Certifications - IT Certification Forums

    Your question has been most likely asked or answered on that area of the forums. :)
    Currently working on: Linux and Python
  • dynamikdynamik ■■■■■■■■□□ Posts: 12,314Banned ■■■■■■■■□□
    I think you're on the right track. If I were you, I'd focus on getting the CCNA, CCNA:S, and Security+, and then try to land a gig where you make use of that knowledge. The NOC knowledge certainly isn't going to hurt you. The more you know about TCP/IP, the better, IMO. I'm actually reading Routing TCP/IP Vol 1 and TCP/IP Illustrated Vol 1 at the moment because I'm not comfortable with my current level of knowledge in that area.

    You're going to absolutely want to be able to be functional from a Linux command-line. Whether you go after certs is up to you. Aside from the RCHE, the other Linux certs don't carry the same weight as comparable Microsoft, Cisco, etc. certs. I'm not saying don't do them; they do demonstrate that you have a certain level of Linux knowledge. Just don't expect a lot of people to stumble across your resume while searching for the Linux+.

    You're also going to want to start thinking about where you want to specialize. Are you going to be more of a general pen tester that does a little bit of everything? You're going want to add some Microsoft, SQL, etc. knowledge into the mix as well. Are you going to just focus on firewalls? Hell, you could just do social engineering and not even focus on the technical aspect of the job.

    SSCP is a good general security cert, but it doesn't have the recognition that the CISSP does, and you'll need a year of full-time security experience to drop the Associate designation. I think they give you a couple years to meet that requirement, but you might want to wait until you're actually doing security work.

    The CEH and OSCP are known in much smaller circles, although, those will likely be the circles you're interested in. I'm not saying don't do them, but don't make the mistake of thinking they'll be an easy ticket to a new job either. I'm going to do both, but mostly just to validate my knowledge. I'm more interested in the OSCP for the journey, not the actual title. The SANS GPEN seems to be the most well-respected pen testing cert out there. It'll set you back $3500, but there's only 618 of them in the world.

    For the time being, I'd just focus on the CCNA, CCNA:S, and Security+. Land a related position with those, and then reevaluate how you want to progress. Also, I wouldn't put a gap in your Cisco studies. Do the Security+ concurrently if you want to mix up your Cisco studies a bit, but don't take a few months off. Use it or lose it; it's frustrating getting back into it.

    Oh, and welcome to the forums!
  • NullifyNullify ■□□□□□□□□□ Posts: 4Member ■□□□□□□□□□
    Thank you both!

    I will go through the security forums in more depth. My search-fu is very weak on forums, however I may have just thought of a way around that.

    Great information. I will definately look at CCNA: Security. On the Linux front, I am actually on a copy of Eeebuntu right now. I am impressed with how easy some of the distrobutions of Linux are to use now. Linux has come a long way from Slackware and the first days of windowsX years ago. OSCP sounds like ALOT of fun to obtain. Don't get me wrong it sounds like alot of work as well, but I am looking forward to being ready to tackle that beast!

    Once again, thank you both for the advice.
    ICND1 Prep 90%
    ICND2 Prep 0%
Sign In or Register to comment.