Career training question...

scuby16m

As I made in a previous post, I have experience in the IT field for about 15 years. Mostly what I have done is server administration, lans/wans, etc.

Here is a schedule that I have put together for myself over the next few months. I'd truely like to change direction into the info security side with a "voice" minor.. haha. I am basically going to take the next half a year out of my life and get these done. Can I get thoughts? Is this the right direction? Any advice?


Sans 3/26 - 4/4 at Orlando 401 Security Essentials and Test for GSEC $3500

10 day Penetration Course 4/11 - 4/22 $4000
include testing for
CEH - Certified Ethical Hacker
CPT - Certified Penetration Tester
CEPT - Certified Expert Penetration Tester
ECSA - EC-Council Certified Security Analyst
LPT - Licensed Penetration Tester

Cissp Boot Camp Texas 5/1 - 5/7 and certify for CISSP $2,600

6/6 - 6/17 CCNA + Voice Bootcamp (ccprep.com) $6,000

dynamik

You're looking at that InfoSec Institute course? I want to take that so bad.

I'll tell you straight-up though, if you're even considering GSEC, you're not nearly where you need to be in order to take that. If you're looking for a good middle-ground, why don't you try the GPEN?

As I said in your other thread, you're kind of all over the place when looking at these certs. You need to take some time and decide which direction you want to go before proceeding.

scuby16m

Dynamik,

Thanks a ton for your reply. To answer your question... I'll be honest, I've been in the field long enough to realize that titles are not important. It is the knowledge and experience that is. I have a very broad knowledge in the industry, but would like to take the security side and become an expert in. I do have the capability of taking the 401 class from Sans, studying my brains out, and passing the GSEC test. I have looked at sample questions, and it does not seem to be a problem. However, I don't just want to "pass" the test, I'd like to make sure I understand the knowledge thoroughly. The Sans 401 will basically be like a refresher for me. I have decided to then take the infosec's 10 day penetration testing course. After that, I will take the Cissp boot camp, and them take the Cissp test. After I recover from all that studying, I'm going to take my CCNA + Voice. I know that the CCNA + Voice isn't totally related, but I know it won't hurt to have that additional knowledge. I would say that I am extremely interested in penetration testing. With the 10 day penetration course, they give me the option of taking the 5 tests.. I will study my brains off and want to kill myself, but I know I can get it done. After all, it is the ONLY thing that I will be doing for the next half a year probably.

• CEH - Certified Ethical Hacker
• CPT - Certified Penetration Tester
• CEPT - Certified Expert Penetration Tester
• ECSA - EC-Council Certified Security Analyst
• LPT - Licensed Penetration Tester

So at the end, I'm hoping to come out of this with the following:
GSEC / Cissp (which are basically the same, but the Cissp has more credibility behind it.

At least a few of the certs above that I listed with the penetration testing course

my CCNA + Voice.

I have looked at taking the CCNA + Security, but I honestly would enjoy the Voice training just to kinda dabble on that side of it a bit.

I know it sounds like alot, but I know I can get it done. I have taken multiple certifications in the past both actual training and self study (my MCSE NT and 2000 a couple years later, and also my pilots license I have a good ability to learn. I'm hoping to come out of this and hopefully find a good job as a penetration tester. My buddy who already works in the field totally enjoys what he does. With all this above, I'll actually hold a few more certs than he. He DOES have a computer science degree which I don't, but I also have 5 more years in the field...

Guess we'll wait and see what happens. I'm hoping to back this up by making a post in 6 months that I have accomplished all the above. Hopefully it won't be a post of me going insane

Thanks!

dynamik wrote: »

You're looking at that InfoSec Institute course? I want to take that so bad.

I'll tell you straight-up though, if you're even considering GSEC, you're not nearly where you need to be in order to take that. If you're looking for a good middle-ground, why don't you try the GPEN?

As I said in your other thread, you're kind of all over the place when looking at these certs. You need to take some time and decide which direction you want to go before proceeding.

dynamik

Sounds good. Definitely keep us posted on that InfoSec Institute course. Also be sure to check out eLearnSecurity : Penetration testing and IT Security courses and Online Information Security Training - BackTrack for other great penetration testing / ethical hacking courses. Good luck.

scuby16m

Thanks Dynamik,

Coincidently I just signed up for the elearningsecurity pro course. I paid the $600 and am waiting for the email from them so I can log in and start. I'm hoping this will give me a head start. I have literally STARED at this stuff all day long (certs, and so on). Please tell me if I'm thinking right.

Planning on doing this elearningsecurity pro, and getting their certification (which I'm assuming isn't worth anything?)

From there I'm going go take my CEH. From the looks of it, alot of it is the same material? Am I wrong?

Then end of the month to Orlando for the Sans 401 essentials class and will schedule my GSEC.

Then off to Sans for my Cissp. After looking at it all day today I think that may be a better direction to go.

I'm also looking at taking the Sans 504 Hacker Techniques, 560 Network Pen Testing, and 540 Webapp Pen Testing. I know it won't be a cheap journey.

Thoughts?

dynamik wrote: »

Sounds good. Definitely keep us posted on that InfoSec Institute course. Also be sure to check out eLearnSecurity : Penetration testing and IT Security courses and Online Information Security Training - BackTrack for other great penetration testing / ethical hacking courses. Good luck.

scuby16m

Here's an update. Passes my GSEC cert this morning. 5 hour test. Finished the 401 class. I'm halfway through the Sans network pen and signed up for sans web pen. Right after that I'll be taking the sans cissp boot camp. So far I'm on schedule. Will keep ya posted.

rogue2shadow

scuby16m wrote: »

Here's an update. Passes my GSEC cert this morning. 5 hour test. Finished the 401 class. I'm halfway through the Sans network pen and signed up for sans web pen. Right after that I'll be taking the sans cissp boot camp. So far I'm on schedule. Will keep ya posted.

Grats man. I just came from the 5 day CEH/CPT class and am working on the CPT Practical. The knowledge I gained from that course was above and beyond what was needed for the C|EH. It was definitely an eye opening experience and it enhanced my understanding of the "red" side of things from a physical standpoint.

I think as long as you have some baseline of Assembly, C, and Perl, the 10 day won't be too bad. It does wear on you after about day 3 though (having learned so much in such a short time ).

scuby16m

So here is an update...

I finished the Sans Web Penetration class.

Also finished the Network Penetration Class.

Landed a job making great money working with IDS systems for a federal contractor. The new job slowed up my progress with the CISSP studying. I took the InfoSec Institute course. I will be taking my CISSP exam within the next 3 weeks hopefully. Just thought I would post all of this for the simple reason that with alot of hard work, it pays off. I get about 2 calls a week for job offers. Pretty excited about the new challenge. Working with IDS systems is kinda the opposite of network penetration and web pen, but my goal is to get enough experience on the defensive side that it will make me stronger for the offensive side.