A little advise required....
Chard26
Member Posts: 49 ■■□□□□□□□□
Hi Guys,
I have been given an awesome opportunity to basically "Carve out" my own career path. I work for a IT Support company based in the UK. My main role is 1st and 2nd line support for one of our clients. I have been doing this for a couple of months now but I have roughly a year of support experience. As I progress I am finding more time to study and I want to get into Penetration Testing, I have performed a couple of Port and Vulnerability scans on some of our clients (with their permission of course) and I have enjoyed what i have found out do far. I have been into security as a hobby for a couple of years now but not really concentrated on it enough to further my career.
My boss has given me the opportunity to get some Qualifications in the field. Now i have been reading about the quals you guys have been discussing on here and the forums below. Some of you guys say that CEH and LPT and EC-Council quals are not worth the paper they are printed on to get into the PenTesting field. So my question is would these quals be a good starting point to get where I want to be as i don't need find a job as I already have it, also I know my way round most tools that are covered in CEH and LPT. And would these provide a good "pre requisite" as it were for OSCP and OSCE ?
Thanks for reading this and i know this will have been answered before but I need clarification of weather these certs will be useful or not
Cheers
Chard
I have been given an awesome opportunity to basically "Carve out" my own career path. I work for a IT Support company based in the UK. My main role is 1st and 2nd line support for one of our clients. I have been doing this for a couple of months now but I have roughly a year of support experience. As I progress I am finding more time to study and I want to get into Penetration Testing, I have performed a couple of Port and Vulnerability scans on some of our clients (with their permission of course) and I have enjoyed what i have found out do far. I have been into security as a hobby for a couple of years now but not really concentrated on it enough to further my career.
My boss has given me the opportunity to get some Qualifications in the field. Now i have been reading about the quals you guys have been discussing on here and the forums below. Some of you guys say that CEH and LPT and EC-Council quals are not worth the paper they are printed on to get into the PenTesting field. So my question is would these quals be a good starting point to get where I want to be as i don't need find a job as I already have it, also I know my way round most tools that are covered in CEH and LPT. And would these provide a good "pre requisite" as it were for OSCP and OSCE ?
Thanks for reading this and i know this will have been answered before but I need clarification of weather these certs will be useful or not
Cheers
Chard
Comments
I have got some really good reading on the subject I am happy to share, here are the Amazon links to these books:
Amazon.com: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) (9781597496551): Patrick Engebretson: Books
Amazon.com: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice (9781597496537): Jason Andress: Books
Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (9781463762360): Darril Gibson: Books
I found these to be good reference, it seems almost anyone getting into security does at a minimum, the Comptia Security+ or may take the older Microsoft MCSA, or take the Cisco route. I beleive the certs you should take are those that are specific to your job role and the environment you intend to work in. That is perhaps quite obvious and maybe not that helpful, but I am also just starting out in the security arena and have a looooong way to go.
Also it is good to study some linux, most of the tools are in linux (sure there are tons in Windows and most of the tools that we use for the CEH training were in Windows environment.
It is your personal IPS to stop the attack.
I think my plan will be to get my CCNA first (I have completed the NetAcad training just need to do the exam), then move on to Sec+, then CEH v7 or 8 and ill look into doing GPEN and OSCP and see where i go from there.
@impelse I have basic Linux knowledge, I use Backtrack to practice with some of the tools i.e Aircrack, Metasploit, Hydra, JTR etc... I think i need to start picking up some Python and C++ aswell as from what i can tell most of the pentest tools are written in this.
Any good recommendations for self study on CEH ? I see that quinnyfly has posted a link for Sec+
Cheers
Chard
Amazon.com: CEH Certified Ethical Hacker All-in-One Exam Guide (9780071772297): Matt Walker: Books
Also, I don't know for sure, but I thought I read somewhere that you require two years of exp in a security environment for the CEHv7? Will have too check E-Council's website.
Its 5 years experience. 4 years experience if you have any of the qualifications listed on the ISC2's 1 year exemption list.