A little advise required....
Chard26
Member Posts: 49 ■■□□□□□□□□
Hi Guys,
I have been given an awesome opportunity to basically "Carve out" my own career path. I work for a IT Support company based in the UK. My main role is 1st and 2nd line support for one of our clients. I have been doing this for a couple of months now but I have roughly a year of support experience. As I progress I am finding more time to study and I want to get into Penetration Testing, I have performed a couple of Port and Vulnerability scans on some of our clients (with their permission of course) and I have enjoyed what i have found out do far. I have been into security as a hobby for a couple of years now but not really concentrated on it enough to further my career.
My boss has given me the opportunity to get some Qualifications in the field. Now i have been reading about the quals you guys have been discussing on here and the forums below. Some of you guys say that CEH and LPT and EC-Council quals are not worth the paper they are printed on to get into the PenTesting field. So my question is would these quals be a good starting point to get where I want to be as i don't need find a job as I already have it, also I know my way round most tools that are covered in CEH and LPT. And would these provide a good "pre requisite" as it were for OSCP and OSCE ?
Thanks for reading this and i know this will have been answered before but I need clarification of weather these certs will be useful or not
Cheers
Chard
I have been given an awesome opportunity to basically "Carve out" my own career path. I work for a IT Support company based in the UK. My main role is 1st and 2nd line support for one of our clients. I have been doing this for a couple of months now but I have roughly a year of support experience. As I progress I am finding more time to study and I want to get into Penetration Testing, I have performed a couple of Port and Vulnerability scans on some of our clients (with their permission of course) and I have enjoyed what i have found out do far. I have been into security as a hobby for a couple of years now but not really concentrated on it enough to further my career.
My boss has given me the opportunity to get some Qualifications in the field. Now i have been reading about the quals you guys have been discussing on here and the forums below. Some of you guys say that CEH and LPT and EC-Council quals are not worth the paper they are printed on to get into the PenTesting field. So my question is would these quals be a good starting point to get where I want to be as i don't need find a job as I already have it, also I know my way round most tools that are covered in CEH and LPT. And would these provide a good "pre requisite" as it were for OSCP and OSCE ?
Thanks for reading this and i know this will have been answered before but I need clarification of weather these certs will be useful or not
Cheers
Chard
Comments
-
quinnyfly
Member Posts: 243 ■■■□□□□□□□
Why not start with the Security+, advance that with other certs after you get a taste of it. Unfortunately secuirty is not just about pen testing, its a whole realm within itself, and from what I have found out, the CISSP covers the 10 domains of secuirty, but you need 10 years of experience. The SSCP is available but you can get the Associate and require at least 1 yr of experience in a secuirty field to get the full credential. The CEH is two years of experience (last I read), because I am the same as you, I serioulsy dig security and want to get into pen testing also.
I have got some really good reading on the subject I am happy to share, here are the Amazon links to these books:
Amazon.com: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) (9781597496551): Patrick Engebretson: Books
Amazon.com: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice (9781597496537): Jason Andress: Books
Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (9781463762360): Darril Gibson: Books
I found these to be good reference, it seems almost anyone getting into security does at a minimum, the Comptia Security+ or may take the older Microsoft MCSA, or take the Cisco route. I beleive the certs you should take are those that are specific to your job role and the environment you intend to work in. That is perhaps quite obvious and maybe not that helpful, but I am also just starting out in the security arena and have a looooong way to go.The Wings of Technology -
impelse
Member Posts: 1,237 ■■■■□□□□□□
Just begin with something. In my case Security+ and CCNA:S helped me a lot, now I just finish the training for CEH (I did not attempt the exam yet), One week ago I begin the OSCP and it is good, but I notice that the previous knowledge is helping me.
Also it is good to study some linux, most of the tools are in linux (sure there are tons in Windows and most of the tools that we use for the CEH training were in Windows environment.Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
Chard26
Member Posts: 49 ■■□□□□□□□□
Thanks for the replies,
I think my plan will be to get my CCNA first (I have completed the NetAcad training just need to do the exam), then move on to Sec+, then CEH v7 or 8 and ill look into doing GPEN and OSCP and see where i go from there.
@impelse I have basic Linux knowledge, I use Backtrack to practice with some of the tools i.e Aircrack, Metasploit, Hydra, JTR etc... I think i need to start picking up some Python and C++ aswell as from what i can tell most of the pentest tools are written in this.
Any good recommendations for self study on CEH ? I see that quinnyfly has posted a link for Sec+
Cheers
Chard -
quinnyfly
Member Posts: 243 ■■■□□□□□□□
I have jumped way ahead of the cue in purchasing a very highly rated CEH text book, it gets tremendous cred from Amazon reviews, I have had a look at it and like what I have seen so far, anyhow here is the link:
Amazon.com: CEH Certified Ethical Hacker All-in-One Exam Guide (9780071772297): Matt Walker: Books
Also, I don't know for sure, but I thought I read somewhere that you require two years of exp in a security environment for the CEHv7? Will have too check E-Council's website.The Wings of Technology -
the_hutch
Banned Posts: 827
the CISSP covers the 10 domains of secuirty, but you need 10 years of experience.
Its 5 years experience. 4 years experience if you have any of the qualifications listed on the ISC2's 1 year exemption list.