Home
Certification Preparation
Other Security Certifications
Security certifications to start with? (Some restrictions)
weenercow
Hey, I just registered here so Im a little new to the rules so please go ahead and tell me if I am breaking any. My dream is to become a Pentester, but Im too young to take many of the certifications because of the prerequisites such as 2 years of IT experience to take CEH. I did read the sticky thread about certifications about this/similar lines of work, but it the OP had more experience than me, and was obviously older than me. Another reason I did not post this in the sticky is because I was a little reluctant about reviving a thread that had no activity in a month, but I have no idea whether that is acceptable here or not.
So my questions are what certifications I can take, that require no previous IT jobs (If any). And if there are none, what should I start studying for, keeping in mind that I have having no certifications. I guess it would also be helpful to know what experience i have with computer security. The only programming language I currently know is C, but I am planning on learning more. I know a little bit about Web application security, but I know more network Pentesting. If you need to know any more of the experience I have with computers feel free to ask.
Find more posts tagged with
Comments
Ivanjam
Hi and welcome to TE! As far as I know, you can revive any thread unless it is specifically locked by the admins. Regarding security certs, CompTIA Sec+ is probably your best bet as an entry-level, vendor-neutral cert. With that in mind, I would also encourage you to to learn and possibly get certified in the underlying areas you plan to pentest, ie networks (Comptia Net+, CCNA). You will certainly need Unix/Linux knowledge and the CompTIA Linux+ is a good start. The more experienced TE members will give you more information.
weenercow
Thanks for the help
. I have some experience with Linux, such as Ubuntu and Backtrack, but I am definitely not proficient so I will look into the CompTIA Linux+.
danny069
Welcome I'm new to this site as well and currently studying for my Comptia Security+ (SY0-301) Comptia certifications are a great foundation to have and hold a lot of weight in the real world as far as companies hiring Comptia Certified individuals. I am Comptia A+ Certified and decided I want to explore the computer/cyber security field.
wes allen
Net+ and Sec+ would be good places for the general knowledge that is a key baseline to have. OSCP (
Offensive Security Certified Professional
) is something to look at for pentesting, also the SecurityTube certs -
Welcome to SecurityTube.net
. But, overall, a really good base knowledge is good to build first.
Ivanjam
@danny069
- welcome to the TE forums! You seem to be off to a solid start so I wish you success. I would recommend TE's own Darril Gibson's Sec+ book for your Sec+ studies:
Darril's book
docrice
Why do you want to become a pentester? A lot of people express their wish to become one but not always realize that it's less about the exploitation work / gaining shell and more about "tedious" documentation and scoping, depending on your role within a pentesting organization.
Also, what aspects of security are you interested in? Web apps? Networking? Social engineering? Databases? All the above? How well do you know the platforms that you want to pentest against?
weenercow
I understand that Pentesting is more about the documentation, but if I am unable to deal with that much documentation ect. I will still try to stay in the information security feild. Im more interested in networking and Social Engineering. Web apps and databases are not exactly what im focusing on right now, because I find that Im not interested in them right now. I have previously looked at the Offensive Security certifications but they are $700+, and I just spent all my money on my new rig, so I wont be able to afford those.
jasong318
If you want to do pentesting you're going to have to understand web apps and DB's, there's just know way around that. Not saying you need to be a developer but you need to understand what's going on behind the scenes. And documentation is a huge part of the job. Documentation and client meetings...
Here's an article that provides some good tips on breaking into the field:
Getting a Start in the Security Industry - SpiderLabs Anterior
the_Grinch
I like to point people to this post as I think he is definitely on point with the path he recommends.
http://www.infiltrated.net/pentesting101.html
You'll definitely want a strong foundation is some technology, especially one you use everyday. Thus, if you deal with desktops, get a desktop certification and then move on how to properly secure it. Networking? Get Network+ and CCNA, then begin work on how to secure those. Servers? RHCE or MCSE, then work on how to secure them. It's all about foundation, a solid foundation and you can job into a security role fairly easily with some experience. Good luck!
weenercow
Thanks guys, you have all been very helpful.
Im going to start out with Security+, and i was wondering if this book would prepare me for the test:
[h=1]
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide
[/h]
illuminus
You're going to want to get the updated version, SY0-301 Study Guide.
weenercow
So i checked out the 301 version's
reviews
and a few of them said this did not fully prepare them for the test. Has anyone read this book and also had the same experience?
sratakhin
The test itself can be passed without reading the book. Most questions just test your common sense knowledge. However, Darril's book is interesting and it's more than enough to prepare you for the test. I read it for about two weeks and scored 850+ on the test.
Vegas
I had the same problem in my class as well as everyone else using the passport security+301 book. We all preferred the hardback even if it does go into detail that is not really relevant. That's Mike Myers for ya.
We are supposed to test tomorrow and Friday and can't, the servers are down for the test site.
Now that's ironic!
SephStorm
I want to say that you do not need to nessesarily go through the cert soup, as suggested. One thing you can do, that will save you some money, is learn a technology. For instatnce, instead of getting the L+, look at the objectives and learn those things. Net+ the same way, I would suggest getting the Sec+. If you can find the free MSFE videos, they will give you a good intro to metasploit. Then, when you can, I would look at the CEH and OSCP.
weenercow
I
am already pretty good with metasploit, but thats not what im interested in exactly. I dont like the idea of just typing in what payloads and exploits should be used, I would prefer to actually know the code that goes into executing these exploits and payloads and be able to execute them myself. Seph, are you suggesting that another thing I can do is learn what are on the exams, but not actually taking the certification exam so I can save money?
I have really been thinking about if I truly want to be a pentester, and I came up with another career that I would like to be if pentesing didnt work out; Network Security Engineer. Im assuming the certifications would be the same, but if not, what path should I take in pentesting/network security engineering, learning wise, and what certifications I should have under my belt.
This is a bit off topic, but is there anywhere I can learn specifics about the forum here? Such as what it means when a topic's box on the left hand side is red, instead of grey, ect.?
SephStorm
Hmm, as far as understanding exploits, I would suggest 2 books, Grey Hat Hacking, and Hacking, the Art of Exploitation.
Yes, that is what I am suggesting.
You sound a lot like me Ween, for a network security engineer, you will want to look at your CCNA, CCNA Security, maybe some of the CCNP Security level information, but as a junior, I would wait on that and look at stuff like packet analysis, Snort experience, experience with different security appliances, for specifics, look at a few job postings, youll get an idea for what skills are desired. Go get them.
weenercow
The idea of being a network security engineer seems to be growing on me. I am currently reading Hacking: The Art of Exploitation, and I feel as if it is very informative. Over the next year I am going to try to get these certifications, hoping that they will help me with Network Security Engineering.
CompTIA Security+
CompTIA Net+
CompTIA Linux+
CCNA Security as you suggested.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
