Security certifications to start with? (Some restrictions)

weenercowweenercow Member Posts: 7 ■□□□□□□□□□
Hey, I just registered here so Im a little new to the rules so please go ahead and tell me if I am breaking any. My dream is to become a Pentester, but Im too young to take many of the certifications because of the prerequisites such as 2 years of IT experience to take CEH. I did read the sticky thread about certifications about this/similar lines of work, but it the OP had more experience than me, and was obviously older than me. Another reason I did not post this in the sticky is because I was a little reluctant about reviving a thread that had no activity in a month, but I have no idea whether that is acceptable here or not.

So my questions are what certifications I can take, that require no previous IT jobs (If any). And if there are none, what should I start studying for, keeping in mind that I have having no certifications. I guess it would also be helpful to know what experience i have with computer security. The only programming language I currently know is C, but I am planning on learning more. I know a little bit about Web application security, but I know more network Pentesting. If you need to know any more of the experience I have with computers feel free to ask.

Comments

  • IvanjamIvanjam Member Posts: 978 ■■■■□□□□□□
    Hi and welcome to TE! As far as I know, you can revive any thread unless it is specifically locked by the admins. Regarding security certs, CompTIA Sec+ is probably your best bet as an entry-level, vendor-neutral cert. With that in mind, I would also encourage you to to learn and possibly get certified in the underlying areas you plan to pentest, ie networks (Comptia Net+, CCNA). You will certainly need Unix/Linux knowledge and the CompTIA Linux+ is a good start. The more experienced TE members will give you more information.
    Fall 2014: Start MA in Mathematics [X]
    Fall 2016: Start PhD in Mathematics [X]
  • weenercowweenercow Member Posts: 7 ■□□□□□□□□□
    Thanks for the help :). I have some experience with Linux, such as Ubuntu and Backtrack, but I am definitely not proficient so I will look into the CompTIA Linux+.
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    Welcome I'm new to this site as well and currently studying for my Comptia Security+ (SY0-301) Comptia certifications are a great foundation to have and hold a lot of weight in the real world as far as companies hiring Comptia Certified individuals. I am Comptia A+ Certified and decided I want to explore the computer/cyber security field.
    I am a Jack of all trades, Master of None
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Net+ and Sec+ would be good places for the general knowledge that is a key baseline to have. OSCP ( Offensive Security Certified Professional ) is something to look at for pentesting, also the SecurityTube certs - Welcome to SecurityTube.net . But, overall, a really good base knowledge is good to build first.
  • IvanjamIvanjam Member Posts: 978 ■■■■□□□□□□
    @danny069 - welcome to the TE forums! You seem to be off to a solid start so I wish you success. I would recommend TE's own Darril Gibson's Sec+ book for your Sec+ studies:

    Darril's book
    Fall 2014: Start MA in Mathematics [X]
    Fall 2016: Start PhD in Mathematics [X]
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Why do you want to become a pentester? A lot of people express their wish to become one but not always realize that it's less about the exploitation work / gaining shell and more about "tedious" documentation and scoping, depending on your role within a pentesting organization.

    Also, what aspects of security are you interested in? Web apps? Networking? Social engineering? Databases? All the above? How well do you know the platforms that you want to pentest against?
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • weenercowweenercow Member Posts: 7 ■□□□□□□□□□
    I understand that Pentesting is more about the documentation, but if I am unable to deal with that much documentation ect. I will still try to stay in the information security feild. Im more interested in networking and Social Engineering. Web apps and databases are not exactly what im focusing on right now, because I find that Im not interested in them right now. I have previously looked at the Offensive Security certifications but they are $700+, and I just spent all my money on my new rig, so I wont be able to afford those.
  • jasong318jasong318 Member Posts: 102
    If you want to do pentesting you're going to have to understand web apps and DB's, there's just know way around that. Not saying you need to be a developer but you need to understand what's going on behind the scenes. And documentation is a huge part of the job. Documentation and client meetings...

    Here's an article that provides some good tips on breaking into the field: Getting a Start in the Security Industry - SpiderLabs Anterior
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I like to point people to this post as I think he is definitely on point with the path he recommends.

    http://www.infiltrated.net/pentesting101.html

    You'll definitely want a strong foundation is some technology, especially one you use everyday. Thus, if you deal with desktops, get a desktop certification and then move on how to properly secure it. Networking? Get Network+ and CCNA, then begin work on how to secure those. Servers? RHCE or MCSE, then work on how to secure them. It's all about foundation, a solid foundation and you can job into a security role fairly easily with some experience. Good luck!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • weenercowweenercow Member Posts: 7 ■□□□□□□□□□
    Thanks guys, you have all been very helpful.
    Im going to start out with Security+, and i was wondering if this book would prepare me for the test:
    [h=1]CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide[/h]
  • illuminusilluminus Member Posts: 40 ■■■□□□□□□□
    You're going to want to get the updated version, SY0-301 Study Guide.
  • weenercowweenercow Member Posts: 7 ■□□□□□□□□□
    So i checked out the 301 version's reviews and a few of them said this did not fully prepare them for the test. Has anyone read this book and also had the same experience?
  • sratakhinsratakhin Member Posts: 818
    The test itself can be passed without reading the book. Most questions just test your common sense knowledge. However, Darril's book is interesting and it's more than enough to prepare you for the test. I read it for about two weeks and scored 850+ on the test.
  • VegasVegas Member Posts: 4 ■□□□□□□□□□
    I had the same problem in my class as well as everyone else using the passport security+301 book. We all preferred the hardback even if it does go into detail that is not really relevant. That's Mike Myers for ya.icon_lol.gif We are supposed to test tomorrow and Friday and can't, the servers are down for the test site.icon_cheers.gif Now that's ironic!
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    I want to say that you do not need to nessesarily go through the cert soup, as suggested. One thing you can do, that will save you some money, is learn a technology. For instatnce, instead of getting the L+, look at the objectives and learn those things. Net+ the same way, I would suggest getting the Sec+. If you can find the free MSFE videos, they will give you a good intro to metasploit. Then, when you can, I would look at the CEH and OSCP.
  • weenercowweenercow Member Posts: 7 ■□□□□□□□□□
    I am already pretty good with metasploit, but thats not what im interested in exactly. I dont like the idea of just typing in what payloads and exploits should be used, I would prefer to actually know the code that goes into executing these exploits and payloads and be able to execute them myself. Seph, are you suggesting that another thing I can do is learn what are on the exams, but not actually taking the certification exam so I can save money?
    I have really been thinking about if I truly want to be a pentester, and I came up with another career that I would like to be if pentesing didnt work out; Network Security Engineer. Im assuming the certifications would be the same, but if not, what path should I take in pentesting/network security engineering, learning wise, and what certifications I should have under my belt.
    This is a bit off topic, but is there anywhere I can learn specifics about the forum here? Such as what it means when a topic's box on the left hand side is red, instead of grey, ect.?
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Hmm, as far as understanding exploits, I would suggest 2 books, Grey Hat Hacking, and Hacking, the Art of Exploitation.

    Yes, that is what I am suggesting.

    You sound a lot like me Ween, for a network security engineer, you will want to look at your CCNA, CCNA Security, maybe some of the CCNP Security level information, but as a junior, I would wait on that and look at stuff like packet analysis, Snort experience, experience with different security appliances, for specifics, look at a few job postings, youll get an idea for what skills are desired. Go get them.
  • weenercowweenercow Member Posts: 7 ■□□□□□□□□□
    The idea of being a network security engineer seems to be growing on me. I am currently reading Hacking: The Art of Exploitation, and I feel as if it is very informative. Over the next year I am going to try to get these certifications, hoping that they will help me with Network Security Engineering.
    CompTIA Security+
    CompTIA Net+
    CompTIA Linux+
    CCNA Security as you suggested.
Sign In or Register to comment.