Lack of resume experience, yet have the passion.
amodesto
Registered Users Posts: 3 ■□□□□□□□□□
Short background, I've been doing jack of all trade system / network administration for the past 8-10 years with smaller companies and have just started doing some Cisco VOIP work for a larger one. I cannot seem to break down the wall into a full on Infosec role. I currently have my Security+, CCNA R&S, CCNA Security. I am sitting the CEH at the end of this month mainly because I already paid for it and rescheduled it before my CCNA, so I have to knock it out in the next 5 months.
Currently I'm purchasing a new server for home to load OS's so that I can pen-test on my lab while I'm on the road, as well as learning python to use that as a spring board deeper into other languages. Was looking at spending the next year reading and rebuilding my IT background from the ground up to fill in the holes as well as broaden my knowledge.
I've already been told by another local CISSP that I have the work experience to qualify if I should take it. So I guess the question is, even with not being in a direct security role at the moment, would it look bad if I was to knock out my CISSP or CCNP: Security? I'm going to be learning and doing lab work on both of those in my pursuit of knowledge anyway. My main goal overall is to get myself to the point where I can knock out the OSCP no problem, which at that point I will have back filled all of the gaps in my knowledge to the point where I can stay on top of it and keep pushing myself further and deeper.
Currently I'm purchasing a new server for home to load OS's so that I can pen-test on my lab while I'm on the road, as well as learning python to use that as a spring board deeper into other languages. Was looking at spending the next year reading and rebuilding my IT background from the ground up to fill in the holes as well as broaden my knowledge.
I've already been told by another local CISSP that I have the work experience to qualify if I should take it. So I guess the question is, even with not being in a direct security role at the moment, would it look bad if I was to knock out my CISSP or CCNP: Security? I'm going to be learning and doing lab work on both of those in my pursuit of knowledge anyway. My main goal overall is to get myself to the point where I can knock out the OSCP no problem, which at that point I will have back filled all of the gaps in my knowledge to the point where I can stay on top of it and keep pushing myself further and deeper.
Comments
-
jasong318
Member Posts: 102
Why would it look bad? If you feel like you're ready for them, go for it. Assuming you pass and keep up with your CPE's and re-cert, those will be on your resume long after you've landed the job you want. And a lot of getting into infosec (at least where I live) is about who you know as much as how well you can perform the job. Try looking for local OWASP, ISACA, or DC groups in your area and network with them. Here's a good article I recommend to those trying to enter the field. And if you want to knock out the OSCP, great, study up on assembly and keep at your labs and python work!
-
amodesto
Registered Users Posts: 3 ■□□□□□□□□□
Thank you Jason, the only real reason I was worried was since I didn't have the resume "titles" of full blown infosec I didn't want jobs to be turned off thinking I was over qualified without the experience and shoot me down before I even got in the door. Guess that is my biggest worry.
Also in response to the_hutch. I never said it would be easy, all certs are difficult since they test you on everything within it, and every thing that you do daily may not be the way they want them in theory. However I'm also not one to try and study to pass a cert. I lab / read / learn the basics all the way through the advanced so that I know it from a book sense and a real world sense and can apply it to future jobs / daily activities. Even then considering the way the bootcamp / lab setup is for most exams, as well as the OSCP if you can knock it out between 30-90 days with their labs, my spending much longer then that learning and understanding it down to a fundamental level. As well as having my own test lab to test on for the next year is where I say "no problem" not easy. -
the_hutch
Banned Posts: 827
Also in response to the_hutch. I never said it would be easy, all certs are difficult since they test you on everything within it, and every thing that you do daily may not be the way they want them in theory. However I'm also not one to try and study to pass a cert. I lab / read / learn the basics all the way through the advanced so that I know it from a book sense and a real world sense and can apply it to future jobs / daily activities. Even then considering the way the bootcamp / lab setup is for most exams, as well as the OSCP if you can knock it out between 30-90 days with their labs, my spending much longer then that learning and understanding it down to a fundamental level. As well as having my own test lab to test on for the next year is where I say "no problem" not easy.
I meant no offense. But being currently enrolled in the OSCP course, I was just amused by the phrase "no problem." I have years of professional experience in vulnerability management, intrusion detection and penetration testing. And I still consider it to be an extremely challenging course. That being said, I think that your approach of building a fundamental understanding is very important. And I think CISSP is a good way to do this, and an excellent investment in your career. Good luck on your journey friend.