Certification Path Help (Penetration Tester End-Goal)

Good Morning Everyone,I am new to the IT field with only a year and half experience with some military training thrown in and I need help deciding what my path should look like for obtaining certifications. I am currently working as a Junior Network Engineer but my military training and passion lies in the infosec field. I am only 20 years old so that should speak as to what my experience level and financial status is. I currently have Sec+ but that is it. I am confident I could pass CEH with minimal studying but i do not yet have the required 2 years work experience for it. I know I could pass Net+ and A+ but they seem too low level to even matter. So my thought now is GSEC (Expensive) but it seems to focus on the material I want to go into. Also maybe LPI but I'm not sure if that is worthwhile either. So any recommendations on what path I should follow with the end goal being high-level pentesting certifications? Any help is appreciated. Thank you!

Find more posts tagged with

Comments

dpsmooth15

zasher wrote: »

Good Morning Everyone,I am new to the IT field with only a year and half experience with some military training thrown in and I need help deciding what my path should look like for obtaining certifications. I am currently working as a Junior Network Engineer but my military training and passion lies in the infosec field. I am only 20 years old so that should speak as to what my experience level and financial status is. I currently have Sec+ but that is it. I am confident I could pass CEH with minimal studying but i do not yet have the required 2 years work experience for it. I know I could pass Net+ and A+ but they seem too low level to even matter. So my thought now is GSEC (Expensive) but it seems to focus on the material I want to go into. Also maybe LPI but I'm not sure if that is worthwhile either. So any recommendations on what path I should follow with the end goal being high-level pentesting certifications? Any help is appreciated. Thank you!

I suggest you taking the CompTia Strata Exam to get those feet wet

NO that was a joke, in all seriousness….You can take the CEH without the 2 years work "experience".. come on young grass hopper. Dont just read the first sentence and X out the page. They have the iLearn course you can take for about 1600 that is the least expensive of the options. If you break it down -Voucher. The training is about 1K, read the forums, you can find a lot of answers ..also this question that was asked numerous times before
I am confident I could pass CEH with minimal studying
Over confident for a exam you have not studied one page about………..Man that easy Security+ exam really boosted the self-esteem.
To keep it short, take what you can afford...

zasher

Thank you for the fast reply! I should have definitely looked more into the CEH before posting that, my apologies. It was not my intention to come off as an arrogant prick though I definitely sounded like one! The reason I feel I'd be able to pass CEH isn't from the Sec+ exam, for my job in the military we had to take a 7 month course which was basically a CEH prep course lol

wes allen

You might look at OSCP, and/or the securitytube pentest academy.

Master Of Puppets

You are definitely on the right track with the junior net eng position. The best thing would be to make sure you get the most of your job - learn how networks work, get good with servers etc. - as a pen tester you are going to exploit them so a knowledge of how they operate is vital. The next step is learning how to code - scripting will be a must here. You will want to automate things. Pick up python and bash if you already haven't. Another lower level language like C will come useful after that.

I'm on board with wess - the OSCP is king here. All the skills mentioned materialize in this course/cert. Make sure you are comfortable with the prerequisites like linux, tcp/ip and writing some code(not mandatory but highly advisable) and go for it. This will probably be the closest thing you can have to a peak at what a pen tester does, including the report writing. Also, familiarize yourself with Metaspoloit, build a lab with VMs and pwn the s**t out of them.

I assume you know a thing or two about networking since you managed to land that job at 20. So if you are not that new to the game and have some of the skills I mentioned, maybe you can take a stab at entering the field earlier. You might get lucky. I'm your age and in infosec - very rare but not impossible.