Road-map to Success

I am brainstorming my year plan to have my goals completed by this time next year or sooner. So far I have the following (I believe in planning for success because it keeps me focused on my goals)

1. complete OSCP and get certified
2. Complete CCNA and get certified
3. Get new job working in infosec (entry level willing to start at the bottom)
4. Move to a new city or stay where I am depending on job market
5. Complete SSCP or GSEC certification
6. Complete CISSP then get the experience needed to be fully certified

A lot of people discourage people from taking the CISSP because you need a certain amount of experience to earn the CISSP.... which is fine. But for me I don't let that deter me. I can sit for the exam and pass and be an associate of ISC2 until I get the needed experience and receive endorsement. My goal is to be a pentester and prevent hackers from hacking into businesses, networks, and taking valuable information which is why CISSP will be essential for me... as well as CCNA.

So by this time next year I plan to have more certs, in a different job, possibly in a different city.... and may have a girlfriend

if things between us go smoothly.... (I hope it does).

I want to see how others plan for the future and do you all have different ways to plan your next endeavor, your next cert, your next degree etc... Or do you just "go for it"

The reason why I chose to go for the hardest certs and hardest things to aim for.... When I was in middle school a math teacher once told me "You can get the hardest things figured out quickly, but you stumble on the easy stuff". Even today that still rings true for me...

Find more posts tagged with

Comments

joshuamurphy75

That's a lot for one year. Let us know how it goes.

E Double U

ITSpectre wrote: »

My goal is to be a pentester and prevent hackers from hacking into businesses, networks, and taking valuable information

For red teaming (pentester) OSCP is definitely the target. If you want to self study for some basics that can prepare you for that I would say C|EH. If you go the SANS route I would recommend GPEN.

For blue teaming (defender) I would say GCIH.

I don't see the point of CCNA in your case. Since you have Sec+ I think you should skip GSEC and go for one (or both) of the GIAC offerings mentioned above. Skip SSCP and go straight for CISSP after you have accomplished your other goals.

ITSpectre

E Double U wrote: »

For red teaming (pentester) OSCP is definitely the target. If you want to self study for some basics that can prepare you for that I would say C|EH. If you go the SANS route I would recommend GPEN.

For blue teaming (defender) I would say GCIH.

I don't see the point of CCNA in your case. Since you have Sec+ I think you should skip GSEC and go for one (or both) of the GIAC offerings mentioned above. Skip SSCP and go straight for CISSP after you have accomplished your other goals.

Thank you... I will skip the CCNA and go straight for the GIAC offerings. And i will skip SSCP and go for the CISSP

UnixGuy

mmm, see if you invest the time and finish the OSCP, I'd try and get an entry level (or even non entry level) Pentesting job. Reason being, OSCP is hard and I see pentesting positions open for years on..having OSCP might be all you need to get your foot in the door!

DatabaseHead

1. complete OSCP and get certified

That's enough to be successful........

EANx

1 & 2 together, for someone new to both, is enough for a year.

DatabaseHead

I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.

ITSpectre

DatabaseHead wrote: »

I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.

My goal is under a year.... take 3 months to study hard non stop.... and a month of final prep... it should not take a year to do a certification.

DatabaseHead

ITSpectre wrote: »

My goal is under a year.... take 3 months to study hard non stop.... and a month of final prep... it should not take a year to do a certification.

Correct, if you want to power through and obtain a piece of paper........

Might as well squeeze the CCIE in as well.

labscloud

DatabaseHead wrote: »

I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.

The OSCP I could see taking a year. The CCNA I think someone with no prior knowledge could obtain in about 4 months or less depending on how much they put in it. Now the CCNP would definitely take a year to obtain all 3 certs for it though.

ITSpectre

Yup..... But the OSCP to me is more then just a piece of paper... and you really can't power through it. if you do not take time to learn the material you WILL fail time and time again. You cannot remember OSCP questions because there are none... its more a hands on type of test.

ITSec14

The CISSP and OSCP are the only certs you should focus on in regard to your list. Doesn't make sense to get the GPEN if you have Security+.

You should also be realistic in your goals. With little to no infosec experience they may take longer than you think.

LonerVamp

I like your plan on the CISSP, and achieving it will open doors. Don't forget that if you have work experience in any of the domains listed, you qualify. For instance, if you're dealing with accounts and passwords in what you do in IT...

OSCP is the deep end. You're going to need to have working knowledge of LAN networking, firewalls, Linux, Windows, web server administration, etc. Don't shortcut anything there, or you'll drown during the exam when the lifelines and hints no longer exist. Not many experienced people will get this in 3 months, and most take 6+, I think. This might not open as many doors as you think if you have no prior IT/security experience, but you may get lucky, especially since you seem to be open to moving locales.

ITSpectre wrote: »

I want to see how others plan for the future and do you all have different ways to plan your next endeavor, your next cert, your next degree etc... Or do you just "go for it"

I think everyone has different approaches. It should start out with a vision of what your goal is for a career, and then mapping out a) the certs/experience you need to pass HR and hiring filters, and b) the courses and things you need/want to learn, regardless whether you earn the actual cert at the end or not. Sometimes those overlap.

Also, keeping in mind that sometimes you just need raw actual IT experience. This is why many entry level "how do I get into infosec" advice threads strongly suggest getting a help desk, SOC/NOC, or sysadmin type of job and build up some general IT experience while also learning and applying security concepts in relation to that.

For me, I tend to take the above approach (big surprise there), but I also look at what my weaknesses are and try to address them with a plan of some sort. As a really big task, I've looked at everything you could do in infosec, categorizing and ranking those things for how much I'd love to do them for my work, and a general mapping of what to learn to "get there." That way when I'm "in a mood" to study or try something new, I'm not first spending hours wondering what to do; I instead can look at my priority list and pick something to play with.

Infosec basically has a few certs at the low levels, a few good higher certs like OSCP and CISSP to achieve with experience, and then SANS when you or your team can afford it. You can also mix in various non-sec certs like Linux/MS/Cisco/VMware/AWS types of studies. But beyond that, you're left with lots of open-ended self-study and on-the-job learning tasks.

ITSpectre

LonerVamp wrote: »

I like your plan on the CISSP, and achieving it will open doors. Don't forget that if you have work experience in any of the domains listed, you qualify. For instance, if you're dealing with accounts and passwords in what you do in IT...

OSCP is the deep end. You're going to need to have working knowledge of LAN networking, firewalls, Linux, Windows, web server administration, etc. Don't shortcut anything there, or you'll drown during the exam when the lifelines and hints no longer exist. Not many experienced people will get this in 3 months, and most take 6+, I think. This might not open as many doors as you think if you have no prior IT/security experience, but you may get lucky, especially since you seem to be open to moving locales.

I think everyone has different approaches. It should start out with a vision of what your goal is for a career, and then mapping out a) the certs/experience you need to pass HR and hiring filters, and b) the courses and things you need/want to learn, regardless whether you earn the actual cert at the end or not. Sometimes those overlap.

Also, keeping in mind that sometimes you just need raw actual IT experience. This is why many entry level "how do I get into infosec" advice threads strongly suggest getting a help desk, SOC/NOC, or sysadmin type of job and build up some general IT experience while also learning and applying security concepts in relation to that.

For me, I tend to take the above approach (big surprise there), but I also look at what my weaknesses are and try to address them with a plan of some sort. As a really big task, I've looked at everything you could do in infosec, categorizing and ranking those things for how much I'd love to do them for my work, and a general mapping of what to learn to "get there." That way when I'm "in a mood" to study or try something new, I'm not first spending hours wondering what to do; I instead can look at my priority list and pick something to play with.

Infosec basically has a few certs at the low levels, a few good higher certs like OSCP and CISSP to achieve with experience, and then SANS when you or your team can afford it. You can also mix in various non-sec certs like Linux/MS/Cisco/VMware/AWS types of studies. But beyond that, you're left with lots of open-ended self-study and on-the-job learning tasks.

Thanks for the insight!

E Double U

ITSec14 wrote: »

Doesn't make sense to get the GPEN if you have Security+.

How so?

p@r0tuXus

E Double U wrote: »

How so?

I believe ITsec meant GSEC, as was referenced in the OP's post.

ITSec14

Whoops! Yes, I meant GSEC! Definitely pursue GPEN lol

My bad...I would also skip the SSCP.