After Security +

What would be the best security certification after the Security Plus exam, I'm leaning towards trying to do some pen testing that's the field that I want to move into, I'm just trying to find the best route to get me towards that after the security exam?

Find more posts tagged with

Comments

SteveLavoie

I think that there is 2 type of cert... or 2 reason to do certs. 1st the one needed to get the foot in the door like A+, and the other that you pursue to show your interest/expertise for a field. Now with A+, Network+, Sec+, if you want to go into pen testing, then pursue certs like EJPT, OSCP .... Try the new Comptia Pen Test+ for 50$, expect to fail, but it is a good learning experience.

After you have done the required certs like A+.... don't do certs if you dont like the subject. It won't help you.

636-555-3226

Ah, everybody wants to be a pentester! I'd try out CompTIA's Pentest+ but you likely won't find many study materials. eLearnSecurity is likely your best bet at this point. Start there then try out Pentest+ then OSCP.

Don't forget - after you hack into my company, I'm going to ask you how the heck to patch the holes you found. Knowing how to break something is only half the battle - if you're working for the good guys you're going to need to know how to fix those things, too. And just telling people to "patch your stuff" doesn't work in a large corporate environment (where you'll be doing most of your testing). Lots of layers there you'll need to be able to relate to.....

McxRisley

636-555-3226 wrote: »

Ah, everybody wants to be a pentester!

Don't forget - after you hack into my company, I'm going to ask you how the heck to patch the holes you found. Knowing how to break something is only half the battle - if you're working for the good guys you're going to need to know how to fix those things, too. And just telling people to "patch your stuff" doesn't work in a large corporate environment (where you'll be doing most of your testing). Lots of layers there you'll need to be able to relate to.....

This x1000. Perhaps I need to make a post titled "So you wana be a pentester huh?" to enlighten some of the hopefuls here. People need to realize what all actually is involved in pentesting. The cool stuff that you see at cons and in podcasts...... yeah you can forget about that and start thinking REALLY REALLY REALLY hard about how much you like documentation because pentesting is really only around 10%-15% pentesting and the rest is a massive never ending mountain of paperwork. Prime example of why most wont make it or never follow through with pentesting, the report that is OPTIONAL for PWK....just read through the countless wrtieups and reviews and count just how many of them actually did both reports. I think you will find that number to be very small. That report is as simple and watered down as it gets for a pentest report and it is in no shape or form anything that I would consider acceptable to hand over to a client after a test. That being said, I realize that the report is just there to familiarize students with the entire pentesting process BUT you better be loving it the whole time you are writing it or else that is a very good sign that pentesting is not for you. Sure you'll get to "pwn some noob companies network" BUT it won't be as glamorous as you think. Yes, there are those tests that are fun and you will see and learn some "neat" stuff but that's rarely the case.

nisti2

After Sec+ you can apply for the Cisco Scholarship to get CCNA Cyber Ops for Free. (That's what I'm doing).

someperson49

Is the Cisco Scholarship still available, do you have a link ?

nisti2

Hi @someperson49,
Just register and follow the steps so you can be in the Cohort6:

https://mkto.cisco.com/security-scholarship

Regards,