Certification path advice ? pls i'm a newbie

Jay The HackerJay The Hacker Registered Users Posts: 8 ■□□□□□□□□□
hi
i'm an undergraduate student & i planning of going for IS security

i luv using ubuntu, php, javascript .
i don't feel like taking Microsoft or Cisco certificate paths.
what certification should i start with?

here is what i think of
Linux+/LPIC-1 >>> security+ >>> Then just straight to CEH ?
OR
any suggestion between security+ & CEH?
OR
If I go other paths, which paths should i take?

Comments

  • PsoasmanPsoasman Member Posts: 2,687 ■■■■■■■■■□
    I think you would be limiting yourself by not taking any Cisco or Microsoft certs. It helps to understand what and why networks work before you can secure them.
  • Jay The HackerJay The Hacker Registered Users Posts: 8 ■□□□□□□□□□
    hey thanks for the advice, Psoas.

    yeah i shouldn't limit myself. well, if i go for networking , i'm a bit into Linux (may be CCNA/RHCSA) i might learn new things. but no microsoft.

    i really like the GIAC certs too ><
    (GISF, GSEC & GWAPT)
    are they too expensive ??
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I think as long as you don't limit your studies you will be "fine". HOWEVER since the vast majority of jobs use MS or Cisco, your job prospects might not be as great if you limit yourself to doing LPIC and CEH. With that said:

    For a pentester, you need to have a wide variety of knowledge and skillsets. As a wannabe one day, I know that I may never get a MS cert but I will pick up the Windows Internals book and learn as much as I can. Why? Because being a pentester means knowing how your targets work and making them do what you want. That's why alot of people get some MS certs, Cisco certs and Linux certs before they get into the security specific certs. If you don't want to do that, then make sure you spend a lot of time in the lab studying and try to find a lucky break (like getting into a security operations center or a jr security analyst). Those jobs exist, but they are few of them.

    One thing I like to do is go onto sites like indeed and search for the jobs I want to do (in the future) and read the descriptions to see how I can acclimate myself when my time comes. Just a suggestion.

    Cert path:

    Pure security:
    2-4 year plan
    S+
    Elearnsecurity course - Student
    Maybe SSCP or GSEC
    Elearnsecurity course - Pro+ certification
    Offensive security certified professional
    GPEN - Challenge or take course
    GWAPT - Challenge or take course
    GWAN - Challenge or take course

    How far are you into your undergrad studies? You may want to work on this as you are finishing school so you gcan graduate ahead of your fellow students.

    During this time you will need to study Networking (storage, voip, routing and switching and wireless), xSQL, Microsoft and Linux heavily. You don't need to be an expert at everything but you need to know enough to know how to change your attacks for different environments. You will also want to study all of the common (and uncommon) tools CEH would cover. Also you would need to pick up some scripting skills and maybe some development skills. Python/Perl and Powershell would be good.

    Also learning the howtos of pentesting would be good. There are multiple frameworks out there that you can/should follow that help manage your pentest. I think the most important things you need is the desire to learn and the guts to try something different.
  • hiddenknight821hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□
    This thread said it all beautifully. I can't disagree since I don't have any valid argument. I'm still new to Information Security.
  • Jay The HackerJay The Hacker Registered Users Posts: 8 ■□□□□□□□□□
    hi thanks. i really appreciate for your suggestions (and your time , of cos)
    u really had made my visions wider. :D

    Now, I can see clearer that -

    1) there are 2 job roles in security, offensively (PTs) & defensively (audits & ISSOs)

    2) For getting into security fields, i need to have a sound understanding of networks (knowledge of a bit of every NOS), and for cyber security, some web languages.
  • Jay The HackerJay The Hacker Registered Users Posts: 8 ■□□□□□□□□□
    new plan again icon_cool.gif
    1) php & perl skills
    2) Security+
    3) CCNA
    4) eLearnSecurity: Student
    5) eCPPT

    if i interested in Offensive more at that time then
    6) GWAPT
    7) GAWN
    Defensive path
    6) GCIH
    7) CISM
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    new plan again icon_cool.gif
    1) php & perl skills
    2) Security+
    3) CCNA
    4) eLearnSecurity: Student
    5) eCPPT

    if i interested in Offensive more at that time then
    6) GWAPT
    7) GAWN
    Defensive path
    6) GCIH
    7) CISM

    Don't be afraid to mix some "offensive" and "defensive" together, They only compliment each other. Like I am interested in GPEN,GAWN,GCIA and GCFW. Python is a good language to learn as well.
Sign In or Register to comment.