Penetration Testing/Consultancy roadmap?

So I'm aspiring to become a Penetration Tester | Security Consultant..

For a few weeks I've been self studying for the CCNA R&S | Security.. I'm hoping to have the both of these knocked out late October

Lately though, I've been curious as to what certifications I should pursue after this (I like to have a solid path for what I should do for an entire academic year (September - July)

Does anyone have any good ideas as to what certifications I should knock off once I have completed my CCNA R&S | Security?

Thanks,
Mike

Find more posts tagged with

Comments

MSP-IT

I'd shoot for an OSCP/OSCE. I believe they are some of the best certifications for penetration testing due to their practical application nature.

Defiled

MSP-IT wrote: »

I'd shoot for an OSCP/OSCE. I believe they are some of the best certifications for penetration testing due to their practical application nature.

Thanks for the advice,

Regarding the OSCP, is there any resources out there? Or is the exam itself a practical exam (e.g. they give me a network and they want the security to be compromised in a given time)?

Master Of Puppets

One of the most important things is your experience. Are you in IT right now? How much experience do you have?

As far as the OSCP - you are right. They give you a lab book and videos but you have to do a lot of research by yourself. The exam is like the lab that you access to practice during the course - a network with vulnerable VMs.

Defiled

Master Of Puppets wrote: »

One of the most important things is your experience. Are you in IT right now? How much experience do you have?

As far as the OSCP - you are right. They give you a lab book and videos but you have to do a lot of research by yourself. The exam is like the lab that you access to practice during the course - a network with vulnerable VMs.

Thanks and nope, I'm not currently working in IT, however I'm at University studying an IT related degree (Computer Networking).

Would I also be correct in assuming the lab book/videos is given once you register for the exam, or are they something entirely different (e.g. purchasable from Amazon)

Master Of Puppets

Yes, they send you the materials after you sign up for the course. Also, a start date is scheduled.

You will probably need to get your foot in the door with IT as a whole first. Very few people start in infosec from the beginning because you usually just can't. How are you going to penetrate a network or a server of you don't know how they work? Work experience is very important so that you can build up on it and learn how to break stuff.

The usual way people do it is to get an IT job and progress further into security after that. There are hundreds of threads on the forum about this so you can do a search and see a discussion about pretty much everything. Of course if there is something more, I'm sure people here will be happy to help.

Defiled

Master Of Puppets wrote: »

Yes, they send you the materials after you sign up for the course. Also, a start date is scheduled.

You will probably need to get your foot in the door with IT as a whole first. Very few people start in infosec from the beginning because you usually just can't. How are you going to penetrate a network or a server of you don't know how they work? Work experience is very important so that you can build up on it and learn how to break stuff.

The usual way people do it is to get an IT job and progress further into security after that. There are hundreds of threads on the forum about this so you can do a search and see a discussion about pretty much everything. Of course if there is something more, I'm sure people here will be happy to help.

That was my first impression of the infosec field.. That it'd practically be impossible to enter to begin with.. I decided that after finishing University I'd probably apply for some roles within Networking (Network Support) and once I have a few years of commercial experience within Networking (2 or 3), then I could probably move to a Junior Penetration Tester, given that I'd have some knowledge of how networks operate within a business environment (It's all well and said having done it in a small lab environment, but a business isn't a lab). (I know a few local places offering a job very similar to this).. Their requirements being a CREST Certification, Security Clearance and some knowledge of C++, C#, .NET. Experience is a plus, though not mandatory

So I was thinking that I could try and mirror some of these requirements as a baseline for entry point (I wouldn't expect to graduate from University with high hopes of getting a graduate penetration tester position.. That's just delusional to say the least)

And once I have the position for a Junior Penetration Tester, then I could aim for higher certifications in the infosec field, such as the CISSP.