Pentest career advise

Hi all, I apologize beforehand if this has been asked already.

Im starting my journey on the offensive security world and i would like to seek your advise regarding certifications that will help on skills/improve resume.I used to work as tech support for several companies, nothing very advanced, basic to mid support for servers and desktops.

I switched to project management for several years, so IT skills became rusty. Recently decided to learn more about info-sec, which has always draw my attention.My current job is still Project Manager for IT projects on my company, and until i can get more experience, its considered a secondary career for me.

I started acquiring the Network+, Linux essentials and Security+ certs and now i would like to pursue the next one. Ive heard a lot about CEH, EJPT, ECPPT. GPEN and OSPC for offensive security, but honestly i cant decide which will be better for me due to my limited experience. Ive heard really good things about OSCP but i dont think im ready to do that yet, so i need something that will prepare me and give me something close to real experience to get there. What would you guys recommend for someone on my level? EJPT, ECPPT, GPEN, CEH, or any other? Thanks in advance,J

Find more posts tagged with

Comments

H3||scr3am

DXX,

my take is that you have a great base of soft skills for pen test consulting. You've got some IT knowledge from your Tech support days (trouble shooting is invaluable in the IT field), and Project Management skills, managing time, and resources, to meet deadlines, and satisfy customer demands, and staying within scope, and customer relation skills from tech support, and project management. These are great soft skills to have and advertise in your resume.

In terms of next steps for you to look into, the Sec+ cert is a great first step, from there I'd suggest the GSEC if you can afford it or have it covered by your employer ($1K), and then go into the SSCP/CISSP route, based on the years of experience you have in IT, if you can support that you've done Security projects for at least 5 Years, then you should have the eligibilty requirements for the CISSP met, and I'd say skip the SSCP and go straight for it, but if you can't get the GSEC, and don't have the experience required for endorsement for the CISSP, I'd say get the SSCP then.

All of those certifications will help you build a base of common knowledge that you'll need before actually jumping into penetration testing, they'll cover ethics, points of weakness/exploitability, and common attacks and defense mechanisms. After you've gotten your SSCP/CISSP and/or GSEC, these will be great to put on your resume, they're used as keywords in many HR departments for Security candidates, and will help you out. (Others might be CISA, CISM, CEH, and more)

The elearnsecurity Pen Testing Student Edition is free for TE members,and I suggest you grab it while it is free! I'm going through it myself now and contemplating upgrading to the Full/Elite edition to get the cert, but they haven't actually released any details regarding the cert yet :S Furthermore, the elearnsecurity certifications aren't widely recognized or in demand yet, so they may have low Return on Investment for you.

CEH, is a good starting point, it'll teach you about the basic tools, and then test you on them, and it's an HR keyword in some cases/positions. But it is dated, and due for a revision, and they've added yearly fees to maintain it now, so it's not as appealing, but still looks great on linkedin/resume. GPEN is new, and gaining quite a lot of traction and is definitely a great investment, but it's also costly, again at $1K, and only lasts 4 Years and then needs $399 36 CPEs for renewal. This can get pricey to do on your own, but if your employer can pay for the examination fees, then go for them!

Overall, I'd suggest setting up your own vulnerability lab, and getting experience using Kali Linux and the tools like nmap, metasploit, wireshark, password crackers, etc. The number of tools are insane, and each is different, but getting as much exposure as you can to each of them may help you get your foot in the door. I'm hoping to get into Vulnerability assessments/Pen testing myself someday, best of luck!

Justin-

H3||scr3am wrote: »

DXX,

my take is that you have a great base of soft skills for pen test consulting. You've got some IT knowledge from your Tech support days (trouble shooting is invaluable in the IT field), and Project Management skills, managing time, and resources, to meet deadlines, and satisfy customer demands, and staying within scope, and customer relation skills from tech support, and project management. These are great soft skills to have and advertise in your resume.

In terms of next steps for you to look into, the Sec+ cert is a great first step, from there I'd suggest the GSEC if you can afford it or have it covered by your employer ($1K), and then go into the SSCP/CISSP route, based on the years of experience you have in IT, if you can support that you've done Security projects for at least 5 Years, then you should have the eligibilty requirements for the CISSP met, and I'd say skip the SSCP and go straight for it, but if you can't get the GSEC, and don't have the experience required for endorsement for the CISSP, I'd say get the SSCP then.

All of those certifications will help you build a base of common knowledge that you'll need before actually jumping into penetration testing, they'll cover ethics, points of weakness/exploitability, and common attacks and defense mechanisms. After you've gotten your SSCP/CISSP and/or GSEC, these will be great to put on your resume, they're used as keywords in many HR departments for Security candidates, and will help you out. (Others might be CISA, CISM, CEH, and more)

The elearnsecurity Pen Testing Student Edition is free for TE members,and I suggest you grab it while it is free! I'm going through it myself now and contemplating upgrading to the Full/Elite edition to get the cert, but they haven't actually released any details regarding the cert yet :S Furthermore, the elearnsecurity certifications aren't widely recognized or in demand yet, so they may have low Return on Investment for you.

CEH, is a good starting point, it'll teach you about the basic tools, and then test you on them, and it's an HR keyword in some cases/positions. But it is dated, and due for a revision, and they've added yearly fees to maintain it now, so it's not as appealing, but still looks great on linkedin/resume. GPEN is new, and gaining quite a lot of traction and is definitely a great investment, but it's also costly, again at $1K, and only lasts 4 Years and then needs $399 36 CPEs for renewal. This can get pricey to do on your own, but if your employer can pay for the examination fees, then go for them!

Overall, I'd suggest setting up your own vulnerability lab, and getting experience using Kali Linux and the tools like nmap, metasploit, wireshark, password crackers, etc. The number of tools are insane, and each is different, but getting as much exposure as you can to each of them may help you get your foot in the door. I'm hoping to get into Vulnerability assessments/Pen testing myself someday, best of luck!

Great post! I'm also looking to get into the IT Security side of things. Very detailed and thorough post, cheers.

mokaz

my two cents and if i'd restart my certs path all over i think i'd start with the hardest 1st (that might be different to everyone). so for me i'd go for OSCP 1st and following with a CISSP. The rest is not so relevant i think.. i've spotted a few interesting jobs asking for osstmm things, which does a few certs but there again it seems you could spend your life at doing certs -- so i'd go for big 1st if i've had another chance hehe... i did it the other way round though

DXX

Thank you very much for your reply H3||scr3am.

I already have Sec+ and sadly at this point my employer wont pay for any NON PM certs until next year, so i need to look for alternatives that will be cheaper, maybe 300-400 USD so i can pay for them myself and then wait until 2016.

Im sure i dont have 5 years on security projects. Ive worked on security projects since the past 2-3 years so im still getting more experience, but CISSP is one of my projects for the future for sure along with maybe CISA.Right now i would like to focus a bit more on offensive sec, specifically on Pentesting.

Ive taken some pentest courses, online, like hackingdojo.com and also read a couple of books about pentesting methodologies. I even started studying for CEH for a bit but decided to pause it until i figured out the correct path, but i feel there is a lof of theory. I bought a system and got Kali in there as well as some images i got from Vulnhub.com like De-ice and others to practice some of the things ive read, and get my hands on nmap, wireshark, nessus, metasploit, and variety of tool i read about.

I strongly feel that i need a structured way to study, but thats just me.

BTW thanks for the link on the elearningsecurity, ill start reading that.

If anyone has any more comments on the elearningsecurity certification i will greatly apprecite it. I would like to know if those are worth it from the knowledge/skill point of view rather than the industry recognition.Thanks J

jamesleecoleman

I went through the PTS (Pentesting Student) course without doing the labs and it was alright. Some of it was review while other information wasn't. The programming part was straight forward for me but I have to go study it more. I'm just waiting for the certification exam to come out so I can learn more about it before I take it. I took the PTPv2 course and certification and failed it but I did learn a few things from the course.

Have you looked at doing scripting and programming?

DXX

Yeah ive done some studyig, mostly CBT nuggets, Reading and practicing on Bash Scripting and Python, but on a basic level, nothing too advanced.

I will take a look at the free version and maybe invest in the elite versión now that the have the PTS v3 with 3 retakes.

NovaHax

If you are looking for something to prepare yourself for OSCP, I'd recommend going to eLearnSecurity route. Unlike GPEN or CEH, eLearnSec the course and testing is hands-on. I haven't taken any of their general pentesting courses, but I have taken two of their AppSec courses and they were both really solid.

H3||scr3am

Oh, also possibly consider the CASP, it is supposed to be between the Sec+ and the CISSP, but should be within that price range you're looking at.

zxshockaxz

I'll vouch for the PTPv3 course.
H3||scr3am really nailed it. It sounds to me like you've got a pretty great start on things. Since you're currently doing IT PM, start trying to persuade the team to put a stronger emphasis on security. Then you can add that as relevant security experience to your resume. Maybe pick up a Microsoft book or two and study them a little just to get the rust off.
Keep current with your security news. Krebsonsecurity and SANS NewsBites a great. I like to browse Exploit-DB frequently just to see whats new.

DXX

Thank you very much for the advises. I actually went ahead and got the PTSv3 Course since the elite version was $199. I do need to keep current with security news, so those site were very good. Thanks