Start Cert InfoSec (Pentesting)

Moe Joe · May 2015

Hey Everybody,,

I want to start a career in InfoSec, exactly in Penetration Testing, and I don't know what certification or curriculum to start with. I'm going through my Msc in IT degree- InfoSec track now with NO CERTIFICATION at all, and want to enhance it with a strong practical certifications.

I've reviewed few certificated like CEH , ECSA , GSEC and CPT but couldn't figure out what's the best one to start with.

Plz help!!

OM602 · May 2015

CEH - Not really technical, gives you a good foundation. Lots of HR folks love this cert
ECSA - not really familiar with, haven't seen that in job descriptions. Also from EC-council so a PITA to register the exam etc.
GSEC - If you can afford it a good choice. I would say the value is more in the SANS offered training than in the certificate
CPT - Not really in high demand

I would say that OSCP/E(E) are the most prestigious hacking cert, but that might be a bridge too far for now. OSCP is definitely a good choice if you want to learn alot of hands-on skills though, and not just memorize semi-random facts.

impelse · May 2015

Hold on, begin with the basis, I guess you are getting some networking and system classes, I would suggest make sure that foundation is strong, remember, security is not only know what it means in how to protect and to know what to recommend it is good to know how to build it before.

Then following tOM602 recommendation.

xXxKrisxXx · May 2015

I'll +1 what impulse said. I happen to be an example of someone who hopped straight into penetrating testing without having the core foundation of networking and system administration. Start with the basics before heading into the topic. You don't want to be in a meeting with CCNP/CCIE's telling them you've found flaws in their network infrastructure; you sit down with them looking at a basic network diagram and don't understand their setup.

When you're applying for a penetrating testing job, your employer will expect you to know the Networking/System Administration stuff. CCENT/CCNA or Network+ to help ground your networking knowledge (I need to do this as well).

Penetration testing related, people love seeing: GPEN,GXPN,OSCP,OSCE,GWAPT, and CEH

MrAgent · May 2015

I have a pretty strong back ground in systems administration etc, but not so much with the networking aspect. I do have a solid understanding, but my IT path did not lead me down the networking path. I wouldn't say that being a networking expert is required, but it will surely be helpful.

impelse · May 2015

That's depend, if you compare the OSCP certification probably it is not require, but when you are talking with networks where vlans, network firewalls, routers, vpn, wifi, etc are involved, yes, you really need to know networking, I am not saying expert, something like ccna r&s and ccna:s levels. Because in that moment when you are talking with them you can give them suggestions that the network guy knows make sense.

Moe Joe · May 2015

Actually I've started my path with the network basics, that I know it's really important for the InfoSec field as all, and PenTesting particularly. Even though you've made it clear to me: I guess I'll start with some network basics (most likley CCNA or CompTIA) then go through the OSCP.

I think that is not a bad start, due to budget issue :P

Thanks all !!

Start Cert InfoSec (Pentesting)

Comments