+ Reply to Thread
Results 1 to 18 of 18
  1. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    1,001

    Certifications
    Sec+, MTA, MCP
    #1

    Question Road-map to Success

    I am brainstorming my year plan to have my goals completed by this time next year or sooner. So far I have the following (I believe in planning for success because it keeps me focused on my goals)

    1. complete OSCP and get certified
    2. Complete CCNA and get certified
    3. Get new job working in infosec (entry level willing to start at the bottom)
    4. Move to a new city or stay where I am depending on job market
    5. Complete SSCP or GSEC certification
    6. Complete CISSP then get the experience needed to be fully certified

    A lot of people discourage people from taking the CISSP because you need a certain amount of experience to earn the CISSP.... which is fine. But for me I don't let that deter me. I can sit for the exam and pass and be an associate of ISC2 until I get the needed experience and receive endorsement. My goal is to be a pentester and prevent hackers from hacking into businesses, networks, and taking valuable information which is why CISSP will be essential for me... as well as CCNA.

    So by this time next year I plan to have more certs, in a different job, possibly in a different city.... and may have a girlfriend <3 if things between us go smoothly.... (I hope it does).

    I want to see how others plan for the future and do you all have different ways to plan your next endeavor, your next cert, your next degree etc... Or do you just "go for it"

    The reason why I chose to go for the hardest certs and hardest things to aim for.... When I was in middle school a math teacher once told me "You can get the hardest things figured out quickly, but you stumble on the easy stuff". Even today that still rings true for me...
    Reply With Quote Quote  

  2. SS
  3. Senior Member joshuamurphy75's Avatar
    Join Date
    Jul 2016
    Location
    Texas
    Posts
    132

    Certifications
    Adtran: ATSA x5, Cambium: ePMP, Cisco: CCENT CCNA, CompTIA: A+ Sec+ Linux+ Project+, LPI LPIC-1
    #2
    That's a lot for one year. Let us know how it goes.
    Reply With Quote Quote  

  4. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,273

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #3
    Quote Originally Posted by ITSpectre View Post
    My goal is to be a pentester and prevent hackers from hacking into businesses, networks, and taking valuable information
    For red teaming (pentester) OSCP is definitely the target. If you want to self study for some basics that can prepare you for that I would say C|EH. If you go the SANS route I would recommend GPEN.

    For blue teaming (defender) I would say GCIH.

    I don't see the point of CCNA in your case. Since you have Sec+ I think you should skip GSEC and go for one (or both) of the GIAC offerings mentioned above. Skip SSCP and go straight for CISSP after you have accomplished your other goals.
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  5. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    1,001

    Certifications
    Sec+, MTA, MCP
    #4
    Quote Originally Posted by E Double U View Post
    For red teaming (pentester) OSCP is definitely the target. If you want to self study for some basics that can prepare you for that I would say C|EH. If you go the SANS route I would recommend GPEN.

    For blue teaming (defender) I would say GCIH.

    I don't see the point of CCNA in your case. Since you have Sec+ I think you should skip GSEC and go for one (or both) of the GIAC offerings mentioned above. Skip SSCP and go straight for CISSP after you have accomplished your other goals.
    Thank you... I will skip the CCNA and go straight for the GIAC offerings. And i will skip SSCP and go for the CISSP
    Reply With Quote Quote  

  6. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,480

    Certifications
    GPEN, GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #5
    mmm, see if you invest the time and finish the OSCP, I'd try and get an entry level (or even non entry level) Pentesting job. Reason being, OSCP is hard and I see pentesting positions open for years on..having OSCP might be all you need to get your foot in the door!
    Goal: GCFA (DONE), GPEN (DONE)

    "Never stop learning and every time you are doing something mindless...you could be learning something new." Eric Conrad
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2016
    Posts
    1,816

    Certifications
    70-461 | ITIL OSA ST F | RMP | N+ | A+ | Project + | Server + | ISO 20000 F | ISO 20071 F | Prince 2 F
    #6
    1. complete OSCP and get certified

    That's enough to be successful........
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    635

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #7
    1 & 2 together, for someone new to both, is enough for a year.
    2018: CCIE Written (R/S) (done - Jan), CCIE R/S
    After that: MBA, OSCP
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    May 2016
    Posts
    1,816

    Certifications
    70-461 | ITIL OSA ST F | RMP | N+ | A+ | Project + | Server + | ISO 20000 F | ISO 20071 F | Prince 2 F
    #8
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.
    Reply With Quote Quote  

  10. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    1,001

    Certifications
    Sec+, MTA, MCP
    #9
    Quote Originally Posted by DatabaseHead View Post
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.
    My goal is under a year.... take 3 months to study hard non stop.... and a month of final prep... it should not take a year to do a certification.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    May 2016
    Posts
    1,816

    Certifications
    70-461 | ITIL OSA ST F | RMP | N+ | A+ | Project + | Server + | ISO 20000 F | ISO 20071 F | Prince 2 F
    #10
    Quote Originally Posted by ITSpectre View Post
    My goal is under a year.... take 3 months to study hard non stop.... and a month of final prep... it should not take a year to do a certification.
    Correct, if you want to power through and obtain a piece of paper........

    Might as well squeeze the CCIE in as well.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    May 2017
    Location
    Southeast
    Posts
    103
    #11
    Quote Originally Posted by DatabaseHead View Post
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.
    The OSCP I could see taking a year. The CCNA I think someone with no prior knowledge could obtain in about 4 months or less depending on how much they put in it. Now the CCNP would definitely take a year to obtain all 3 certs for it though.
    Reply With Quote Quote  

  13. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    1,001

    Certifications
    Sec+, MTA, MCP
    #12
    Yup..... But the OSCP to me is more then just a piece of paper... and you really can't power through it. if you do not take time to learn the material you WILL fail time and time again. You cannot remember OSCP questions because there are none... its more a hands on type of test.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2017
    Posts
    376
    #13
    The CISSP and OSCP are the only certs you should focus on in regard to your list. Doesn't make sense to get the GPEN if you have Security+.

    You should also be realistic in your goals. With little to no infosec experience they may take longer than you think.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    117

    Certifications
    OSCP, OSWP, CISSP, CCNA Cyber Ops, Sec+
    #14
    I like your plan on the CISSP, and achieving it will open doors. Don't forget that if you have work experience in any of the domains listed, you qualify. For instance, if you're dealing with accounts and passwords in what you do in IT...

    OSCP is the deep end. You're going to need to have working knowledge of LAN networking, firewalls, Linux, Windows, web server administration, etc. Don't shortcut anything there, or you'll drown during the exam when the lifelines and hints no longer exist. Not many experienced people will get this in 3 months, and most take 6+, I think. This might not open as many doors as you think if you have no prior IT/security experience, but you may get lucky, especially since you seem to be open to moving locales.

    Quote Originally Posted by ITSpectre View Post
    I want to see how others plan for the future and do you all have different ways to plan your next endeavor, your next cert, your next degree etc... Or do you just "go for it"
    I think everyone has different approaches. It should start out with a vision of what your goal is for a career, and then mapping out a) the certs/experience you need to pass HR and hiring filters, and b) the courses and things you need/want to learn, regardless whether you earn the actual cert at the end or not. Sometimes those overlap.

    Also, keeping in mind that sometimes you just need raw actual IT experience. This is why many entry level "how do I get into infosec" advice threads strongly suggest getting a help desk, SOC/NOC, or sysadmin type of job and build up some general IT experience while also learning and applying security concepts in relation to that.

    For me, I tend to take the above approach (big surprise there), but I also look at what my weaknesses are and try to address them with a plan of some sort. As a really big task, I've looked at everything you could do in infosec, categorizing and ranking those things for how much I'd love to do them for my work, and a general mapping of what to learn to "get there." That way when I'm "in a mood" to study or try something new, I'm not first spending hours wondering what to do; I instead can look at my priority list and pick something to play with.

    Infosec basically has a few certs at the low levels, a few good higher certs like OSCP and CISSP to achieve with experience, and then SANS when you or your team can afford it. You can also mix in various non-sec certs like Linux/MS/Cisco/VMware/AWS types of studies. But beyond that, you're left with lots of open-ended self-study and on-the-job learning tasks.
    Last edited by LonerVamp; 08-23-2017 at 03:40 PM.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  16. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    1,001

    Certifications
    Sec+, MTA, MCP
    #15
    Quote Originally Posted by LonerVamp View Post
    I like your plan on the CISSP, and achieving it will open doors. Don't forget that if you have work experience in any of the domains listed, you qualify. For instance, if you're dealing with accounts and passwords in what you do in IT...

    OSCP is the deep end. You're going to need to have working knowledge of LAN networking, firewalls, Linux, Windows, web server administration, etc. Don't shortcut anything there, or you'll drown during the exam when the lifelines and hints no longer exist. Not many experienced people will get this in 3 months, and most take 6+, I think. This might not open as many doors as you think if you have no prior IT/security experience, but you may get lucky, especially since you seem to be open to moving locales.



    I think everyone has different approaches. It should start out with a vision of what your goal is for a career, and then mapping out a) the certs/experience you need to pass HR and hiring filters, and b) the courses and things you need/want to learn, regardless whether you earn the actual cert at the end or not. Sometimes those overlap.

    Also, keeping in mind that sometimes you just need raw actual IT experience. This is why many entry level "how do I get into infosec" advice threads strongly suggest getting a help desk, SOC/NOC, or sysadmin type of job and build up some general IT experience while also learning and applying security concepts in relation to that.

    For me, I tend to take the above approach (big surprise there), but I also look at what my weaknesses are and try to address them with a plan of some sort. As a really big task, I've looked at everything you could do in infosec, categorizing and ranking those things for how much I'd love to do them for my work, and a general mapping of what to learn to "get there." That way when I'm "in a mood" to study or try something new, I'm not first spending hours wondering what to do; I instead can look at my priority list and pick something to play with.

    Infosec basically has a few certs at the low levels, a few good higher certs like OSCP and CISSP to achieve with experience, and then SANS when you or your team can afford it. You can also mix in various non-sec certs like Linux/MS/Cisco/VMware/AWS types of studies. But beyond that, you're left with lots of open-ended self-study and on-the-job learning tasks.
    Thanks for the insight!
    Reply With Quote Quote  

  17. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,273

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #16
    Quote Originally Posted by ITSec14 View Post
    Doesn't make sense to get the GPEN if you have Security+.
    How so?
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  18. There is no spoon. p@r0tuXus's Avatar
    Join Date
    Nov 2016
    Location
    KCMO
    Posts
    519

    Certifications
    ITIL-F, A+, S+, CCNA
    #17
    Quote Originally Posted by E Double U View Post
    How so?
    I believe ITsec meant GSEC, as was referenced in the OP's post.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Apr 2017
    Posts
    376
    #18
    Whoops! Yes, I meant GSEC! Definitely pursue GPEN lol

    My bad...I would also skip the SSCP.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks