+ Reply to Thread
Results 1 to 18 of 18
  1. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #1

    Question Road-map to Success

    I am brainstorming my year plan to have my goals completed by this time next year or sooner. So far I have the following (I believe in planning for success because it keeps me focused on my goals)

    1. complete OSCP and get certified
    2. Complete CCNA and get certified
    3. Get new job working in infosec (entry level willing to start at the bottom)
    4. Move to a new city or stay where I am depending on job market
    5. Complete SSCP or GSEC certification
    6. Complete CISSP then get the experience needed to be fully certified

    A lot of people discourage people from taking the CISSP because you need a certain amount of experience to earn the CISSP.... which is fine. But for me I don't let that deter me. I can sit for the exam and pass and be an associate of ISC2 until I get the needed experience and receive endorsement. My goal is to be a pentester and prevent hackers from hacking into businesses, networks, and taking valuable information which is why CISSP will be essential for me... as well as CCNA.

    So by this time next year I plan to have more certs, in a different job, possibly in a different city.... and may have a girlfriend <3 if things between us go smoothly.... (I hope it does).

    I want to see how others plan for the future and do you all have different ways to plan your next endeavor, your next cert, your next degree etc... Or do you just "go for it"

    The reason why I chose to go for the hardest certs and hardest things to aim for.... When I was in middle school a math teacher once told me "You can get the hardest things figured out quickly, but you stumble on the easy stuff". Even today that still rings true for me...
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  2. SS -->
  3. Member joshuamurphy75's Avatar
    Join Date
    Jul 2016
    Location
    PalmView Texas
    Posts
    80

    Certifications
    Adtran: ATSA x5, Cambium: ePMP, Cisco: CCENT CCNA, CompTIA: A+ Sec+
    #2
    That's a lot for one year. Let us know how it goes.
    Reply With Quote Quote  

  4. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,147

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #3
    Quote Originally Posted by ITSpectre View Post
    My goal is to be a pentester and prevent hackers from hacking into businesses, networks, and taking valuable information
    For red teaming (pentester) OSCP is definitely the target. If you want to self study for some basics that can prepare you for that I would say C|EH. If you go the SANS route I would recommend GPEN.

    For blue teaming (defender) I would say GCIH.

    I don't see the point of CCNA in your case. Since you have Sec+ I think you should skip GSEC and go for one (or both) of the GIAC offerings mentioned above. Skip SSCP and go straight for CISSP after you have accomplished your other goals.
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  5. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #4
    Quote Originally Posted by E Double U View Post
    For red teaming (pentester) OSCP is definitely the target. If you want to self study for some basics that can prepare you for that I would say C|EH. If you go the SANS route I would recommend GPEN.

    For blue teaming (defender) I would say GCIH.

    I don't see the point of CCNA in your case. Since you have Sec+ I think you should skip GSEC and go for one (or both) of the GIAC offerings mentioned above. Skip SSCP and go straight for CISSP after you have accomplished your other goals.
    Thank you... I will skip the CCNA and go straight for the GIAC offerings. And i will skip SSCP and go for the CISSP
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  6. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,328

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #5
    mmm, see if you invest the time and finish the OSCP, I'd try and get an entry level (or even non entry level) Pentesting job. Reason being, OSCP is hard and I see pentesting positions open for years on..having OSCP might be all you need to get your foot in the door!
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2016
    Posts
    1,633

    Certifications
    70-461, ITIL V3 F, ITIL OSA, ITIL ST
    #6
    1. complete OSCP and get certified

    That's enough to be successful........
    Position: Data Junky
    Reformed Cert Addict.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    384

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #7
    1 & 2 together, for someone new to both, is enough for a year.
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    May 2016
    Posts
    1,633

    Certifications
    70-461, ITIL V3 F, ITIL OSA, ITIL ST
    #8
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.
    Position: Data Junky
    Reformed Cert Addict.
    Reply With Quote Quote  

  10. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #9
    Quote Originally Posted by DatabaseHead View Post
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.
    My goal is under a year.... take 3 months to study hard non stop.... and a month of final prep... it should not take a year to do a certification.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    May 2016
    Posts
    1,633

    Certifications
    70-461, ITIL V3 F, ITIL OSA, ITIL ST
    #10
    Quote Originally Posted by ITSpectre View Post
    My goal is under a year.... take 3 months to study hard non stop.... and a month of final prep... it should not take a year to do a certification.
    Correct, if you want to power through and obtain a piece of paper........

    Might as well squeeze the CCIE in as well.
    Position: Data Junky
    Reformed Cert Addict.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    May 2017
    Location
    Southeast
    Posts
    102
    #11
    Quote Originally Posted by DatabaseHead View Post
    I realize we are on a certification forum, but let's be honest. You bang out the CCNA or OSCP in one year you did well.
    The OSCP I could see taking a year. The CCNA I think someone with no prior knowledge could obtain in about 4 months or less depending on how much they put in it. Now the CCNP would definitely take a year to obtain all 3 certs for it though.
    Reply With Quote Quote  

  13. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #12
    Yup..... But the OSCP to me is more then just a piece of paper... and you really can't power through it. if you do not take time to learn the material you WILL fail time and time again. You cannot remember OSCP questions because there are none... its more a hands on type of test.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2017
    Posts
    303
    #13
    The CISSP and OSCP are the only certs you should focus on in regard to your list. Doesn't make sense to get the GPEN if you have Security+.

    You should also be realistic in your goals. With little to no infosec experience they may take longer than you think.
    Reply With Quote Quote  

  15. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #14
    I like your plan on the CISSP, and achieving it will open doors. Don't forget that if you have work experience in any of the domains listed, you qualify. For instance, if you're dealing with accounts and passwords in what you do in IT...

    OSCP is the deep end. You're going to need to have working knowledge of LAN networking, firewalls, Linux, Windows, web server administration, etc. Don't shortcut anything there, or you'll drown during the exam when the lifelines and hints no longer exist. Not many experienced people will get this in 3 months, and most take 6+, I think. This might not open as many doors as you think if you have no prior IT/security experience, but you may get lucky, especially since you seem to be open to moving locales.

    Quote Originally Posted by ITSpectre View Post
    I want to see how others plan for the future and do you all have different ways to plan your next endeavor, your next cert, your next degree etc... Or do you just "go for it"
    I think everyone has different approaches. It should start out with a vision of what your goal is for a career, and then mapping out a) the certs/experience you need to pass HR and hiring filters, and b) the courses and things you need/want to learn, regardless whether you earn the actual cert at the end or not. Sometimes those overlap.

    Also, keeping in mind that sometimes you just need raw actual IT experience. This is why many entry level "how do I get into infosec" advice threads strongly suggest getting a help desk, SOC/NOC, or sysadmin type of job and build up some general IT experience while also learning and applying security concepts in relation to that.

    For me, I tend to take the above approach (big surprise there), but I also look at what my weaknesses are and try to address them with a plan of some sort. As a really big task, I've looked at everything you could do in infosec, categorizing and ranking those things for how much I'd love to do them for my work, and a general mapping of what to learn to "get there." That way when I'm "in a mood" to study or try something new, I'm not first spending hours wondering what to do; I instead can look at my priority list and pick something to play with.

    Infosec basically has a few certs at the low levels, a few good higher certs like OSCP and CISSP to achieve with experience, and then SANS when you or your team can afford it. You can also mix in various non-sec certs like Linux/MS/Cisco/VMware/AWS types of studies. But beyond that, you're left with lots of open-ended self-study and on-the-job learning tasks.
    Last edited by LonerVamp; 08-23-2017 at 03:40 PM.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  16. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #15
    Quote Originally Posted by LonerVamp View Post
    I like your plan on the CISSP, and achieving it will open doors. Don't forget that if you have work experience in any of the domains listed, you qualify. For instance, if you're dealing with accounts and passwords in what you do in IT...

    OSCP is the deep end. You're going to need to have working knowledge of LAN networking, firewalls, Linux, Windows, web server administration, etc. Don't shortcut anything there, or you'll drown during the exam when the lifelines and hints no longer exist. Not many experienced people will get this in 3 months, and most take 6+, I think. This might not open as many doors as you think if you have no prior IT/security experience, but you may get lucky, especially since you seem to be open to moving locales.



    I think everyone has different approaches. It should start out with a vision of what your goal is for a career, and then mapping out a) the certs/experience you need to pass HR and hiring filters, and b) the courses and things you need/want to learn, regardless whether you earn the actual cert at the end or not. Sometimes those overlap.

    Also, keeping in mind that sometimes you just need raw actual IT experience. This is why many entry level "how do I get into infosec" advice threads strongly suggest getting a help desk, SOC/NOC, or sysadmin type of job and build up some general IT experience while also learning and applying security concepts in relation to that.

    For me, I tend to take the above approach (big surprise there), but I also look at what my weaknesses are and try to address them with a plan of some sort. As a really big task, I've looked at everything you could do in infosec, categorizing and ranking those things for how much I'd love to do them for my work, and a general mapping of what to learn to "get there." That way when I'm "in a mood" to study or try something new, I'm not first spending hours wondering what to do; I instead can look at my priority list and pick something to play with.

    Infosec basically has a few certs at the low levels, a few good higher certs like OSCP and CISSP to achieve with experience, and then SANS when you or your team can afford it. You can also mix in various non-sec certs like Linux/MS/Cisco/VMware/AWS types of studies. But beyond that, you're left with lots of open-ended self-study and on-the-job learning tasks.
    Thanks for the insight!
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  17. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,147

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #16
    Quote Originally Posted by ITSec14 View Post
    Doesn't make sense to get the GPEN if you have Security+.
    How so?
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  18. There is no spoon. p@r0tuXus's Avatar
    Join Date
    Nov 2016
    Location
    KCMO
    Posts
    517

    Certifications
    ITIL-F, A+, S+, CCNA
    #17
    Quote Originally Posted by E Double U View Post
    How so?
    I believe ITsec meant GSEC, as was referenced in the OP's post.

    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Apr 2017
    Posts
    303
    #18
    Whoops! Yes, I meant GSEC! Definitely pursue GPEN lol

    My bad...I would also skip the SSCP.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks