+ Reply to Thread
Results 1 to 7 of 7
  1. Junior Member ConflagrateCarl's Avatar
    Join Date
    May 2014
    Posts
    7

    Certifications
    CCNA Security, CCNA R&S, C|EH, CASP, Project+, L+, Sec+, N+, A+, LPIC-1, SUSE LPA, CNSS 4016-I Risk Analyst
    #1

    Default Another Pen Testing Thread...Really?

    Hello all,

    I have read through some of the other pen testing threads (I didn't have to go too far, the first page is literally full of them), and I guess I just wanted to get an idea of what people think in general about pen testing as it relates to the federal government or consulting part time.

    Here's what I am thinking. I just recently went to the CNSS 4016-I Risk Analyst course, and a lot of guys there were either full time validators for DoD or they were moving into pen testing. It would seem the appropriate path for me would be to move forward with OSCP for my own good, and also follow the respective branch/organization process for becoming a member of the red team, or other entity to test their networks. You can see my certs on the left...but I will list them below as well. Thank you "zaaa" for the format...I'm using it since I like the way it was laid out.

    My Experience:
    • 4 years of T1-T2 Helpdesk/Hardware support
    • 1 year of imaging and XP->7 migrations for an 8k+ machine environment
    • 3 years of Sys Admin experience / primarily Windows with a touch of Linux
    • 1 year as a CND Analyst (ArcSight, Sourcefire, Netscout, Wireshark, NetWitness)
    • 2 years as an IA policy geek
    • 2 years as a Network Admin in a primarily Cisco based environment
    My Education:
    • B.S. in Information Technology - Security
    • A.A.S. in Applied Computer Studies
    My Certs:
    • Comptia A+
    • CompTIA Net+
    • CompTIA Sec+
    • CompTIA Linux+
    • CompTIA Project+
    • Cisco CCNA
    • Cisco CCNA Security
    • LPI LPIC-1
    • EC-Council C|EH
    • CIW (Web Design Specialist, JavaScript Specialist, Database Design Specialist)
    • CNSS 4016-I Risk Analyst
    My Cert Plan:
    • OSCP

    I would say that's pretty much it. At this point, I think it's best to just get my hands on some sort of programming/scripting action...(python etc.), and go from there. That sound about right? I know that I will need a home lab and that's not a problem. I have a good bit of experience with tool suites like BackTrack...but my experience was more like 4-5 years ago when I was hardcore about InfoSec. Then I became a CND Analyst...got burnt out looking at packets all day and went back to IA and Compliance. Which is where I sit now. It's not that I don't like paperwork, because I do like to research and type; it's just that I don't like ONLY doing paperwork. I also want to retain technical skills and knowledge.

    Of course, I've been saying I need to figure out where I want to go with my career for 5 years now and I'm still not sure haha.
    Last edited by ConflagrateCarl; 03-24-2015 at 03:15 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #2
    If you're looking to get into penetration testing, then I would definitely go for it.
    You seem to have a solid background and would do well in the course.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  4. Junior Member ConflagrateCarl's Avatar
    Join Date
    May 2014
    Posts
    7

    Certifications
    CCNA Security, CCNA R&S, C|EH, CASP, Project+, L+, Sec+, N+, A+, LPIC-1, SUSE LPA, CNSS 4016-I Risk Analyst
    #3
    Quote Originally Posted by MrAgent View Post
    If you're looking to get into penetration testing, then I would definitely go for it.
    You seem to have a solid background and would do well in the course.
    Thanks for the response! I actually saw your blog in your sig and went and read through your whole OSCP writeup. Sickness...of the greatest kind haha. That is awesome man, you should be super proud of your accomplishment. Motivational beyond words, that's for sure.
    Reply With Quote Quote  

  5. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #4
    I am glad it helped! My career path may be changing and I may end up going for the OSCE instead of the CISSP this summer. If I manage to pass that beast, then I will feel really accomplished!
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #5
    Jason...I was actually thinking about finally taking the plunge and going for OSCE in Q3. Spending Q2 knocking out all of the PenTester academy and Corelan content I can get my hands on.

    What were you thinking for your start time?
    Reply With Quote Quote  

  7. Junior Member ConflagrateCarl's Avatar
    Join Date
    May 2014
    Posts
    7

    Certifications
    CCNA Security, CCNA R&S, C|EH, CASP, Project+, L+, Sec+, N+, A+, LPIC-1, SUSE LPA, CNSS 4016-I Risk Analyst
    #6
    Quote Originally Posted by NovaHax View Post
    Jason...I was actually thinking about finally taking the plunge and going for OSCE in Q3. Spending Q2 knocking out all of the PenTester academy and Corelan content I can get my hands on.

    What were you thinking for your start time?
    What in the heck NovaHax? First you come in and haxor my thread....psssh. Then you have to put all those certs on the left like anybody REALLY has all those. Haha. I'm just kidding...but holy cow, that's a lot of goodness there. You must have had a pretty darn good idea of what you wanted to do when you started because everything lines up with one simple concept. InfoSec to the extreme. Good stuff indeed. Guess I'm about a decade late, and a few thousand $$$ short. Haha. Cheers to you and Jason!
    Reply With Quote Quote  

  8. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #7
    If I do it it'll be in the summer.

    On topic.
    @OP do you think you will sign up for the OSCP? Let us know if you do.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks