+ Reply to Thread
Results 1 to 6 of 6
  1. Member
    Join Date
    Nov 2011
    Location
    UK
    Posts
    49
    #1

    Default A little advise required....

    Hi Guys,

    I have been given an awesome opportunity to basically "Carve out" my own career path. I work for a IT Support company based in the UK. My main role is 1st and 2nd line support for one of our clients. I have been doing this for a couple of months now but I have roughly a year of support experience. As I progress I am finding more time to study and I want to get into Penetration Testing, I have performed a couple of Port and Vulnerability scans on some of our clients (with their permission of course) and I have enjoyed what i have found out do far. I have been into security as a hobby for a couple of years now but not really concentrated on it enough to further my career.

    My boss has given me the opportunity to get some Qualifications in the field. Now i have been reading about the quals you guys have been discussing on here and the forums below. Some of you guys say that CEH and LPT and EC-Council quals are not worth the paper they are printed on to get into the PenTesting field. So my question is would these quals be a good starting point to get where I want to be as i don't need find a job as I already have it, also I know my way round most tools that are covered in CEH and LPT. And would these provide a good "pre requisite" as it were for OSCP and OSCE ?


    Thanks for reading this and i know this will have been answered before but I need clarification of weather these certs will be useful or not


    Cheers
    Chard
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member quinnyfly's Avatar
    Join Date
    Mar 2008
    Location
    Brisbane, Australia
    Posts
    239

    Certifications
    A+, Network+, Security+ ce, Server+, CIW - Network Technology Associate, CIW - Web Security Professional
    #2
    Why not start with the Security+, advance that with other certs after you get a taste of it. Unfortunately secuirty is not just about pen testing, its a whole realm within itself, and from what I have found out, the CISSP covers the 10 domains of secuirty, but you need 10 years of experience. The SSCP is available but you can get the Associate and require at least 1 yr of experience in a secuirty field to get the full credential. The CEH is two years of experience (last I read), because I am the same as you, I serioulsy dig security and want to get into pen testing also.

    I have got some really good reading on the subject I am happy to share, here are the Amazon links to these books:
    Amazon.com: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) (9781597496551): Patrick Engebretson: Books

    Amazon.com: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice (9781597496537): Jason Andress: Books

    Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (9781463762360): Darril Gibson: Books

    I found these to be good reference, it seems almost anyone getting into security does at a minimum, the Comptia Security+ or may take the older Microsoft MCSA, or take the Cisco route. I beleive the certs you should take are those that are specific to your job role and the environment you intend to work in. That is perhaps quite obvious and maybe not that helpful, but I am also just starting out in the security arena and have a looooong way to go.
    Reply With Quote Quote  

  4. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    1,211

    Certifications
    CISSP, CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #3
    Just begin with something. In my case Security+ and CCNA:S helped me a lot, now I just finish the training for CEH (I did not attempt the exam yet), One week ago I begin the OSCP and it is good, but I notice that the previous knowledge is helping me.

    Also it is good to study some linux, most of the tools are in linux (sure there are tons in Windows and most of the tools that we use for the CEH training were in Windows environment.
    Reply With Quote Quote  

  5. Member
    Join Date
    Nov 2011
    Location
    UK
    Posts
    49
    #4
    Thanks for the replies,

    I think my plan will be to get my CCNA first (I have completed the NetAcad training just need to do the exam), then move on to Sec+, then CEH v7 or 8 and ill look into doing GPEN and OSCP and see where i go from there.

    @impelse I have basic Linux knowledge, I use Backtrack to practice with some of the tools i.e Aircrack, Metasploit, Hydra, JTR etc... I think i need to start picking up some Python and C++ aswell as from what i can tell most of the pentest tools are written in this.

    Any good recommendations for self study on CEH ? I see that quinnyfly has posted a link for Sec+


    Cheers
    Chard
    Reply With Quote Quote  

  6. Senior Member quinnyfly's Avatar
    Join Date
    Mar 2008
    Location
    Brisbane, Australia
    Posts
    239

    Certifications
    A+, Network+, Security+ ce, Server+, CIW - Network Technology Associate, CIW - Web Security Professional
    #5
    I have jumped way ahead of the cue in purchasing a very highly rated CEH text book, it gets tremendous cred from Amazon reviews, I have had a look at it and like what I have seen so far, anyhow here is the link:

    Amazon.com: CEH Certified Ethical Hacker All-in-One Exam Guide (9780071772297): Matt Walker: Books

    Also, I don't know for sure, but I thought I read somewhere that you require two years of exp in a security environment for the CEHv7? Will have too check E-Council's website.
    Reply With Quote Quote  

  7. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #6
    Quote Originally Posted by quinnyfly View Post
    the CISSP covers the 10 domains of secuirty, but you need 10 years of experience.
    Its 5 years experience. 4 years experience if you have any of the qualifications listed on the ISC2's 1 year exemption list.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks