IT Certifications and Careers (Official Discussion Thread)

[McTwerk]

Is that the kind of field where you can just focus on security or is that something you tack onto a skillset you already have like networking.

I get to focus strictly on security, mostly web application pen testing, but it does require fundamental understanding of networking. Knowledge of Windows and Linux environments is also required.

I do not do network level pen testing in my current role, but it could certainly expand to that in the future. I work for a software hosting company and do manual penetration testing against our apps before they are released to the public.

The CEH was a great test to build off of and the OSCP is a more hands on, in depth techincal approach on pen testing.

 

[Mowgli]

I get to focus strictly on security, mostly web application pen testing, but it does require fundamental understanding of networking. Knowledge of Windows and Linux environments is also required.

I do not do network level pen testing in my current role, but it could certainly expand to that in the future. I work for a software hosting company and do manual penetration testing against our apps before they are released to the public.

The CEH was a great test to build off of and the OSCP is a more hands on, in depth techincal approach on pen testing.

Nice, where would a man trying to get into this field start out information/book wise and what would i need to catapult myself into this field with minimal experience in security.

 

[McTwerk]

@Mowgli

What is your IT background? Do you work in IT now? Proficient in Windows? Linux?

 

[McTwerk]

Nice, where would a man trying to get into this field start out information/book wise and what would i need to catapult myself into this field with minimal experience in security.

I would start here:

[ame=http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364/ref=pd_sim_b_2]CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide: Darril Gibson: 9781463762360: Amazon.com: Books[/ame]

Don't listen to other people who will say the Security+ exam is useless...you gotta start somewhere, and this will give you an idea of the fundamentals of security concepts.

No, you won't get a pen testing job after passing it, but if you already have a good networking or Windows background you could get an entry level security analyst position and then build up from there.

That book linked above is probably the best resource for the CompTIA Security+ there is, outside of the 5 day bootcamps.

 

[Mowgli]

I would start here:

CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide: Darril Gibson: 9781463762360: Amazon.com: Books

Don't listen to other people who will say the Security+ exam is useless...you gotta start somewhere, and this will give you an idea of the fundamentals of security concepts.

No, you won't get a pen testing job after passing it, but if you already have a good networking or Windows background you could get an entry level security analyst position and then build up from there.

That book linked above is probably the best resource for the CompTIA Security+ there is, outside of the 5 day bootcamps.

I've gone the cisco route (ccna) in my career but im looking to tack on some more skills for when i branch out of network support and add security to my business. I took the a+ 13 years ago and it was useful so i feel what you're saying. Im just trying to cheat my way to the top though cuz im not working 5 years doing entry level rubbish if i can master it in 2.

 

[Mowgli]

@Mowgli

What is your IT background? Do you work in IT now? Proficient in Windows? Linux?

CCNA. Network admin. Profiecient in all windows systems. 10 years + experience.

 

[McTwerk]

CCNA. Network admin. Profiecient in all windows systems. 10 years + experience.

Given your background, you may be able to get the CEH then and bypass the Security+ (more entry level cert).

The CEH is more theoretical, but still techincal and still need a strong understanding of networking, protocols and how they behave, some basic programming, etc.

This is the book I used for the CEH studies and found it to be a great resource:

BARNES & NOBLE | CEH Certified Ethical Hacker by Matt Walker | NOOK Book (eBook), Other Format

A CEH with that background will get you alot further then the Sec+.

 

[Mowgli]

Given your background, you may be able to get the CEH then and bypass the Security+ (more entry level cert).

The CEH is more theoretical, but still techincal and still need a strong understanding of networking, protocols and how they behave, some basic programming, etc.

This is the book I used for the CEH studies and found it to be a great resource:

BARNES & NOBLE | CEH Certified Ethical Hacker by Matt Walker | NOOK Book (eBook), Other Format

A CEH with that background will get you alot further then the Sec+.

Does the info in this book pretty much touch on whats in the sec+ inadvertedly?

 

[McTwerk]

Does the info in this book pretty much touch on whats in the sec+ inadvertedly?

Yeah, the Sec+ is high level, overall concepts of security from network security, to web attacks, to social engineering concepts. (Doesn't cover tools in depth, just explains network security concepts.)

The CEH definitely covers these things, but much more in depth, but gets more hands on with tools and techniques for exploiting systems. (nmap, netcat, a little metaspolit, etc)

The CEH book is def the big brother to the Sec+ one.

 

[Mowgli]

Yeah, the Sec+ is high level, overall concepts of security from network security, to web attacks, to social engineering concepts. (Doesn't cover tools in depth, just explains network security concepts.)

The CEH definitely covers these things, but much more in depth, but gets more hands on with tools and techniques for exploiting systems. (nmap, netcat, a little metaspolit, etc)

The CEH book is def the big brother to the Sec+ one.

I see. Mine as well pick up both fug it. Fluff the experience if i got it mastered and we winnin.

 

[McTwerk]

Does the info in this book pretty much touch on whats in the sec+ inadvertedly?

One note of consideration though, the Sec+ exam has no pre-requisites to taking the test, whereas the CEH is either sit for a 5 day class, or prove 2+ years experience in security. Your CCNA and network experience should touch on that, but I am not sure if it would fully qualify you for the exam without the 5 day class.

 

[Mowgli]

One note of consideration though, the Sec+ exam has no pre-requisites to taking the test, whereas the CEH is either sit for a 5 day class, or prove 2+ years experience in security. Your CCNA and network experience should touch on that, but I am not sure if it would fully qualify you for the exam without the 5 day class.

What do they charge for the class.

 

[McTwerk]

What do they charge for the class.

Depends on where you go and who you use, but I would say 3-5K for a 5 day class, including lodging and meals.

 

[Mowgli]

Depends on where you go and who you use, but I would say 3-5K for a 5 day class, including lodging and meals.

Entry level pay?

Intermediate level pay?

 

[McTwerk]

Entry level pay?

Intermediate level pay?

All depends where you live, or are willing to move to.

I am in New England and well.

Entry level up here I would say 60K, Intermediate upwards of (and over) 80K.