My personal advice - For beginners to IT
Security:
If you are new to the IT Security industry and do not have any certifications or much experience, I recommend going for these certifications:
If you are new to the IT Security industry and do not have any certifications or much experience, I recommend going for these certifications:
• CompTIA A+
• CompTIA Network+
• CompTIA Security+
• CompTIA Network+
• CompTIA Security+
All will give you a very good basis to build your knowledge on.
After which you can do:
• CCENT
• CCNA
• CEH
• CCNA
• CEH
After you have accomplished these tasks, I am almost sure that you
will know what you want to be doing in your career; Architecture, Security,
Network Engineer, etc...
I cannot give you any advice on other than Security related career
path, most accurately, the path for penetration testers.
Note: Information
Security is a very wide field, it consists of various sub-fields:
infrastructure security, application security, network security, configuring
firewalls, incident management, security policies, wireless security, access
control, VPNs, and so on…
My personal advice - For people who want to
follow IT Security related career path:
Note: Alongside the primer I have given below you will have to learn or get the basics of Bash, Assembly, Perl, C/C++, HTML, PHP, Python and other languages.
Note: Alongside the primer I have given below you will have to learn or get the basics of Bash, Assembly, Perl, C/C++, HTML, PHP, Python and other languages.
Again part of my personal advice (after you have completed tasks
above and you have chosen penetration testers career path and/or related), you
should go for Offensive
Security Certified Professional. (OSCP) not only qualifies you
for 40 (ISC)2 CPE credits, but also gives you much hands-on experience.
After this I am sure you can do:
• CCNP
• OSCE
• OSCE
For total beginners, here’s an example way into certifications
(security related) can do this:
Certificate progression #1
• CompTIA Network+
• CompTIA Security+
• Systems Security Certified Practitioner (SSCP)
• GIAC Security Essentials (GSEC)
• Cisco Certified Entry Networking Technician (CCENT)
• Cisco Certified Network Associate (CCNA)
- CCNA: Security
• GIAC Certified Incident Handler(GCIH)
Certificate progression #3
• EC-Council Network Security Administrator (ENSA)
• EC-Council Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)
• GIAC Penetration Tester(GPEN)
• Certified Security Analyst (CSA)
Certificate progression #4
• Cisco Certified Network Professional - Security
• Offensive Security Certified Expert (OHCE)
Certificate progression #5
• GIAC Certified Incident Handler (GCIH)
• GIAC Information Security Fundamentals(GISF)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• GIAC Security Expert(GSE)
Penetration testing is hard to do well; to do it well (on a technical level) you really need to know a lot of systems and in some good level of detail. I do security all day every day, and in the last 6 months I have worked on the following systems:
RACF
z/OS
Solaris
Linux
Windows 2003-2012
Databases
XML Gateways
Firewalls
Content Filters
IPS's
LDAP Directories
Access Management Servers
SSL VPN/IPSEC VPN
Identity Management
SOA Security design
Network design
VLAN/MPLS/VPLS
NetWare
eDirectory
Active Directory
Web Services Security
x509 Certificate Authorities
RADIUS
JBOSS
WebLogic
Apache
IIS
OTP/2 Factor
The list goes on...
z/OS
Solaris
Linux
Windows 2003-2012
Databases
XML Gateways
Firewalls
Content Filters
IPS's
LDAP Directories
Access Management Servers
SSL VPN/IPSEC VPN
Identity Management
SOA Security design
Network design
VLAN/MPLS/VPLS
NetWare
eDirectory
Active Directory
Web Services Security
x509 Certificate Authorities
RADIUS
JBOSS
WebLogic
Apache
IIS
OTP/2 Factor
The list goes on...
If you want to be really good at penetration testing, focus on a
few types of systems/platforms, and learn them well. Vendor certificates in
those systems are handy as well, but not necessary.
I can highly recommend the SANS courses. Yes, they are expensive but it's for a reason. They provide world-class security training and each day is so jammed packed with material and labs that your head hurts.
As a starter, GSEC is supposed to a good baseline certificate to get from GIAC/SANS but after that point it is probably best to move onto the advanced certificates.
I can highly recommend the SANS courses. Yes, they are expensive but it's for a reason. They provide world-class security training and each day is so jammed packed with material and labs that your head hurts.
As a starter, GSEC is supposed to a good baseline certificate to get from GIAC/SANS but after that point it is probably best to move onto the advanced certificates.
GIAC Certified Penetration Tester (GPEN)
GIAC Reverse Engineering Malware (GREM)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Offensive Security Certified Expert (OSCE)
Offensive Security Certified Professional (OSCP)
Certified Expert Penetration Tester (CEPT)
Certified Penetration Tester (CPT)
Certified Reverse Engineering Analyst (CREA)
Certified Network Offense Professional (NOP)
0 comments:
Post a Comment