Jump to content


1

certification path for ethical hacking or penetration testing ?

security ethical hacking CEH GCIH GPEN CCNP CCNP (Security) CCNA (Security)

16 replies to this topic

#1 coolzaker

coolzaker

    Junior Member

  • Members
  • PipPip
  • 1 posts
  • 4 thanks

Posted 09 August 2012 - 03:12 PM

Hello everyone...

i am a young Student, I just completed my 4 years in my B.S in Information Technology and i wanna pursue a career in Penetration Testing. i wanna know how do we get there, which certifications to choose....??...........i talked to a training centre here in my city and they have convinced me to complete CCNA, CCNP, CCNA(Security), CCNP(Security) and then move to CEH or penetration testing.......and now i am just wondering whether i have to do CCNP R&S as well as CCNP Security to become a good penetration tester....or just CCNA is sufficient....i just want to know how to reach that post in d best manner n best way......

Thanked by 4 Members:
kaiosousa9 , fareedroshan , hgerman21 , vamshidharag

#2 Andy10

Andy10

    Member

  • Members
  • PipPip
  • 18 posts
  • 419 thanks

Posted 23 August 2012 - 08:03 PM

You should have a good background of networking, operating systems, databases, web applications if you would like to pursue ethical hacking.
A CEH whilst well recognized provides u only an entry into the domain. There are other certs, such as OSCP that combine labs with the training. You could also create your own lab to get used to testing & breaking into stuff.
There are multitudes of security testing firms, you could probably attempt an internship in such firms.

Thanked by 1 Member:
hgerman21

#3 holinx

holinx

    Junior Member

  • Members
  • PipPip
  • 6 posts
  • 10 thanks

Posted 04 September 2012 - 09:32 AM

Hi,

Andy is right, certifications doesn't make you a good pentester. You must have an experience on networking and/or development and/or systems to specialize in the penetration testing field.

Again, don't start your career in the penetration testing, unless you're especially talented in this area, you really must have an exprience on other IT fields.

Take a look to this video:

Regards,

Thanked by 3 Members:
dave058 , rebelle2014 , hgerman21

#4 nrk77

nrk77

    Member

  • Members
  • PipPip
  • 24 posts
  • 2987 thanks
  • LocationOn the Wire

Posted 07 September 2012 - 05:45 AM

I agree with the above comments.
Specially this "Again, don't start your career in the penetration testing, unless you're especially talented in this area, you really must have an exprience on other IT fields."

You can start of with CCNA and CCNP. Learn the concepts of R&S. Learn how InterNetworking ,TCP/IP etc works.
Then depending apon your interest area's you can carve your career. You don't have to get certified but read and learn the concepts. Its a good start point.
When you are doing this also learn about applications, different servers (Mail,web,DNS,AD,DC,DHCP etc etc) , Database and other IT areas.
Once you know the rules of internetworking , you will learn how to break that pretty easily.
Last but not the least Read, Read & Read . Pick up a live platform and practice.

Thanked by 1 Member:
hgerman21

#5 billyc123

billyc123

    Member

  • Members
  • PipPip
  • 37 posts
  • 6303 thanks

Posted 07 September 2012 - 05:55 AM

I want to be a Penetration Tester, what will be my paths, training paths and to career paths ?
I 'm starting here from a CEH first, what will be my next....   CISSP is always required by company together with that SANS/GIAC certified.
With strong experienced with different security tools.......nmap, nessus, wireshark, backtrack/metasploit
Programming language is mostly required. Multiple OS skills in Linux/unix and Windows environments.
Web knowledge and Web Security is very important and is required.
But I really don't know why they required Perl/Python/Ruby...

Thanked by 1 Member:
hgerman21

#6 holinx

holinx

    Junior Member

  • Members
  • PipPip
  • 6 posts
  • 10 thanks

Posted 07 September 2012 - 01:40 PM

CISSP is definitely not a cert for a pentester. It's a cert for managers, not for technical people. (http://www.infosecisland.com/blogview/22257-Your-CISSP-is-Worthless-So-Now-What.html)
CEH is just useful to pass through the HR firewall. Technically, CEH is meaningless. This cert is just about tools (what tool do that, what this tool is used for, what's the command line option of a tool can do this ...), any security professional with a minimum experience in pentesting can get this cert without any preparation.

Being able to write script Perl/python/ruby is a must for a good pentester.

As nrk77 said, read, read & read AND practice!!!

Thanked by 2 Members:
billyc123 , hgerman21

#7 engrsash

engrsash

    Junior Member

  • Members
  • PipPip
  • 1 posts
  • 6 thanks

Posted 27 January 2014 - 10:12 AM

I am CCNA, CCNA-SEC and now preparing for CEH and CISSP. Thanks

Thanked by 1 Member:
rebelle2014

#8 shalabh169

shalabh169

    Junior Member

  • Members
  • PipPip
  • 1 posts
  • 9 thanks

Posted 19 February 2014 - 07:31 PM

thanks

#9 leedsfc

leedsfc

    Junior Member

  • Members
  • PipPip
  • 5 posts
  • 8 thanks

Posted 25 May 2014 - 05:40 PM

For pentesting, you dont need anything beyond CCNA!!! Everything else is overkill.

#10 neelk

neelk

    Advanced Member

  • Members
  • PipPipPip
  • 74 posts
  • 9736 thanks

Posted 25 July 2015 - 06:02 PM

read, read & read AND practice!!!
many thanks that the point

#11 tinkie

tinkie

    Advanced Member

  • Members
  • PipPipPip
  • 92 posts
  • 3786 thanks
  • LocationThe Interwebz

Posted 20 November 2015 - 10:23 AM

I'm a penetration tester. Background knowledge is key especially when doing your analysis and writing reports. The certs that will provide you with the best background knowledge are net+, security+ and ccna. For using tools theres OSCP and CEH. CEH and ECSA will also provide you with a solid methodology with which to structure your tests. CCNP and ccna security are overkill. CISSP is only required if your are going into management or perhaps consultancy. Get as many books as you can on Kali Linux and try the tools and labs in VM's if you dont have the hardware.

ECSA will help the most with report writing and analysis. The core of penetration testing is in relating your tests, findings and analysis back to management. Anyone can do a search on google or youtube and learn how to use tools but how many of them have the analytical capabilities to put the information together and present it to buisness heads that dont have a clue about IT? Thats why your background knowledge is so important. Just my opinion and 2 cents, based on MY experience. Hope it helps :)

Thanked by 3 Members:
Firebug , billyc123 , jonono

#12 billyc123

billyc123

    Member

  • Members
  • PipPip
  • 37 posts
  • 6303 thanks

Posted 20 November 2015 - 04:45 PM

It's almost end of 2015. I was not able to be a PenTester. Have been collected, training a lots of.
Struggle  to get a GPEN.....

#13 voodai

voodai

    Advanced Member

  • Members
  • PipPipPip
  • 97 posts
  • 1446 thanks

Posted 20 November 2015 - 06:09 PM

View Postholinx, on 07 September 2012 - 01:40 PM, said:


CEH is just useful to pass through the HR firewall.


Holinx!!!
I like your comment. I see any and all cert as that. You got to know your stuffs.

#14 KhanGi

KhanGi

    Advanced Member

  • Members
  • PipPipPip
  • 56 posts
  • 34 thanks

Posted 29 June 2017 - 08:50 PM

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Organization

Community

Downloads

Test Providers

Site Info


Go to top