|
GOOCHY posted:Passed the Sec+ this morning. I hate the way CompTIA words questions on their tests. It's like they were written by a non-native English speaker. Just took it this morning myself. I originally took this test back in 2007, and I have to say it's gotten a lot harder. Some of the questions were poorly worded, and others just had me scratching my head as the answers really had nothing to do with the question. That said, this test has come a long ways. You actually have to know more than just technical for this exam, you need to know the other domains as well. For the record, I took it cold. I do not suggest that, as there were a few things on the exam I simply did not know. Most of it is fine if you have any actual experience.
|
#
¿
Jan 11, 2013 20:19
|
|
|
|
| # ¿ May 5, 2024 05:21 |
|
|
madmaan posted:Welcome to pains of every cert you will ever take. Most multiple choice questions you will take will ask you trivia questions of things you probably will never need to memorize in production. This is so annoying. On my exam today, I got a question that was - How would you implement "x"? All the answers were how to implement "y". Very poorly thought out.
|
|
#
¿
Jan 12, 2013 02:15
|
|
|
Blocking PING is one thing. Blocking ICMP entirely is loving retarded. Edit - might as well add, finally signed up for the Penetrating with Backtrack class, going to take OSCP in 90 days. Yay! XakEp fucked around with this message at 02:15 on Feb 15, 2013 |
|
#
¿
Feb 15, 2013 02:01
|
|
|
Drunk Badger posted:Any opinions on the CEH? I can take it for free, but is this something that will help me get a job in an IT security position that isn't pentesting? It's better then not having it, but don't expect anyone to be wowed by it. If it's free, do it. It's not that bad, but it's nothing amazing.
|
|
#
¿
Feb 19, 2013 01:09
|
|
|
MC Fruit Stripe posted:I'm greedy as gently caress, that's how. Ding!
|
|
#
¿
Feb 26, 2013 01:07
|
|
|
pretend to care posted:If anything I'd do CEH last. Not sure what sort of "industry" you're in, but I know that where I am almost every one of these positions REQUIRES a CISSP/CISM/CISA type cert, and then stuff like CEH or Security+ are nice to have (but really nobody cares if you have the main one). If he's dealing with 8750, CEH is absolutely relevant as it's required for some areas where CISSP is not.
|
|
#
¿
Mar 28, 2013 18:50
|
|
|
GOOCHY posted:I made an attempt to go this path without any prior military or security clearance and it's been a tough road. They just aren't interested in you unless you have a pre-existing clearance, in my experience. Granted, the sequester may be throwing things off a bit. I went through the process to get a clearance, and I guess I might as well share what got me in. If you have no military or security clearance, it IS possible, but you've got to be able to start somewhere not terribly convenient. For me, it was taking a job on a base in the middle of nowhere. With the high requirements they had for the position, the contractor was having serious problems finding anyone remotely qualified. It apparently got to the point that when I came along and nailed the job interview, they didnt care that I didnt have a clearance. I was willing to move my family down there, and after 12 months, I can go anywhere I want within the contractor's organization (Lockheed). It sucks, but being willing to work somewhere inconvenient doing very specialized work is a good path to getting a clearance. The pay is phenomenal (90% more than I was making before) and the team I'm on is great. You'll just have to do a little legwork to find positions that aren't getting filled, and go for them instead.
|
|
#
¿
May 20, 2013 22:23
|
|
|
CheeseSpawn posted:I know of one major too big to fail bank that still uses it. 9-1-1 services still deploy and use frame relay for ALI services.
|
|
#
¿
Jun 7, 2013 13:54
|
|
|
Finished the OSCP exam after 13 hours. I managed to get root on 4 servers and got a shell on the last server but decided that since I already had 75 points I would rather get to bed than spend the rest of the 24 hour exam dinking with a server for points I didnt need to pass. Turned in the report (64 pages ugh) and now I just wait for the results back. Fingers crossed!
|
|
#
¿
Jun 16, 2013 18:37
|
|
|
XakEp posted:Finished the OSCP exam after 13 hours. I managed to get root on 4 servers and got a shell on the last server but decided that since I already had 75 points I would rather get to bed than spend the rest of the 24 hour exam dinking with a server for points I didnt need to pass. Turned in the report (64 pages ugh) and now I just wait for the results back. Got the email, confirmed the pass. Officially OSCP, now to CCIE R&S written.
|
|
#
¿
Jun 18, 2013 02:29
|
|
|
Tasty Wheat posted:I have played with Backtrack on and off for years now, its always been interesting to me. What did you think of the training? It was pretty intense. The focus is balanced between the tools and the technologies behind why they work. If you aren't well versed in pentesting it'll be really intense. Personally it was a very good experience. I intend to do OSCE when I can.
|
|
#
¿
Jun 18, 2013 05:04
|
|
|
Tasty Wheat posted:I guess it would be intense for me, last time I used Backtrack for a practical application is was called Auditor, and I used it to confirm that I had a rouge DHCP server on a wireless network of mine. You should download Kali and familiarize yiurself. I didnt know much about programming but I got through the class. Be sure to get enough lab time and put in the time and you'll be ok.
|
|
#
¿
Jun 18, 2013 14:10
|
|
|
inignot posted:Belated congratulations on this; the offensive security certs are no joke. Did you do any other security stuff prior to the OSCP such as the GPEN? My problem with a lot of the high end security stuff like pen testing, or forensics, or malware analysis is that it requires extensive host level knowledge. I've been in R/S for so long I have no idea how that world works. I'd be interested to know how you are maintaining expertise in such divergent fields. Well, I started in IT 18 years ago, and have been doing Sysadmin and networking for quite a while. I'm fortunate (maybe) that I'm able to draw from my experience, which really helped me a lot. I'm not a programmer, but I have a really good understanding of how Windows functions, and I'm getting pretty decent at picking apart Linux. Its unfortunate that I can't talk about what I encountered on the exam, because the test is really, really well put together. I'm working on maintaining my skills at this by building VMs on my systems at home and going at them in my spare time. Not just metasploitable but other builds, and finding vulnerable applications based off the exploits I can find off exploit-db.com. Right now I'm definitely looking for a job doing this full time, so we'll see how that goes. I'm pretty happy where I am, but it's not pentesting.  If you have any questions about the class, I'll be happy to answer them.
|
|
#
¿
Jun 20, 2013 15:00
|
|
|
skipdogg posted:This is off topic, but can someone explain to me why everyone wants to be a pentester? I dont think I would trust anyone that does pentesting and doesn't have a lot of experience in another discipline of IT. An effective pentester is one who really does understand how different devices function, how complex systems are built and how they can be compromised. Kids just like to break things, so maybe there's that. I dunno. I've always liked getting around the rules, and having pentesting skills at the least has really helped me in my current job, since being able to explain why and show developers and management how I would take advantage of proposed shortcuts in product deployments or changes to the network.
|
|
#
¿
Jun 21, 2013 00:06
|
|
|
QuiteEasilyDone posted:So I shouldn't go out and get a lab router. Okay I'll take all of the above into advisement. For the CCNP stuff you can get away with GNS3 and a couple of switches that can do MLS. You'll have to do a bit of troubleshooting with GNS3, but you should be ok.
|
|
#
¿
Jun 22, 2013 22:54
|
|
|
Tasty Wheat posted:Look for a copy of IOU or IOL, you can even find them already built in VMware. Does this handle switching, or just routing like GNS3?
|
|
#
¿
Jun 23, 2013 03:34
|
|
|
Tasty Wheat posted:1. Is Ft. Xxx good location for you? I can say from experience #2 is not a hard and fast rule. I have sec+ and its fine for my work and make 6 figures. It all depends on how the position is classified within 8570. For example, if you're doing pentesting you dont need sec+ or CISSP, you need CEH. Get the right cert for the right job.
|
|
#
¿
Jun 25, 2013 03:33
|
|
|
Patterson posted:I've done mostly web app vulnerability assessments so far. I've only been doing it for a few years, but I've been doing stuff by hand and not letting a tool work for me. I'm really hoping this class is more about teaching actual techniques and not "just click this button on this toolkit and it does it for you!" You need to understand how networks function, nmap usage and a bunch of other stuff along those lines. I really dont recall anything about Nessus or other automated tools, but lots of XSS and sqli, as well as other stuff. It's a cakewalk compared to the OSCP.
|
|
#
¿
Jul 4, 2013 03:14
|
|
|
Patterson posted:I was looking at taking the OSCP after I finished up this cert. The exam looked pretty fun, but I think I'll wait till I have a really good understanding about pentesting before I attempt it. It's looking like my idea of just taking the 5 day class and just do the exam right after might not be the best one and that I probably should mess around for a month or two before I attempt it. Unless you have experience, 2 months is the minimum. Your first month will mostly doing the stuff from the book.
|
|
#
¿
Jul 4, 2013 21:53
|
|
|
I think some info about OSCP (http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/) should be added to the OP. There's a number of good certs on that site, but just having Sec+ and CISSP for security isn't enough. Great OP tho. Haven't looked it over for ages.
|
|
#
¿
Jul 19, 2013 04:43
|
|
|
rock2much posted:One of the security guys at my job just suggested this when I asked about the CISSP. He says it's great for getting passed HR but no one else here cared that he had once he started, they were more impressed by his ability to actually do things. OSCP and CEH were on his list of fun and usually useful security certs to go for. I'm currently on the hell desk with my Sec/Net+ looking for a way out/up. CEH isn't terribly useful but OSCP is awesome. If you want to learn the ins and outs of hacking it is the one you want. You had better know your networking and systems as well as basic programming and scripting. It's the real thing.
|
|
#
¿
Jul 20, 2013 02:15
|
|
|
I start Cracking The Perimeter tomorrow, signed up for a 30 day class. I'll be going for OSCE in about 45 days or so. I'll post up how things go if anyone is interested.
|
|
#
¿
May 3, 2014 05:31
|
|
|
S.W.O.R.D. Agent posted:Absurdly short or long? The only way you're passing either exam with only 30 hours of study is if you braindump or have experience on the job already. Or both.
|
|
#
¿
May 28, 2014 14:35
|
|
|
Just finished my OSCE exam. 30 hours straight of wondering if my brains are going to leak out my ears. I'm about to pass out, but I can easily say this was the HARDEST test I have ever taken in my life.
|
|
#
¿
Jun 22, 2014 05:55
|
|
|
Got the email, officially Offsec OSCE certified. Man, my brain hurts. It was definitely worth it, but it took a lot out of me. If anyone has any questions, feel free to ask.
|
|
#
¿
Jun 26, 2014 05:10
|
|
|
inignot posted:Does anyone know how the OSCP/OSCE compares to the GSE? Both in terms of difficulty and blueprint. I don't have GSE, but have heard about it. http://www.giac.org/certification/security-expert-gse If you want something focused on defense and writing reports, GSE is where it's at. If you want to know how to manually encode malicious code, fuzz an application and manually build an exploit or how to escalate shells to root or system access, OSCP and OSCE are where you want to be. In terms of difficulty, OSCP and OSCE are hands down the hardest tests I've ever taken. They're also the most rewarding. Once you have them, you KNOW that you know your stuff. No questions or essays, it's balls to the wall doing, can you perform the tasks before you. And frankly, it's amazing how fast time flies by when you're taking these types of tests. Not to mention if you fail GSE you have to wait a minimum of 12 months before retaking it. Fail it again and you get to wait 3 years before your next retake.
|
|
#
¿
Jun 28, 2014 01:53
|
|
|
wrong way posted:Ya CCNA does sound like a good idea. My school said that they covered about 80% of the content in the first year shouldn't be too rough. My plan is to start the OCSP class next month because my school will pay for it. I'll try and take the CCNA in the next two weeks. OSCP is one of those certs that you need to be ready to put in the time for - not memorize a lot of stuff for.
|
|
#
¿
Jul 23, 2014 00:31
|
|
|
GobiasIndustries posted:A friend in an entry-level position with an IT company is trying to explain to me that MAC addresses are irrelevant and shouldn't be studied anymore, as we're studying for our CCENT/CCNA. He HATES MAC addresses for some reason, is convinced DCNA is all you need, and I don't have enough knowledge quite yet to explain everything to him in a 'please shut up, you're wrong' manner. Why is he wrong? Specifics/examples would be great. I fail to see what the District of Columbia Nurses Association has to do with L2 networking. Your friend seems like a real moron.
|
|
#
¿
Jul 31, 2014 06:20
|
|
|
NippleFloss posted:S+ is a minimum requirement for many DOD contracting jobs so it's a worthwhile investment if you want to go that route. Otherwise it's a pretty dumb cert. 100% agreed.
|
|
#
¿
Aug 16, 2014 18:40
|
|
|
Passed OSWP over the weekend. What a total pain. Much more difficult than I had expected. I can't take AWAE until next year so I'll probably challenge some SANS certs in the meantime.
|
|
#
¿
Mar 11, 2015 01:47
|
|
|
Dr. Arbitrary posted:Are there other security certifications that are valued? Check out the Offensive Security certs.
|
|
#
¿
Mar 14, 2015 17:18
|
|
|
Dr. Arbitrary posted:This sounds interesting. I read your earlier posts in the thread and I definitely want to give it a try. What you need to know before taking it is less important than the desire to see it through. I started with an good understanding of Windows and networking, but in the end Linux knowledge and understanding Python would have been far, far more useful. Don't let what you don't know stop you from taking the class, you'll learn as you go and you'll pick up what you need as you progress. If you're willing to work hard and aren't prone to giving up easily, you should just sign up and learn as you go.
|
|
#
¿
Mar 16, 2015 20:34
|
|
|
Eonwe posted:thanks to dilbert as gently caress for recommending WGU to me Seconding this. I got a new job with nearly double the pay after finishing my master's degree there, and I wasn't doing badly to begin with. Absolutely worth it.
|
|
#
¿
Apr 23, 2015 00:47
|
|
|
Docjowles posted:Out of curiosity, masters in what? I've thought about an advanced degree (have a BS) but I honestly don't know what I'd do it in. I'm not a dev so CS doesn't seem worth it. MBA or some other business/management field? I aspire to a position like "Director of Operations" at a small to mid size company as one possible 5 year plan so learning to manage people and deal with the financial side of the house better is very appealing. Information security and assurance.
|
|
#
¿
Apr 24, 2015 13:24
|
|
|
Immanentized posted:If you don't mind me asking- where was your program? I have a MS in Information Management and I am considering going back, but a lot of the Security and Assurance programs around me seem new and untested. Not sure what you mean but I went to WGU.
|
|
#
¿
Apr 26, 2015 20:22
|
|
|
Ahdinko posted:Will VIRL do all the stuff I need? I remember looking at it when it came out last year and being a bit disappointed but to be honest I haven't read much on it since. I've got switches coming out of my ears, 10+ 3560's I can play with here, but routers are where I might come up short. I've got probably 5x 881/887/891's, 2x 1841's and 2 x 1941's. I've got two 2900's of some model that I can't think of right now, a 3925E and a 4451-x. My son wants to try for ccna this summer so if you're willing to part with some of that gear I'll happily take off of your hands.
|
|
#
¿
May 5, 2015 14:33
|
|
|
|
| # ¿ May 5, 2024 05:21 |
|
|
Stan S. Stanman posted:I'm looking for some opinions from all you tech savvy people. I'm trying to figure out where to go next. I'm moving into a computer network defense / cyber threat intelligence position in the near future. I have a CISSP now, but all my other certs are computer forensics related and forensics have been my focus the past 7 years or so. I don't have a ton of network experience so I'm considering doing some training/certification to brush up my technical skillset on the network end. Anyone have any suggestions on certs or training that would support that goal? The position is definitely information security oriented, but I'm wondering if getting stronger on network skills would be beneficial too. I have a gi bill that's begging to be used, so I have some flexibility with what kind of training I do. ccna, pentester academy certs then oscp. In that order.
|
|
#
¿
May 12, 2015 20:25
|
|