My Website: www.talkelley3.com/
My Channel: / bigbrosecurity
mbsy.co/37jhqr
elearnsecurity.com
offensivesecurity.com
tryhackme.com/
hackthebox.eu/
Chapters:
0:00 | Introduction
0:54 | Step 1
5:11 | Step 2
6:19 | Step 3
9:45 | Final Thoughts
Step 1: The Fundamentals
The first thing you need to do is get down the fundamentals. CompTIA Triad.
CompTIA A+
This certification will provide you with a good general knowledge of computer hardware and software. It is divided into 2 main exams. One of them is a hardware focused exam and the other is a software focused exam. This will give you a pretty decent base-level knowledge when it comes to that type of stuff.
Network+
This certification will provide you with a good general knowledge of networking concepts like routing, switching etc. It gives a very good baseline knowledge of networking concepts though it’s probably not the greatest networking exam if you want to get a network engineer job. That’s beside the point of this video though.
Security+
The Security+ builds up a solid base of conceptual cybersecurity/information security concepts, such as Confidentiality, Integrity, Availability, Encryption, Data Loss Prevention, etc.
Step 1b: A Degree (or Two!)
I would highly recommend you look into getting a degree in cybersecurity if you have the time and money and are planning to get a job working for the Federal or State governments in the United States, it’ll really help to get a degree. Even if you’re going to go in the Cybersecurity field in the private industry, it may help especially with more advanced management jobs in the future.
Bachelors of Cybersecurity and Information Assurance - WGU
This is an amazing Bachelors of Cybersecurity program offered by Western Governors University. It is much cheaper than an alternative at a traditional university, and it is designed in a much smarter way than other degrees.
Masters of Cybersecurity and Information Assurance - WGU
This is a great Masters program with really good assignments that seem to align closely with some real world assessments that you would see as a Penetration Tester etc. They also both include some industry standard certifications like the A+, Network+, Security+, SSCP, CEH, CIH, and more.
Step 2: Basic Penetration Testing
eLearnSecurity Junior Penetration Tester (eJPT)
It covers Network and System Security, common pentesting tools, with loads of practical labs.
TryHackMe
This is a free platform to use with some lessons to help teach you ethical hacking concepts through practical learning. It’s a great resource and I highly recommend it especially in the beginning!
HackTheBox
TryHackMe at least in the beginning.
Step 3: Advanced Penetration Testing
eLearnSecurity Certified Professional Penetration Tester (eCPPT)
This certification is a phenomenal certification with great training in the form of the PTP course offered by eLearnSecurity and INE. It is a 2 week long exam with a thorough written report, and it’s basically a simulation of a real world engagement.
Offensive Security Certified Professional (OSCP)
This certification is super popular among the Penetration Testing community. It consists of a training course called PWK, and a 48 hour exam. 24 hours to hack the environment and 24 hours to write your report.
eLearnSecurity Certified Penetration Tester eXtreme (eCPTX)
This certification is the top level “general” pentesting certification by eLearnSecurity. I have it as I bought it pre INE era, but haven’t attempted it yet obviously. I’d recommend doing this after the OSCP.
Offensive Security Certified Expert (OSCE)
This certification now is a “stackable” certification similar to how CompTIA has “stackable certifications” when you take the “building block” certifications. These certifications are,
Offensive Security Experienced Penetration Tester (OSEP)
Offensive Security Web Expert (OSWE)
Offensive Security Exploit Developer (OSED)
eLearnSecurity and Offensive Security Specialized Certifications
There are many other certifications that you can get which are more specialized in different areas if you so desire.
TryHackMe
The TryHackMe platform is a great platform to continue labbing etc. as you progress through the certifications.
HackTheBox
Additionally, practicing your skills on HackTheBox, and leveling up your ranking is always a great thing to do
Step 4: Never Stop Learning! (Oh and Get a Job 🙂
At this point in your learning (provided you’ve completed step 3), you’ll know what you want to do next. I’d highly recommend applying for some jobs in Penetration Testing after your first certification or two is complete in step 3. Continue building experience through labbing and doing things like HackTheBox, even while you do have a job. Though on the job experience is honestly the best thing you can have in Penetration Testing and Cybersecurity in general
4 авг 2024