Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Noob here asking about Red Hat/Certifications.
#1
So I've been in IT about a year now. Security has always been something that has greatly interested me, specifically penetration testing.

In the past 6 months, I've gotten my Comptia Trinity (A+, Net+, Sec+). I figured since pentesting and most security stuff is done inside of Linux, I would go after that next, so I'm currently studying for the RHCSA. Just learning the command line for now, really.

Is the RHCSA worth it for security people?

I want to go after the CEH and eventually the OSCP, but I don't have the experience to qualify for the former or the money to go after the latter. I'm think RHCSA -> RHCE -> CCENT -> CCNA Sec -> CEH -> OSCP, all while fiddling with tools/labs/python along the way.

Thoughts?


Thanks to everyone in advance.
Reply
#2
Firstly, i appreciate yo utaking the time to ask your question here. Great to know we have a proper techy on board.

So as you say, it dpends where it is yo uare wanting to head after? redhat certs are great if you are wanting to become unix sys admin. They, im sure, will help on a CV and get employed, and no doubt learn a good deal thing or two whilst studying for it. If you specifically want to go into hacking, then it probably wouldnt make my list personally. In fact, i did do a write up on different certs somewhere in the forum. Might be worth checking out for some ideas.

CEH is defo a good place to start if you ware wanting the hacking root but dont have much experience. Then move onto harder ones.

If yo ucan use linux proficiently, then becoming a hacker is pretty easy, anyone can learn to run tools, but understanding how a network works and how dns and systems communicate, that is what takes time.
If you go your proposed rout of exams, i think you will run out of space in your email signature haha. But you would be highly hirable im sure!
Reply
#3
(21-12-2016, 05:17 PM)admin Wrote: Firstly, i appreciate yo utaking the time to ask your question here. Great to know we have a proper techy on board.

So as you say, it dpends where it is yo uare wanting to head after? redhat certs are great if you are wanting to become unix sys admin. They, im sure, will help on a CV and get employed, and no doubt learn a good deal thing or two whilst studying for it. If you specifically want to go into hacking, then it probably wouldnt make my list personally. In fact, i did do a write up on different certs somewhere in the forum. Might be worth checking out for some ideas.

CEH is defo a good place to start if you ware wanting the hacking root but dont have much experience. Then move onto harder ones.

If yo ucan use linux proficiently, then becoming a hacker is pretty easy, anyone can learn to run tools, but understanding how a network works and how dns and systems communicate, that is what takes time.
If you go your proposed rout of exams, i think you will run out of space in your email signature haha. But you would be highly hirable im sure!

Thanks for making the forum in the first place!

The idea isn't really to be a sys admin, though i wouldn't be opposed to it. I just REALLY wanna learn the environment I'm going to be working in. The cert is really just because.

The CEH requires either a heavy down payment or 2 years working in Sec, neither of which I have.
Reply
#4
(21-12-2016, 05:25 PM)Yankee42 Wrote:
(21-12-2016, 05:17 PM)admin Wrote: Firstly, i appreciate yo utaking the time to ask your question here. Great to know we have a proper techy on board.

So as you say, it dpends where it is yo uare wanting to head after? redhat certs are great if you are wanting to become unix sys admin. They, im sure, will help on a CV and get employed, and no doubt learn a good deal thing or two whilst studying for it. If you specifically want to go into hacking, then it probably wouldnt make my list personally. In fact, i did do a write up on different certs somewhere in the forum. Might be worth checking out for some ideas.

CEH is defo a good place to start if you ware wanting the hacking root but dont have much experience. Then move onto harder ones.

If yo ucan use linux proficiently, then becoming a hacker is pretty easy, anyone can learn to run tools, but understanding how a network works and how dns and systems communicate, that is what takes time.
If you go your proposed rout of exams, i think you will run out of space in your email signature haha. But you would be highly hirable im sure!

What is it you want to do? or rather what environment are you working in. if you are not working in or towards senior linux sys admin then the red hat stuff i wouldnt have thought necisary. but by all means its good to have. CEH is not hard, you just have to answer how they want you to answer, in fact i have a CEH mock exam page you can try out and practice on that way you will know if you are close enough to practice to then get it so you are not wasting money

Thanks for making the forum in the first place!

The idea isn't really to be a sys admin, though i wouldn't be opposed to it. I just REALLY wanna learn the environment I'm going to be working in. The cert is really just because.

The CEH requires either a heavy down payment or 2 years working in Sec, neither of which I have.
Reply
#5
(21-12-2016, 05:28 PM)admin Wrote:
(21-12-2016, 05:25 PM)Yankee42 Wrote:
(21-12-2016, 05:17 PM)admin Wrote: Firstly, i appreciate yo utaking the time to ask your question here. Great to know we have a proper techy on board.

So as you say, it dpends where it is yo uare wanting to head after? redhat certs are great if you are wanting to become unix sys admin. They, im sure, will help on a CV and get employed, and no doubt learn a good deal thing or two whilst studying for it. If you specifically want to go into hacking, then it probably wouldnt make my list personally. In fact, i did do a write up on different certs somewhere in the forum. Might be worth checking out for some ideas.

CEH is defo a good place to start if you ware wanting the hacking root but dont have much experience. Then move onto harder ones.

If yo ucan use linux proficiently, then becoming a hacker is pretty easy, anyone can learn to run tools, but understanding how a network works and how dns and systems communicate, that is what takes time.
If you go your proposed rout of exams, i think you will run out of space in your email signature haha. But you would be highly hirable im sure!

What is it you want to do? or rather what environment are you working in. if you are not working in or towards senior linux sys admin then the red hat stuff i wouldnt have thought necisary. but by all means its good to have. CEH is not hard, you just have to answer how they want you to answer, in fact i have a CEH mock exam page you can try out and practice on that way you will know if you are close enough to practice to then get it so you are not wasting money

Thanks for making the forum in the first place!

The idea isn't really to be a sys admin, though i wouldn't be opposed to it. I just REALLY wanna learn the environment I'm going to be working in. The cert is really just because.

The CEH requires either a heavy down payment or 2 years working in Sec, neither of which I have.
Ideally, I want to just pentest. It sounds absolutely fascinating. As a fallback, probably be a sec admin somewhere.

Really, I just wanna learn linux as much as possible.

What do you do?
Reply
#6
Speaking from experience of working with pentesters. Stay away from the CEH unless youve got the cash to do it.

It doesn (for some unknown reason) have a huge impact in the info sec world, but it is in fact filled with a lot of shit you dont need. I for one, was working through the syllabus and was told i needed to know how to perform a Ping of Death..... an attack that hasnt been possible since the late 90's.

Whilst they go over the terms and definitions of hackers, the information is not something that is really that useful afterwards.

Your Security+ cert holds more weight in my opinion. I would skip CEH and go straight for the OSCP. Download the syllabus and go over the topics yourself. Once youve got a good grounding on the syllabus sign up for the lab environment to hone your skillset for the 24 hour exam.

If you want to pentest, get the OSCP. If youre looking for a more security focussed role like a security analyst then CEH. OSCP is by far the best proving ground for practical experience.

Also in regards to the CCENT to CCNA SEC reference. I wouldnt skip the CCNA R&S. Its the foundation for a lot of what youll be doing in CCNA SEC. If youre altering ACLs and using sticky MACs etc without the ICND2 knowledge under your belt youll struggle to apply it. Youll also cover ASA configs. Since its a router.... would be handy to have ICND2 to have an understanding of this.

The Red Hat cert is a dead certain ONLY if you want to be a sys admin in a nix environment. It doesnt really help with pentesting unless you want to exhibit knowledge of an OS' internal workings. Think of it like going for an MCSA.... if youd go for an MCSA to be a pentester, then go for RHCE. Otherwise youre throwing money away.


Summary: I believe you should go ICND1 > ICND2 > CCNA SEC > Run over the syllabus for OSCP > OSCP

Just with a CCNA R&S and OSCP youd make an impression with your knowledge base. A+ shows you know an OS, maybe not a sysadmin but definitely ok in a server. Networking with your CCNA and OSCP for practical security. Youd be guaranteed interviews for a lot of firms i know.
Reply
#7
(21-12-2016, 06:58 PM)Psycho_Bondage_Bunny Wrote: Speaking from experience of working with pentesters. Stay away from the CEH unless youve got the cash to do it.

It doesn (for some unknown reason) have a huge impact in the info sec world, but it is in fact filled with a lot of shit you dont need. I for one, was working through the syllabus and was told i needed to know how to perform a Ping of Death..... an attack that hasnt been possible since the late 90's.

Whilst they go over the terms and definitions of hackers, the information is not something that is really that useful afterwards.

Your Security+ cert holds more weight in my opinion. I would skip CEH and go straight for the OSCP. Download the syllabus and go over the topics yourself. Once youve got a good grounding on the syllabus sign up for the lab environment to hone your skillset for the 24 hour exam.

If you want to pentest, get the OSCP. If youre looking for a more security focussed role like a security analyst then CEH. OSCP is by far the best proving ground for practical experience.

Also in regards to the CCENT to CCNA SEC reference. I wouldnt skip the CCNA R&S. Its the foundation for a lot of what youll be doing in CCNA SEC. If youre altering ACLs and using sticky MACs etc without the ICND2 knowledge under your belt youll struggle to apply it. Youll also cover ASA configs. Since its a router.... would be handy to have ICND2 to have an understanding of this.

The Red Hat cert is a dead certain ONLY if you want to be a sys admin in a nix environment. It doesnt really help with pentesting unless you want to exhibit knowledge of an OS' internal workings. Think of it like going for an MCSA.... if youd go for an MCSA to be a pentester, then go for RHCE. Otherwise youre throwing money away.


Summary: I believe you should go ICND1 > ICND2 > CCNA SEC > Run over the syllabus for OSCP > OSCP

Just with a CCNA R&S and OSCP youd make an impression with your knowledge base. A+ shows you know an OS, maybe not a sysadmin but definitely ok in a server. Networking with your CCNA and OSCP for practical security. Youd be guaranteed interviews for a lot of firms i know.

Thanks so much for the response! What do you do for a living?

Why do you feel the Sec+ holds more weight?

The OSCP is definitely my end game, it's just so damn expensive. I don't have much experience, so I don't earn much yet.

Honestly, the only reason I'm pursuing Red Hat is to get a good Linux foundation. Just a path to run on, really.

Thanks so much for the help.
Reply
#8
I was a security engineer/consultant but now branching towards info sec management.

Sec+ is a more technical exam from what i understand. Understanding of encryption types etc on par with one of the 8 CISSP domains.

CEH after you take into account the exam registration alongside that stupid ass application fee you have to pay, can put you in the £500 area before even sitting the exam (after materials and books etc).

OSCP is about 1-1.5k 1-3 month course with a true lab environment to learn and hone your skills in. and then $60 for the exam..... cost to benefit might seem like the cheaper option is better. But the fact is, that a 5 day course in the UK for studying can be arounf £5k. but for 1.2k you get 3 months lab and video access. And if you do fail the first time round, you can resit for $60! its the best cost to reqrd exam I know of and every pentester i know vouches for it.
Reply
#9
I agree. From a iring persepctive OSCP stands head and shoulders above CEH. CEH is mainly the known good of where to start if you havent any other security related experience as its a quick and easy win. But agina, this comes down to money, but hopfeully the idea is to get companies to put you in for it!

Mate, my collegues and i are sitting an exam that is £1,600 jsut to sit the exam. no training or resources or anything! it can get expensive, hense the "get your work to pay" approach.
Reply
#10
(21-12-2016, 09:28 PM)admin Wrote: I agree. From a iring persepctive OSCP stands head and shoulders above CEH. CEH is mainly the known good of where to start if you havent any other security related experience as its a quick and easy win. But agina, this comes down to money, but hopfeully the idea is to get companies to put you in for it!

Mate, my collegues and i are sitting an exam that is £1,600 jsut to sit the exam. no training or resources or anything! it can get expensive, hense the "get your work to pay" approach.

Aye. I jist sat the CISM which i had to fork out 750 just for the exam and official text books. No other training ? hope it pays off lol
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)