2021-10-10 11:32:00
There's a question which commonly comes up on Discord. I thought I'd just make a blogpost out of my most common response.
"I need you to suggest me onto path after security+. I want to develop my pen-testing and web security skills."
Here's a great overview of all kinds of security certification tracks -> https://pauljerimy.com/security-certification-roadmap/
If you're a rookie pen-tester and need a start with the basics, then eLearnSec's eJPT was always a decent start.
Pentest+ is CompTIA's cert that tests for 1-2 years of professional experience (or bruteforce book-learning). In Paul's overview it's lower ("easier") than eJPT, which I disagree with.
For a little more experienced people, eWPT and eCPPT from eLearnSec were also decent. Or, if you want to pack a bit more oomph, go for PWK (pentesting with Kali) from Offensive Security. The capstone to PWK is the now famous OSCP practical hacking exam.
OSCP combines research skills, time management and documentation with technical challenges which are not "too hard" (their difficulty lies mostly in the huge variety offered).
There are many cool sites that offer free or affordable education through labs, like TryHackMe and HackTheBox. Personally I've been a fan of PentesterAcademy, who put out good quality content and whose courses can go really in-depth.
If you have an employer who's not afraid to spend some money on you and you still have budget left, consider the SANS trainings + GIAC exams. They're expensive, but have a good reputation and the trainings are awesome.
GSEC can be considered their next step after Security+. GCIH and GPEN are the GIAC "better-than" certs compared to CySA+ and Pentest+... Their training courses SEC504 and SEC560 are awesome... and ?
Finally I'd like to plug Antisyphon trainings
They offer very good value for money, via online trainings. Some of these are pay-what-you-can, letting you pay somewhere between $25 and $495. Others are fixed price, but well worth it.
Case in point -> Modern webapp pentesting with B.B. King.
That's $495 for 16 hours (4*4h) of online training with a group of fun students and the excellent B.B. King. It goes into a whole bunch of very important tactics and testing methods for modern web applications. Recommended!
kilala.nl tags: work, studies, teaching,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.