CEH path

[Jbraithwaite]

Hey folks,

Only just found this site today. I've been a school IT guy for the last 8 years. Standard Windows domain, Cisco wired and wireless N network and all that. I've noticed the increase in pupils trying to circumvent network security, trying to get past filters etc. Also noticed a number of them using Onion browser on their phone on our guest wifi. They like to come in to my office and tell me things like this.

Anyway, I'm now turning my attention to learning more about info security, ethical hacking and the like. I was asked to go an a course about it, and was directed to the Certified Ethical Hacker course. I'm currently working on my SSCP too.

Came on here today and found the basic missions quite useful to get started. Up to 8 so far without help in amongst doing other duties.

I firmly believe that no matter the training, there will always be someone out there far superior, however, the CEH seems like a good place to start. I know HTML/CSS. I'm always on the Code Academy doing beginning courses in code and wrote 3 android apps a few years ago for friends. It all seems natural to slip into learning about information security, however, would I be wasting my time?

Cheers for the advice.

[limdis]

You are on point, I wouldn't change a thing. The only thing I might add is start making a habit of watching the news about the latest exploits, and read POCs when they come out. This helps you keep up with the latest and greatest and in the right mindset even on your off time.

Couple places I watch myself and read while using the bathroom;
https://www.reddit.com/r/netsec
https://news.ycombinator.com/
https://cve.mitre.org/news/index.html

[Jbraithwaite]

Thanks. I readily follow feeds on Flipboard on toilet time lol.

I'll keep my eye out on those too cheers. It's all very well being shown the ins and out via official lines of enquiry, but, we all know it's an ever changing world.

[limdis]

I might also add you may want to considering participating in CTF events. We're starting to push in that direction here at HTS. Actually performing and exploiting different attack vectors (and under pressure with the time limits) is a great learning experience. Plus you can mention them for job interviews (assuming it is a security position).

[Jbraithwaite]

I'm not currently in a security position. I'm trying my hardest to educate them to take security seriously but it's falling on deaf ears at the moment. The same folk who decide this stuff are the folk still sending CC info across emails with the CSC codes in the emails along with all the other info.

It's going to be a closing the barn doors after the horses bolted situation if they don't wake up. That typical "It'll never happen to us" scenario.

-- Wed Nov 11, 2015 3:04 pm --

Just been denied funding for the CEH via employer. They don't see it being relevant to my job. Are they fecking kidding? I honestly hope that they get a network wide cryptolocker.

No wonder folk turn activist. How is security not in the remit of IT? hahahahaha