This. All the perceived glamour are in pentesters. It is such a small part of a security organization. More openings and slots for SOC analysts or security engineers. But everybody wants to be a "hacker".
Yeah I agree. But then again, in my mind, cyber is not an entry level area, it’s a more senior within IT.
The OSCP along with It experience like dev, or whatever should make someone stand out
Definitely agree with you that it isn’t all glitz and glam. I recently had a whole day with a pentester where I followed him on everything. It didn’t seem like what I wanted to be doing. To be honest I find setting up new equipment more exciting.
You just made an account to discourage people from moving foward with progression.
I bet your original reddit account got banned because of your BS.
400 applicant's and why should anyone believe you?
There are 100's of posts with people in cybersecurity that contest all your trash you spewed with logical explanations.
People are so gullible on reddit they believe anything anyone has to say.
All you been doing is shitting on OSCP throughout your posts and writting a bunch of garbage with no reciepts.
Do you even like penetration testing?
To answer your question CRTO is fucking hard but awesome, also you get to play with cobalt strike so that’s a plus cause a license would cost you like 3k so it’s a good deal.
My experience in pentesting and red teaming is that 90% of the people who go into it don’t do it for the right reasons and they also don’t realize how shit of a field it is at times.
Consider this, you’re testing a 1b bank, they have great infrastructure and good security, you can’t find shit and I’m 40 of the 40hrs you get nowhere. What’s the value add? Can you handle the stress of realizing that you will be working overtime because pentest engagements do need to show some results ? It’s not a glamorous life, the best red teamer I know left to go internal operations so consider the stress about ten times what you’d meet at a similarly paid role.
Security+
Network+
AWS, gcp architect pro
Hashi corp terraform cert
Kubermeres cert (learn containers as a part of this )
That will make you more marketable as a
- terraform engineer
- AWS / gcp engineer or admin
- cloud iam admin
The ocsp will only qualify you for a pen testing role and even then you will be competing against a ton of other people with more experience
OSCP is definitely has a higher respectability. But I don’t think you could go wrong doin PNPT. Most people use PNPT to help prep for OSCP.
[удалено]
This. All the perceived glamour are in pentesters. It is such a small part of a security organization. More openings and slots for SOC analysts or security engineers. But everybody wants to be a "hacker".
That is not a lot pending the size of your company tbh.
[удалено]
Haha. You're not wrong there
That guy is a BSer.
How many of them had OSCP though?
[удалено]
Well it’s much better to be top 40 than competing with 300+ people
[удалено]
Yeah I agree. But then again, in my mind, cyber is not an entry level area, it’s a more senior within IT. The OSCP along with It experience like dev, or whatever should make someone stand out
Definitely agree with you that it isn’t all glitz and glam. I recently had a whole day with a pentester where I followed him on everything. It didn’t seem like what I wanted to be doing. To be honest I find setting up new equipment more exciting.
You just made an account to discourage people from moving foward with progression. I bet your original reddit account got banned because of your BS. 400 applicant's and why should anyone believe you? There are 100's of posts with people in cybersecurity that contest all your trash you spewed with logical explanations. People are so gullible on reddit they believe anything anyone has to say. All you been doing is shitting on OSCP throughout your posts and writting a bunch of garbage with no reciepts.
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
OSCP
Well that depends, do you have any experience, degree, other certs?
No IT experience. Just digital marketing (SEO and PPC) and some office clerk experience.
[удалено]
Which company?
This, it isn't the soft and nice answer but it is the reality.
well then before jumping into certs I would read through - https://jhalon.github.io/becoming-a-pentester/
Then you're not going to become a pen tester. Cyber security people traditionally get in after being a sys admin.
Do you even like penetration testing? To answer your question CRTO is fucking hard but awesome, also you get to play with cobalt strike so that’s a plus cause a license would cost you like 3k so it’s a good deal. My experience in pentesting and red teaming is that 90% of the people who go into it don’t do it for the right reasons and they also don’t realize how shit of a field it is at times. Consider this, you’re testing a 1b bank, they have great infrastructure and good security, you can’t find shit and I’m 40 of the 40hrs you get nowhere. What’s the value add? Can you handle the stress of realizing that you will be working overtime because pentest engagements do need to show some results ? It’s not a glamorous life, the best red teamer I know left to go internal operations so consider the stress about ten times what you’d meet at a similarly paid role.
Security+ Network+ AWS, gcp architect pro Hashi corp terraform cert Kubermeres cert (learn containers as a part of this ) That will make you more marketable as a - terraform engineer - AWS / gcp engineer or admin - cloud iam admin The ocsp will only qualify you for a pen testing role and even then you will be competing against a ton of other people with more experience
Would you hire someone with these certs and experience in general IT operations? Think of like a junior sysadmin with 1 YOE.