GSEC Certification clarificationadvice?

Question

Apologies if my questions seem a little basic or not meant for a technical forum (Unsure where to post a career related question). I am looking into doing courses and certifications with the aim of becoming certified for penetration testing with a possible specialisation into Wireless and Web Application security.

With this in mind I was looking at the www.giac.org certification roadmap and a little unsure as to which course(s) to plan for. I'll probably self-study and then write the exam for the introductory courses with a view of taking live classes for the more advanced courses.

What I am unsure on is which courses to write the exam for in which order? I assume for Penetration testing I would need the following (In order) or am I repeating course materials in any of these?

GISF: GIAC Information Security Fundamentals
GSEC: GIAC Security Essentials
GPEN: GIAC Certified Penetration Tester
GWAPT: GIAC Web Application Penetration Tester
GAWN: GIAC Assessing Wireless Networks

Taken from: https://www.giac.org/certifications/get-certified/roadmap

Are any of these unnecessary?

I have already taken the step of purchasing a number of books from amazon on Penetration testing, set up some Virtual Box environments installed with various vulnerable OVAs from the OWASP site and install various, SP1 windows systems.

I've had a play around using Metasploit, nmap, etc to first see if the industry is something I'd be happy with moving into and can say it completely fascinates me and now want to to the certifications formally with a view of possibly getting a job with a team in a few years as a 47 year old (I am 45 now).

Hence my question about the roadmap above, I do not want to spend time on something I will not need as the courseware and exams are quite expensive and I'll be funding this myself.

As a side note, I am currently a senior web and mobile application developer.

Many thanks John

Include in your roadmap the OSCP certification. I'm currently studying for it and I can say that I'm learning a LOT. — Ricardo Reimao, Feb 20 '17 at 11:50
at your certification roadmap? Is this a mail you sent them and then copied here? Please [edit] — , Feb 20 '17 at 12:02
@Ricardo, thanks for the info, I'll certainly look into that one. — John Cogan, Feb 20 '17 at 12:20

score 0 · Accepted Answer · answered Feb 20 '17 at 12:51

In my opinion going for SEC560 then SEC660 and SEC760 after that you can go confidently for the OSCP , OSCE.

note : if you got took SEC560 ,660 ,760 you dont really need to go for off-sec certs , but it you want more experience .. go for it

If you're more into Web Application Penetration Testing you better go for SEC542 then Take the SEC642 then the OSWE

note : OFFENSIVE-SECURITY certifications are cheep comparing with the GIAC Certs but they're much harder to get , you need to study for at least two months for them "full time studying"

If you want to be a pentester "only" then follow my plan

but if you're planning to get a master's degree or GSE then you better follow the specified courses

read more about the GSE : https://www.giac.org/certification/security-expert-gse

read more about the SANS Pentesting certs program : https://www.sans.edu/academics/certificates/penetration-testing

I dont think that you really need GSEC or GISF because you're already familiar with some of the most important tools and you have a good understanding of the hackers tools and techniques

if youre going for the Web apps i suggest you get a copy of the owasp web app pentesting methodology from this link : owasp. org/images/1/19/OTGv4.pdf

note : i'm the youngest GPEN holder on earth and i asked your question to the SEC560 instructor and that was his answer

Much appreciated user7451333. Valuable info there. – John Cogan Feb 20 '17 at 13:33 — John Cogan, Feb 20 '17 at 13:33

GSEC Certification clarificationadvice?

1 Answers1