Digital Forensics and Pentesting: what now?

Question

So, i want to enter the security field, and i'm leaning towards security auditing, digital forensics, and reverse engineering. i'm in school right now, i'm studying x86 ASM, exploring Linux, and soon to be working on understanding exploit development.

i really don't know much about Linux or networking as it is, and i'm interested in taking some SANS courses (incident handling and exploit development http://www.sans.org/security-training/hacker-techniques-exploits-incident-handling-40-mid), and taking their entire path all the way through to help speed up the learning process.

so, i have a few questions:

what do i need to know to take these sorts of classes and actually benefit from them? what do i need to know before studying for a CEH exam? how about offensive security certifications? should i start with the Linux+, Networking+, and Security+ certificates, or is there a more efficient way to learn what i need to know?

thanks!

Edit* Sorry @ Rory. My main question is this: Exactly what do I need to know to be able to begin the SANS path beginning with the SEC504 course?

Hi @zero - welcome to security.stackexchange. Bit of a tricky question to answer, many folks here come from very different backgrounds so answers will be subjective. Have a quick look at the FAQ and see if you can build a question that avoids the hazards of subjectivity:-) — Rory Alsop, Jun 16 '11 at 12:58
What school level are you in: high school, college, masters program? What kind of career do you hope to have? Are you interested in police work, consulting, network engineer, etc? Depending on your target position and employer certifications range from unknown to required. — this.josh, Jun 17 '11 at 01:28
I'm currently an undergraduate studying computer science. I'd like to work in digital forensics, and be proficient in developing exploits and reverse engineering. I really just want to know exactly what I need to know to begin taking these SANS courses. — zero cola, Jun 17 '11 at 07:10
See also What are the career paths in the computer security field? - IT Security - Stack Exchange — nealmcb, Jun 18 '11 at 05:16
maybe you could ask this question on this site proposal: undergraduates. Follow it if you find it interesting! — Daniele B, Jan 23 '13 at 17:13

Scott Mortimer · Answer 1 · 2011-06-18T08:14:04.613

5

I pursued a similar path like this:

Linux+ --> Network+ --> Security+ --> CEH --> Currently studying for CISSP

I have found that they all tie together quite nicely and give a very good overview of important aspects of the INFOSEC field.

edited Jun 18 '11 at 08:14

answered Jun 16 '11 at 14:52

Scott Mortimer

61
2

Do you feel like the Linux+, Network+, and Security+ certifications gave you all the background you needed to begin studying for the CEH? – zero cola Jun 17 '11 at 07:11
Yes, I feel they helped. I have been doing Unix/Linux Administration and for many years and have a decent background in networking which is all very useful for any security certification. – Scott Mortimer Jun 18 '11 at 08:16
How about skipping the Security+, and going straight to the GSEC after Network+? I have programmed chat clients for Yahoo and AIM in C, have moderate experience with tools like WireShark, and have found some web app input validation vulnerabilties. – zero cola Jun 18 '11 at 15:42

score 2 · Answer 2 · answered Jul 29 '11 at 18:54

My opinion is that don't try to short cut the game. This link to Teach Yourself Programming in Ten Years sums it up all quite nicely. If you want to be successful at taking and getting the most of your SANS courses, then start with the basics. At least start with GSEC so you can start to get used to some of the terminology. If you are deciding to take the tests they are quizzing your knowledge of terminology as much as subject material.

If you are in school, I would suggest that you are already drinking by the firehose enough in those classes. Do some independent study and figure out what parts of InfoSec you like and start reading books on those. If you can go to a conference that has Lightning Talks, even better.

Take advantage of your school if you can and take those CS/CSE classes. Learn the 'why' of how this technology works and you'll be more than prepared for the 'what' when you're ready.

Digital Forensics and Pentesting: what now?

2 Answers2