Hi Hacker Family!
I know it’s been a while and I’m sure you’ve all missed me to a certain extent? (If not, that’s cool too, no feelings hurt here).
I hope you’ve all had some good vibes going strong this year!
Gosh. It’s been one hell of a ride. But yes! If you’re still following, let me get you all caught up, as I try to fill you in on my journey into penetration testing.
Nope. Still haven’t gotten there, yet.
But I did accomplish a few things along the way. This year I enrolled as a student at the SANS Institute and started working on my undergraduate certificate. So far I’ve got 2/4 certifications underneath my belt (GFACT and GSEC), and I’ll be taking the GCIH exam on Dec. 1.
I don’t want to overburden you with reviews and all (there’s plenty of those available). But I will leave you with a brief summary of my experience with these two courses.
GFACT — SEC275: Foundations: Computers, Technology, & Security
This was a fundamentals course. But unlike any that I’ve taken such as CompTIA A+, Network+, and Security+. I felt like it was all of those combined into a single course, and then some. We even covered buffer overflows and debugged a few applications in the labs portion. This was much more in depth and I had a great time. The material is solid.
GSEC — SEC401: Security Essentials — Network, Endpoint, and Cloud
This. This was a beast. There was a lot of information in this course and I had a difficult time keeping up (as this was my second consecutive 8-week course). I was so burned out by the end of course. I’m not sure how I pulled through (while holding a full-time job and family), but I managed it some how, at the expense of draining my mental health. There was A LOT of information in the course. It was as they say it is, Security+ on steroids (+ more).
GCIH — SEC504: Hacker Tools, Techniques, and Incident Handling
I’m not certified yet, but I’ve gone through the course twice and have a few more things I need to finish before the exam (Dec 1). Overall I feel confident (since I did pass the practice exam). I enjoyed this course much more than the two previously mentioned. I felt like it was more hands-on. There are many labs covering incident response analysis and attacker techniques such as pivoting and post-exploitation. I felt comfortable with the attacker aspects, since I’ve spent a great deal of time in that domain.
So, what’s next after this?
I think I’m going to take a little break for a few months. That’s 3 certifications for me this year! I’m fucking tired man! Accomplished, but drained.
I’ve finally gotten over my fear of rejection and started applying for SOC Analyst positions, even though I have more experience in the offensive side of security. We’ll see what happens…
I think my next cerftification will be the GPEN followed by the OSCP. But in the meantime I’ll keep myself occupied with the Hack the Box Penetration Testing Pathway. I plan on starting SEC560: Enterprise Penetration Testing late next year. Gaining 1 new certification each year is my goal, in order to upskill.
That’s it! I hope you’re all well and I wish you the best of luck in your journey.
Thanks for following my journey into penetration testing!