0

I am into non-functional (performance) testing for 12 years. I am planning to move to pen testing with GCIH certification. Can I get a fresh start in pen testing after this?

StackzOfZtuff
  • 17,783
  • 1
  • 50
  • 86
PrashantMP
  • 3
  • 1
  • with only knowing you have GCIH , I would say no – TheHidden Aug 08 '17 at 12:17
  • 1
    Define what you want to do, check the requirement section in current jobs offer, and define how you can match these requirements. In other words, let the demand draw your decision so you are sure that at the end your offer will match the demand. GCIH being an certification for incident response team, I have some doubts that any pentester job offer will require it. – WhiteWinterWolf Aug 08 '17 at 12:40
  • @WhiteWinterWolf Thanks for the hint. I think this should have been my starting point. – PrashantMP Aug 09 '17 at 15:43

2 Answers2

0

TLDR: No. Start reading and go for a OSCP or SANS 560.

If you are moving into pen-testing it would be best for you to have more than just a GCIH. If you already have your GCIH it means that you are at least above beginner. I recommend taking the follow steps.

1.http://overthewire.org/ | This site is great for practice in understanding all things that might be done at a high level. I recommend at least finishing all the bandit levels.

2.https://www.vulnhub.com/resources/ | This should be your home for a little while. read it love it.

  1. Sign up for OSCP.

I would imagine that it should take at least 3 months before your ready to signup for OSCP and probably 1 or 2 months before you are able to pass.

Cheers, CND

CND N ME
  • 16
0

Assuming you're only interested in GIAC certifications, if you're looking to expand your knowledge of infosec in general, then incident response is definitely a good place to start. Unfortunately there is a lot of opinion involved in answering the question of which cert is best to start with.

You're probably already aware of this common advice, but I'll offer it anyway. While prepping for a certification exam will most likely require you to expand your knowledge, if you take the initiative to learn independently of any particular exam and just absorb as much as you can, your skills and experience will take you further than any particular certification will. I've personally known infosec cert holders who couldn't properly secure a system to save their lives.

See this thread for more discussion - Professional certifications for IT Security

expertsnipo
  • 93
  • 1
  • 1
  • 7