Study plan for the next few months - Updated June 2011

I am about to embark on a full time IT Security study program for the next few months.

It's a syllabus of my own design. (There aren't really any university or college courses that I could attend, which cover the areas I want to study and research).

Over the last year I certified for CISSP, CISM  and OSWP (and got about halfway through PwB, + completed ITIL V3 Foundation and Prince2 Practitioner) - My next plans are a continuation of that study, but now really focusing-in on Pentesting and Ethical Hacking, and studying full time...!

I feel this is a big step for me, and a journey of thousand miles starts with a single big step (which I have already taken)

Phase one

In the first one or two months I will be focused on finishing PwB "OSCP", and passing the CISA exam + logging some more credits to renew my CISSP and CISM certifications. (My CISA exam is booked for Saturday 11th of December).

• Update 07/11/10 - I have booked more PwB hacking lab-time starting on the 20th November, and working my way through my CISA study guide/book
• Update 13/11/10 - Renewed my CISSP for another year
• Update 04/12/10 - Completed 2 weeks of PwB lab-time, wrote several blogs during this time on tools and techniques
• Update 09/12/10 - Continuing CISA study, passed several practice exams for CISA
• Update 11/12/10 - Took CISA exam
• Update 13/12/10 - Finished Security+ course 
• Update 16/12/10 - Earned 21 hours of ISACA CPE credits this week by watching eSymposiums and passing online tests. Renewed membership of ISACA to continue my current CISM certification. Booked 30 days more PwB labtime
• Update 16/12/10 - Completed 30 days PwB lab-time - More network access gained and many more machines pwned
• Update 31/01/11 - Found out I passed the CISA exam
• Update 10/02/11 - Booked PwB exam
• Update 21/03/11 - Finished updating OSCP documentation
• Update 10-11/04/11 - Passed OCSP - First time!

Phase two

My plan is then to proceed straight to CTP (Do not pass go, do not collect $200), pass the CEH and Security+ exams, and, maybe, finally get around to certifying for CCNA.

• Update 13/11/10 - Passed hacking challenge to register for the CTP course, and got registration code for CEH exam
• Update 09/12/10 - Booked exams for Security+ (11th Jan) and CEH (18th Jan)
• Update 13/12/10 - Completed Security+ course. Signed up for CTP course starting 23rd of Jan
• Update 14/12/10 - Completed Python course
• Update 30/12/10 - Completed C programming course
• Update 05/01/11 - Completed MySQL 5 course
• Update 11/01/11 - Passed Security+ exam (Too easy)
• Update 16/01/11 - Finished CEH review book
• Update 18/01/11 - Passed CEH exam
• Update 19/01/11 - Reviewing Metasploit Megaprimer
• Update 23/01/11 - Started CTP course
• Update 08/02/11 - Completed CTP material, started reverse-engineering course
• Update 10/02/11 - Completed vtc.com CCNA course, and started reviewing CCNA books
• Update 16/03/11 - Completed vtc.com Linux Security course
• Update 06/04/11 - Completed Linux Professional Institute Certification Level 1 2009 course
• Update 24/04/11 - Completed vtc.com ICND 1 course, booked CCNA exam

Phase three

Further study (Possibly a SANS course, not sure which at this stage, and will be subject to available funds, maybe a CREST course or certification) and exploit development/mitigation research TBD...

• Update 15/01/11 - Started reviewing GPEN material
  
• Update 22/03/11 - Finished reviewing GPEN material
• Update 13/04/11 - Started research project 1
• Currently studying SANS 542 Web application attacks

 
I'm pretty much done now, and I won't be updating this blog entry further.
(I'll start another one if I need to)

and then... the future is uncertain...
(Which is always true ;o)

In tandem and supporting the above

Phases one to three will be intermingled with a sprinkling of various courses from http://www.vtc.com/, ad hoc, to support my weaker areas (VTC is a bargain online training service, at around $30 per month) I feel I need to beef-up my programming skills, especially for exploit development and research. If I can squeeze in the odd MCP then that's a bonus.

MySQL
Microsoft Transact SQL
Perl Fundamentals * Started
Microsoft ASP.NET
ASP Scripting
PHP Programming: The Basics
CompTIA Security+ Certification * Completed
Cisco CCNA 640-801 * Completed
Introduction to computer forensics * Started
Linux Security * Completed
C Programming 2007 * Completed
Redhat Certified Technician * Started
Programming With Ruby
C++ fundamentals
Microsoft Windows Vista Security  * Started
Microsoft Windows Server 2008  * Started
Advanced C Programming
Assembly Language Programming  * Started
Microsoft Windows 7
Using Security Tools  * Started
CompTIA Linux+ * Started
Linux Professional Institute Cert Level 1  * Started
Microsoft ASP.NET 3.5
Microsoft SQL Server 2008 Development 
Mac OS X Snow Leopard  * Started
Microsoft Server 2008 Server Administrator
QuickStart! - MySQL 5 * Completed
QuickStart! - Python * Completed


Also, keeping up to speed with emerging threats for which http://www.securitytube.net/ is a great site!

...plus some light bed-time reading, to fill my spare time:

CISA practice questions book * completed

Gray hat hacking * completed

Teach yourself PHP MySQL and Apache

Hacking exposed 6 - Great fun! * completed

The Web Application Hackers Handbook * completed

Python in a nutshell - bought on ebay for a few quid, bargain

C for Linux programming - as above, bargain * 30% completed

CISA study guide * completed
Certified Ethical hacker review guide * completed

7 x CCNA books I got on eBay * started reviewing

I think my schedule is full, maybe too full?

Wish me luck ;o)