From Network Engineering to IT Auditing: My Journey to CISA and the Next Challenge – CEH v13

CEH v13 Study Plan: Mastering Ethical Hacking & Cybersecurity

Why CEH v13? Cybersecurity threats are evolving daily, and organizations need professionals who can think like hackers to defend their systems proactively. After successfully transitioning from Network Engineering to IT Auditing (CISA), I am now embarking on my Certified Ethical Hacker (CEH v13) journey to strengthen my offensive security skills.

?? Study Plan Breakdown

Phase 1: Foundations & Reconnaissance (Week 1-3)

Focus Areas: ? Introduction to Ethical Hacking ? Footprinting & Reconnaissance ? Scanning Networks ? Enumeration

?? Study Resources: ?? EC-Council Official CEH v13 Course Modules ?? "CEH Certified Ethical Hacker All-in-One Exam Guide" by Matt Walker ?? LinkedIn Learning: Ethical Hacking Foundations ?? Labs: Hack The Box & TryHackMe (Beginner Labs)

?? Goals:

• Understand hacker methodologies and attack vectors
• Learn OSINT tools (Maltego, FOCA, Shodan)
• Perform network scans using Nmap, Zenmap, and Netdiscover
• Enumerate targets using NetBIOS, SNMP, and LDAP

?? Phase 2: Gaining Access & Exploitation (Week 4-6)

?? Focus Areas: ? System Hacking & Privilege Escalation ? Malware Threats & Trojans ? Web Application Attacks (SQL Injection, XSS, CSRF)

?? Study Resources: ?? OWASP Top 10 (Essential for web security) ?? Udemy: "Web Security & Bug Bounty" ?? Labs: Metasploit, DVWA (Damn Vulnerable Web App)

?? Goals:

• Exploit Windows & Linux systems using Metasploit
• Understand password cracking techniques (John the Ripper, Hydra)
• Learn buffer overflow & exploit development basics
• Conduct SQL Injection & XSS attacks in a controlled lab

?? Phase 3: Maintaining Access & Covering Tracks (Week 7-8)

?? Focus Areas: ? Post-Exploitation Techniques ? Hiding Tracks & Evading Detection ? Advanced Persistent Threats (APT)

?? Study Resources: ?? Red Team Field Manual (RTFM) ?? YouTube: IppSec Walkthroughs ?? Labs: C2 Frameworks (Empire, Cobalt Strike), Anonymity Tools (Tor, VPNs)

?? Goals:

• Set up backdoors & persistence using Netcat, Mimikatz
• Bypass firewalls, IDS/IPS, and AVs
• Learn log tampering & forensic evasion techniques

?? Phase 4: Wireless, Cloud, & IoT Hacking (Week 9-10)

?? Focus Areas: ? Wireless Attacks (Wi-Fi Hacking) ? Cloud Security Threats & Exploits ? IoT & OT Security

?? Study Resources: ?? EC-Council CEH v13 eBook on Wireless & IoT Security ?? Coursera: "Cloud Security Basics" ?? Labs: Wi-Fi Penetration Testing (Aircrack-ng, Kismet), AWS & Azure Security Labs

?? Goals:

• Crack WPA2 Wi-Fi passwords using Aircrack-ng
• Perform Cloud Pentesting on AWS, Azure
• Identify IoT vulnerabilities using Shodan & firmware analysis

?? Phase 5: Exam Preparation & Real-World Practice (Week 11-12)

?? Focus Areas: ? CEH v13 Mock Exams & Review ? Bug Bounty & Capture The Flag (CTF) Challenges ? Final Hands-on Lab Practice

?? Study Resources: ?? Boson CEH v13 Practice Exams ?? Hack The Box Academy (Red Team Path) ?? Labs: TryHackMe "CEH Practical," VulnHub Challenges

?? Goals:

• Score 85%+ on multiple CEH practice exams
• Participate in CTF competitions (CTFtime, Hack The Box)
• Conduct end-to-end penetration tests on simulated environments

?? The Mindset: “Intimidating but I’ll Do It Anyway”

I’ll be honest, CEH v13 looks intimidating, but so did transitioning from Network Engineering to IT Auditing and earning CISA. The key to success is structured learning, hands-on practice, and persistence.

I’m fully committed to mastering ethical hacking and aligning my expertise with governance, risk, and compliance (GRC) and security leadership. This journey is not just about passing an exam, it’s about becoming a security professional who can anticipate threats, secure networks, and protect critical infrastructure.

I’d love to connect with like-minded professionals, mentors, and security leaders. If you’re in the cybersecurity space, let’s talk.

#CEH #EthicalHacking #CyberSecurity #SecurityLeadership #CISA #PenetrationTesting #RedTeam #ITGovernance #RiskManagement #SecurityManager