My name is Jason Bernier. I decided to create this blog to write about different personal events as well as technical products and news.
A little about me
I have been in the IT industry since 1995. I got my start by enlisting in the US Navy. I served for 5 years as an IT and made my way to where I am now. I am currently a red team operator serving a government client.
My current certifications are as listed below:
Microsoft Certified Professional (MCP)
Microsoft Certified Systems Administrator (MCSA) on Windows 2003
Microsoft Certified Technology Specialist (MCTS) on Windows 7
Microsoft Certified IT Professional (MCITP): Virtualization Administrator
Microsoft Certified Solutions Expert (MCSE): Server Infrastructure
Microsoft Certified Solutions Expert (MCSE): Private Cloud
Microsoft Certified Solutions Associate (MCSA): Windows 2012
VMWare Certified Professional 5 (VCP5)
Redhat Certified Systems Administrator (RHCSA)
Certified Ethical Hacker v7 (CEHv7)
Offensive Security Certified Professional (OSCP)
GIAC Certified Incident Handler (GCIH)
Offensive Security Wireless Professional (OSWP)
In addition I hold a Bachelors Degree in Information Technology and Information Systems Security, as well as a Masters Degree in Applied Information Technology. I also have a graduate certificate in Applied Cyber Security.
When I am not working I am avid hockey player, and a die hard Washington Capitals fan.
what server in the offsec labs had the network key for the admin network?
Unfortunately I can not give that answer out.
Dear Mr. Jason,
Congratulations for the OSCP Certificate,
I was searching for the oscp Course and came by your blog,
I am really amazed by your career path and the certificates,
I am begginer with the Security Career and it would be previlage if i can contact you in order to ask you about the priorities with the certificates according to my skills.
Hope to hear from you.
Feel free to ask whatever questions you may have here, so that others reading who may have the same question will see as well.
Thanks Mr. Bernier,
I am new with Information Security Career,
i have attended multiple courses but i did not certify in any
1- RHCT full Course
2- CCNA R & S
3- Diploma in Java programming language
now i am interested in penetration testing,
i have installed Kali Linux but not sure what to do next?
am i eligible to take the OSCP Course
There are no requirements per say to be eligible. With that said, it would be super helpful to you if you are very familiar with Linux. Knowing how to copy a file remotely from one host to another are examples of things you should know how to do.
You can find the syllabus for the course here.
More about the OSCP here
Hey Jason! I was searching around in regards to the OSCP certification and I stumbled across your blog. I live walking distance from Lockheed and I am going to be undertaking this seemingly gruesome task soon and I was wondering if you would be willing to give pointers or advice, or even perhaps mentoring throughout this. I am a student as KSU trying to get my foot in the door with regards to pentesting. I dunno feel free to email me at firstname.lastname@example.org if you find this proposition appetizing.
I would recommend finishing your degree first. If you can manage to work on the OSCP, then that is also a plus. If you’re looking to do any federal government work, then you’ll also need to pick up Security+ and possibly the CEH.
What is your degree in?
Is there a way we can communicate offline?
Please ask any questions here, as others who visit may also have the same question you may have.
Jason – Congrats on passing the GCIH, just read your post on techexams.net, i’ve got my exam scheduled for April 25, been working feverishly on my index, was wondering if you would consider sharing your index with me, I would love to have a second source to compare/potentially use. Thanks for your consideration.
Ill shoot it over to you when I get a chance tonight.
Congratulations on passing the OSCP exam. I am a software engineer with 1.5 years of experience. I am working as a backend developer with bulk of the work being done in PL/SQL. I am very interested in getting into cyber security domain. I have done a course on CEH but didn’t go for the certification. It would be very kind of you to please let me know about how to start the journey for it. I have read a lot on the net and am very much confused. Any help will be hugely appreciated.
Thanks & Regards
Study for the CEH certification and pass the exam. Get some practice on whatever aspect of security you are looking to get into, whether it be pen testing or forensics. Practice is going to help big time.
I’m glad to have come across your blog; this is definitely going to come out amateurish and maybe no one has ever asked this question but would you be willing to mentor? Just a brief quick intro, currently active duty military wishing to transition to IT (specifically pen testing) but my mind is every where on how to spear head this goal. I appreciate your time and thanks for any help you can offer.
Unfortuneatly I don’t really have a ton of time to mentor anyone. I took a job as a red team operator with a gov agency not too long ago, so I have a ton going on with work, as well as working on completeing the OSWP and starting on the OSCE soon.
The best advice I can give you is if you are trying to get into IT is to make it more than just a hobby. To be successful you have to have a passion for it. Its like anything else, if you don’t practice it, you will quickly lose your skills.
Feel free to drop on IRC and hang out. If I am around, I will chat.
I just finished your blog reviewing OSCP and it was immensely helpful in understanding what to expect from the cert. I had a question if you have a spare minute to read through.
I’m hoping to reserve lab time (ideally 30 days) within the next 9-12 months and take the exam promptly afterwards. Currently, I:
-am comfortable navigating Kali
-am comfortable performing basic nmap scans
-am comfortable performing basic attacks on a VM (only Metasploitable so far, need to do some research on VulnHub)
-have a rudimental understanding of high level programming (basic experience in Java, C++)
-have a rudimental understanding of scripting (some experience in python)
-have A+ and hope to knock out Network+ next week
-have little to no understanding of Assembly, other than it’s fundamental purpose
-have no job experience in infosec
Is 9-12 months with a minimum of 15 hr/wk (585-780 total hours) a reasonable amount of prep time before signing up for the lab? I’d like to build a reasonable time management plan and not over/under shoot my goal if I can help it.
I’d go ahead and sign up now. I did not have much dev experience (aside from having to write mortgage calculators for my undergrad) and I made it through fine.
I did dedicate 90 days to it, and then needed another 30. I would imagine you would need at least 60.
Hi Jason, big fan of your review of OSCP. I’ve been a programmer for 8 years and have limited Linux experience, but enough to get by. I really want to take the OSCP (it’s been calling me/taunting me for about a year). Been practicing techniques found on the OSCP syllabus, but one thing I can’t find anything about is how much Windows experience does one need? I haven’t touched a Windows machine in 14 years and probably haven’t seen one in 6 years. Any idea on how much I would need to brush up on or learn in the Windows world?
Thanks for the review!
Thanks for the compliment, I am glad that is has helped you and others.
As far as Windows, I would say knowing how the Windows server OS works in general, knowing how to navigate with a command prompt (terminal for you total Linux types), is a big help. I would try and get more familiar with the OS. Go and download a Windows Server ISO from Microsoft for free and test it out.
Like the blog! Have a couple of questions about getting into contracting – I am an aspiring Pen Tester!
1) What access to hardware/tools do you need to be a credible pen testing contractor? Is it expensive to set up as a contractor in this space? If I wanted to be a contractor for a big UK company would I need some infrastructure for them to hire me?
2) Do the consultancies like NCC group who offer Pen testing use contractors do you think, or would they only use their own staff?
1. I don’t contract myself out like that. I work for other companies as an employee.
2. I don’t how any of that works. As mentioned, I work for a company that contracts me out.