There are plenty of consulting businesses that use pentesting as one of their tasks.  Usually with a specific person assigned to it.  This is mainly so that the person can properly represent themselves when speaking about techniques and findings.  Also, the time that is usually involved with pentesting (also depends on the depth of assignment) usually requires that this be the only task for the length of the assignment.  As a person gets more experience then they can usually include assessment work but now we are really talking about a team effort.

Currently you are on the right track.  Getting your certifications means that you have the basics.  Getting real world experience can be a bit of a problem.  Do the hacking challenges and keep reading.  If you can do some local consulting then start working on it but be careful and ALWAYS get written permission with detailed specifics as to what the job entails (and stick to the specifics outlined in the documents).  I am sure that you are currently working some where so see how you can start integrating assessment and penetration testing into their environment (but if they say no then they mean no).

Lastly, really start working on your writing skills.  How you write and how you present technical information is key.  You may consider finding a college with a masters degree program.  SANS offers one but it is not currently an accredited university.  You can check the NSA's site as they have certified several programs http://www.nsa.gov/ia/academia/caemap.cfm?MenuID=10.1.1.2.

Also remember that networking is the key.  Getting to know people in the field.  Making a name for yourself as a person who is trustworthy, smart, honest, and hard working will get you far.  Remember, the majority of the people in this field (or who have gone far in it) are workaholics and tenacious.

Hang in there and good luck.

ADDITION:  I also just found this at CIRT.net http://www.cirt.net/cgi-bin/jobs.pl?method=showjobs&product=Metasploit.  Hope that helps.

In a recent article titled "Networks beware: Skype 3.0 includes new cloaking technology" http://www.computerworld.com/blogs/node/4174#comment-24056 in Computer World the author (Preston Gralla) states "[Skype] may present a backdoor through which hackers can crawl..."

I have commented to the article and asked that the author clarify but with no response.  I was wondering if anybody here had heard about this and how it is accomplished.

I know that for P2P there may be some extra network traffic but I believe this is a part of the local application.  Unless some types of logs are kept and they can be harvested remotely I am not sure how this can be done.

It would be interesting to find out other wise.

Having a wide range of skills is indeed a necessity.  This should be the goal of all new security professionals.  And, as time passes, you will recognize the requirement to maintain a broad knowledge base through continued education. 

However, as a security professional grows s/he will undoubtedly find s/he is moving towards a field of specialty.  Be it assessments, pentesting, incident response, malware analysis, policy writing and analysis, etc.  The move may be because of business necessity but hopefully it will be because of personal choice and interest.

As to the original question of "is ethical hacking a growth industry" my answer is yes.  Legitimate as well as criminal businesses are just now starting to harvest the real potential of technology that is integrated into the masses.  There is going to be an explosion of technology and Internet based innovation.  Because of this there will be a need for security professionals who can keep up with these changes and protect business critical assets.  We will also probably see an advance in the political and military aspect of threats to business assets.

It seems to me that there has been a boom in the security consulting and research industry.  But there has also been a steady increase to the size of the security teams in large businesses.  So, I believe that you are going to have your choice of directions.

Go forth and do good things,
Cutaway

Yes, I did look there but now that I go through it again I am seeing more stuff (My GoogleFu is really off the last couple days).

Looking through again I found a Redhat 6.2 (http://www.vmware.com/vmtn/appliances/directory/490) which the developer says has all the latest patches.  I think the key is to use the seach (imagine that).  Once I started seaching I noticed stuff like Fedora 3 systems.  (I need to slow down.)

This should be a great resource once some of the currently new appliances start showing vulnerabilities. Unfortunately I believe that VMWare will start to purge at some point or the developers will just update the current versions with patches and new releases.  Hopefully they will go with an archive so that these will still be available in the future.

Alas, what I was actually looking for, an image that was chalk full of know vulnerable services and OS vulnerabilities specificially developed for evaluation and pentest training is not really there.  The hunt is on, however.

Thanks for the help,
Don

Okay, I looked through the forums but didn't see anything that resembled this question before I posted.  Now that I have had a little more time to look around I see all the posts about setting up a lab.  I guess the answer to my question would have come up in these posts. 

Hope I didn't bore you too much.
Thanks anyway,
Cutaway

Does anybody know of a repsotitory for hackable VMWare Appliances or Live-CDs?  I am hoping to find some resources with preconfigured applications that I can use to practice discovery, analysis, and exploitation without spending a great deal of time setting up the different applications. 

I know there are plenty of resources out there for defeating web authentication, SQL Injection, and XSS  but I am trying to find things like a Redhat 7.3 system with a 2.4 kernel and running Apache 1.3.20< or MySQL or have SNMP running with default strings.  Or a Solaris system running a poorly configured version of Gauntlet.  I am aware the finding a Windows image is probably out of the question because of licensing.

Thanks for your help,
Cutaway