My advice to you would be follow your heart money is not everything. I know we all need to money to pay bills so on. But I personally rather do something I love and and get paid less than be paid loads for a job i disliked doing.

IMO security is a great field to work in because there are always challenges always something to learn.

How much you earn really depends on how good you are at it for example a rough guide in the UK is
Junior can earn 20k to 25k
Team Member in the UK can earn from 25k to 35k
Team leader can earn 35k up to 90k

Onto of that most companies offer a bonus my last company offered
2k for doing 100 jobs
5k for doing 130 jobs
10k for doing 160 jobs

of course this is not every company but most do offer some sort bonus and it depends on how big and busy the company are.

I think this decision is something only you can make sometimes in life you have to take a step back to go forwards.

I had issue with it too and didn't have time to sort it out  but maybe if you post bit more information on what you having an issue with. Is it giving you error message ? or not booting so on. also what version of Kali are you using ?

Kali for me seem to have some bugs so I don't really use this.

If you want easy life then BT5 as it has all tools and you don't need to worry about install new tools.

If you want a challenge and want to learn more about Linux I would say Ubuntu or any other linux OS where you need to install tools from scratch as it give you experience working with the system and fixing things when they break.

I have never done the CEH Exam but have read the study guides and I think personally for me reading the books and study guide was useful as it helps build you knowledge up. Even tho CEH is not pratical you still need to know the basic and I think CEH is very good at teaching the basic.

I guess the question I am asking is how can you make a end user care about security. It seems to me that most end user don't care unless something affects them directly.

Companies can spend as much money on training as they want but unless the end user puts into practice what he/she has learned IMO the training is pointless.

So when doing a Pen Test/Social engineering should targeting an individual and their personal life be more in scope ?

Thanks this looks like a good read.

Hi all,

I was recently onsite for around two weeks and notice a lot of things that were lets just say plain wrong. I was not doing a security asset of any type I was just there to help the It help desk. During my time onsite I saw password being sent via email, password around computer screens and user would get up and leave me with their computer without even asking who I was.

So I guess my question is other than training what other ways are there to teach end user about security ? How hard do you think the lesson should be ?

I guess one of the problems with the end user is they don't care as its the company being attacked not them so do you think is ethical to target the user?

I have read them thanks didnt seem to help but thanks anyway

Hi all,

Does anyone use home brew on a mac book ? I have Metasploit install but when I try update I get this error:

/usr/local/bin/msfupdate:190:in `<main>': Cannot determine checkout type: `/usr/local/Cellar/metasploit/4.5.0-2013021301/libexec' (RuntimeError)

Any help on how to resolve this I have tried google but could not find anything.

Thanks

I think I miss read you first post I would say if you don't know Linux learn that as that is a key thing to have under your belt. Then it depends really what area you want focus in first. If its networking then do CCNA that give you really good understanding of networking then build on that.

I think the stuff you plan on doing will give you a good grounding which of course you can build on security is all about learning learning learning

Is there a time frame for the changes to be made ?

I have not used it but would think it work the same way as bug crowd.

You sign up as pen tester
find issue and report them
client get report with all issue found by everyone
You get paid for issue you find as long as your the first person to find it and its in scope.

Thanks good link and very useful

I think this depends on a few factors

time
Scope
Money
The 3 part you use

IMO no company should be running Nessus and classing that as a pen test. Nessus is a great tool but no way is is a replacement for a company who are really good at pen testing.

A risk you may have also is the internal people may not have the experience to find certain issue meaning you could leave holes in your security.

The way I would do it is have the 3 party run the pen test then have the internal team fix the issue they find.

I never used them as a pro version but I guess it depends what your looking for but I don't think there is any tool that can do a job 100%. I find most tools that I use will find low hanging fruit but more advance SQL and XSS need manual work to exploit them.

There is another web tool that you can buy think its called web inspector.