I have to add that just looking at the broad spectrum of topics on the CEH is pretty intimidating.   The rabbit hole goes pretty deep (not a reference to the Matrix)   Do you guys who do this for a living have a specialty or does youre employer expect you to be a full expert in all areas?   I see the CEH as more of a "frame work"  to begin building advanced skills from.  Is that an accurate assessment?

we're full, go try something else.

just kidding in all seriousness, the CEH != penetration tester.  i cant speak for why there arent that many pentesting gigs on monster but i can speak some of the things you need to know in addition to passing your CEH.  you need to know Microsoft, Cisco, a bit about all the different DBs out there, as well as other random third party apps (go google) so you can recommend fixes to the things you find on your assessments.  you need to know web programming and really web application security if you want to work for one of the big companies and you need to know all the code fixes.  ideally if you find sql injection in an app and get in, given the source you need to find that vulnerable query and help rewrite based on the backend db to be secure.  you need to know  layer 2 hacking for internal assessments, you need to know all the client side hacking, you should probably know some windows programming so you can write or modify your own tools so they dont get picked up by AV.  you need to know how to use all those hack tools and keep up to date with whats doing on.  oh and learn how to deal with jackass customers and write reports and sit on planes for long ass flights.

i'm sure i forgot a bunch of things but thats a start.  Also be prepared to not make the money like people used to doing it.  with the prevalence of "hey i passed my CEH now i'm going to go be a pentester  and people working for peanuts sometimes people that have some of those skills dont necessarily get paid according to their knowledge and ability level. 

pentesting isnt like running nessus with credentials or the scanner of the month. you've got usually 3-10 days to find the one thing that the old you missed or forgot to do.  its a different mindset.  i dont know you, so i'm not saying you dont have it, but it is something to keep in mind.  most of the guys we have doing the VA work arent real good at or interested in doing the piece that we do.

advice for getting in, if you are sure you want to do this, really sure, be prepared to a take a junior role and get mentored and use that time to work on your skills. how much that "junior role" pays will depend alot on your skills and where you live.  do your best to find a place that has people alot better than you to learn from get your X number of years of experience and hopefully move on to more $$ and different types of networks/apps to audit.

hope that helps

no problem, just trying to put out some of the information i was or would be looking for if i was in the same situation

Thanks for the response and advice - my past VA experience is as a DoD contractor and yes that is the security team.  It is mostly reactive/preventative.  Have been doing it for a while however, it is not in our contract to provide pentesting services and the interesting thing is it is a bit taboo to mention it.  In fact in all the training the Army provides we aren't allowed to have any kind of offensive capability what so ever.   Most of the IT team (especially the security team)  consider the network certification guys who do the pen testing as the bad guy in a way.  (although they won't say it out loud their attitude shift says enough - people got real nervous!)

After reading some of your blog I see how and why the pentester isn't a welcome site for the IT team.  Whenever the network certification guys came around it was a bit hostile for them.   Anyway, thanks again for your help.   

Chris,

Where do you work? I'm looking at defense contractors as my next step as I transition out of the military and am always looking for a military/DOD friendly environment.

Mike

Yeah, I'm looking in the Huntsville area near Red Stone.