Hi Guys, I've spent a lot of my time in infrastructure roles and picked up MCSE and CCNA along the way. I always found myself more interested in the security sections these work roles presented and found myself getting the infosec bug from books by Bruce Schneider and Kevin Mitnick to name just two. I then progressed by self studying the CEH and moved into a general IT security consultant role with a big firm. Again I carried on my knowledge by self-funding\studying CISSP and CISM and passing. I now feel that my work has become a little stale and find myself giving signature type incident\project answers on the risks to the business. So of late I've been thinking of specialising into a pentester role. I have to coordinate and review pentests at my current job and alarmingly had to step in once or twice when I've felt the pentest is creating unacceptable risks to the business (something some forget that's why we are here!) So I'm glad I've seen the wider picture here also! After some research I've seen that in the UK you have to get a cert that meets up with the CHECK standard. So that's TIGER or CREST for me being none government. Its not worth me progressing the LPT route in reality... Anyway given my background I've decided to take one of these next year. I'm currently taking the OSCP as I heard it was a good course for content alone! and I thought this would be a good start to my prep. I'm also reading hacking windows and linux titles having finished hacking exposed 6. oh and hacking web apps exposed all latest edition. I shall work through the met unleashed course also and up my scripting of pearl or should I use python? other than that I was going to download the exam outline and research the topics off the net.... would this be enough to pass one of these exams? sorry but 1600 is a lot to lose when its self funding - failure is not an option!!!! I've seen the topics outlined and it does not strike me with fear as many I've studied, but its hard to really know the level required. Any advice from guys who have sat these exams or the prep they did would be great...

just for your info the crest and tiger exams both consist of a written exam and an assault course to gauge practical hands on experience. You would be expected to draw a network diagram of the network then systematically move through the network compromising each machine - routers, various win boxes and linux/sun. some compromises will be straightforward eg metasploit etc, but others will have multi vector approaches.

Rob