Guys,

I just graduated from RIT with a Bachelor of Science degree in IT (Website Development and Networking).

Now I am focusing on Offensive Warfare as my main specialty. So I want to specialize in Penetration Testing and get licensed. I want to get certified in OSCP, or LPT.

http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/

Then eventually I will probably take Cryptography (program viruses) at RIT, and be able to write/program my own exploits via python, perl, and etc.

I really want to register for a course online (I can't do it via live classroom because I have hearing loss and would require an ASL interpreter) so online class would be ideal for me.

So please put me in the right direction and where should I do first? Thanks!

Get licensed by whom? In a conventional licensing scheme, one takes exams and is certified by a governing body who sets forth parameters of checks and balances alongside rules to ensure that the individual licensed is "on board" with the objectives of whomever gave them the license. When the individual strays from this, the license is revoked, penalties applied and so forth. There is not ONE organization that 1) has the authority to make this sort of rule 2) has the capability/know-how to enforce any silly rules it could apply when it comes to "cybersecurity." The framework for global cooperation is not and will never be there so such license would be utter nonsense and complete marketing.

You don't need a license to perform penetration testing and anyone who tells you this needs to stick to reading re-hashed nonsensical books. What you will ALWAYS need is insurance to cover yourself and the possibility of damages you may incur from doing something wrong. No one, not one organization be it SANS, EC-Council, even the US Government can make a push for "licensing" pentesters. The content would be so broad and never-ending no exam could possibly be given. This is because of the many areas of security involved in penetration. (See http://infiltrated.net/TechnicalSecurityRoadmap.html)

Now, to answer your question, the link above will also give you a glimpse and starting point at the many different and diverse areas concerning security testing. I suggest having a look..

I prefer to stick with networking, programming and systems based reading. For the most part, there are under one handful of books that are alright when it comes to pentesting. The problems I have are:

1) Content is tailored for your reading pleasure
In most books, they're using loaded examples. Similar to shooting fish in a barrel. What are you learning? Certainly not the core of what happens during an exploit. You're leaning what they did to compromise their loaded machine.

2) Content is horribly narrow
Name me one pentesting book that does not use MS08-67 and I will show you 20 that do. Pentesting does not revolve around Windows MSRPC. There is a lot more to understand and learn.

3) Rehashed rehashed rehashings
Most books I have read (and I have read about 10-12 books this year alone) are so repetitive of the things that I have seen in other books and blogs that its disgusting. I would (and always do) recommend understanding systems and networking at an extremely level (understand the protocols) moreso than focusing on wasting money on "Hacker Voodoo Edition 7 Multi Platinum Bling Bling Edition."

Reasoning for me so adamant about learning such content (sys/net) for those new to pentesting is that it makes them well rounded where they begin to compile a wider array of expertise. Makes little sense to compromise a system only to get on the system and not understand even the basic commands, the basics of say a multi-homed network, a NAT'd network, VPN'd network and so forth.

When it comes to pentesting, that's one of the ones that those in the know look to and respect. It isn't a case of oh, I read a book and passed a multiple choice question test. The PWB / OSCP is completely hands on, and you'll learn a lot along the way. Search through the forums, there have been many discussions on it, how many times people had to take the exam, and what we all think of it. Even people that took it and failed feel that they learned quite a bit along the way.

Will it tell HR or a hiring manager that you're the world's greatest pentester?No. will it tell them, if they know what the cert is, that you know something? Yes. Will it show you're willing to learn, and continue your education? Yeah.

While I don't have the OSCP, and haven't done the PWB course. I have done the WiFu course, and got the OSWP. I've been brought in a few times for interviews just because of it. They wanted to know what it was like and impressions of it.