Most of that guide is about building IT skills generally rather than pentesting skills specifically.

There is a big jump in difficulty from Step One (learn the OSI layer) to Step 2 (read five non-introductory Cisco books).  I'd recommend getting the CCNA study guides from Cisco (two volumes) and also Practical Packet Analysis (once you get further in).  Once your Cisco and TCP/IP skills are solid, pick up the Cisco security titles the guide author mentions.

I don't know what Linux books are considered good right now, but get Absolute BSD if you want to learn FreeBSD.  For programming, check out http://programming-motherfucker.com/become.html .  Learn Python or Perl to start.  Along the way, plan to learn C and SQL to a basic degree.  You need to understand how to read code, craft SQL statements, and automate basic tasks.  If you want to be a good programmer and develop complex tools, put aside everything else and just program for a couple of years.

The guide author suggests building a lab and learning to hack them from Bugtraq posts, but I think you should start with a book so that you have a little more structure.  I've read several Hacking Exposed volumes and enjoyed them.  Others have recommended Counter Hack, and Professional Penetration Testing Vol. I by Thomas Wilhelm.  Professional Pen Testing is probably your best bet to start: it actually focuses on setting up a lab and learning with it.  After you've read one book, read another and spend more time reading the mailing lists.  Read lots of articles, Google, play.

Curious to know what you perceive as being an overall good pentester? My definition of a thorough, good, and reliable pentester is someone who is versatile, can adapt and is experienced in a wide array of technologies. Because SECURITY is nowadays a broad term, I noticed that far too many pentesters are nothing more than tool-testers. Tool testers who know little about the layers associated with what they are doing. This is why many fail and this is why the current market is saturated with individuals running metasploit, Nessus, GFI and other tools passing themselves off as pentesters.

Books like Counterhack Reload, Hacking Exposed and Professional Pentetration Testing offer you examples on "staged" systems. Systems that are loaded for you to be able to compromise. While they have their place, they are minimal in real world exploitation and often the exploits used in those books are worthless. Many are written from the LAN perspective as nmap'ing a CIDR nowadays gets you nowhere.

When I wrote penetration testing 101, it was meant to introduce people to systems administration, networking and then security. Many in fact, I want to say 75% of the so called penetration testers I have met, spoken with, picked their brains are little more than tool jockeys. Without their tools, they're lost. They know little about what to do in the event they become tool-less so what is their real value?

Let me put you in a "cyberwarfare" scenario right now. You're deployed to a foreign country, your platoon is under fire and the enemy is jamming your signals. You managed to get a hold of an enemies laptop. Its a Tadpole running Solaris... What do you do? Call it a day because 1) you don't know Solaris 2) You don't know the common tools on Solaris 3) Call it a day because you don't know or understand what IKE and or aggressive versus main mode is? What do you do?

Let me give you another real world example, you're thrown into ANY environment that is contained on say a C2 style level of security. You cannot install ANYTHING, IPS is logging via syslog remotely. How do you get in and out undetected without using your favorite tool of choice?

The reality is, most SYSTEMS contain all the tools you would need, you just have to know what tools are doing what and have a thorough understanding about different layers of the OSI. How things interconnect, what is responsible for what. This is the reality of pentesting. Not a quick nmap scan followed by metasploiting. This is real world when in the real world, the system you are analyzing/testing/compromising will have security mechanisms to detect you, there may be a live individual halting or slowing down your progress. Not some "fire and forget" voodoo you see in a book.
   
It takes more than labs to make a good pentester. Labs are like shooting fish in a barrel. Trying to "replicate" your target is worthless since you will NEVER have the same configuration files, accounts, network layout and so forth. So while you can wet your feet with content in books like CounterHack reloaded, that's all they're really good for.
   
When I took my RWSP exam, for those who've done the OSCP, think of it as the OSCP with an enemy on the fly countering you. Was a seriously hard exam. While I took it, no one could figure out what I was doing and where I was coming from because I followed NOTHING from a book. Everything was improvisation. I still accomplished my objectives during that exam and that to me makes a good pentester. Someone who you can plop into a drop zone with zero that can accomplish their objective. Not someone whose proficicient at metasploit, or scapy, or Nessus. On the counter, I would see those tools a mile away and you'd be stopped dead in your tracks.

Maybe the next monthly giveaway should be a dinner date

I didn't mean to imply that general IT skills weren't necessary. I was only commenting that  your tutorial assumes that someone is starting from the beginning rather than from a strong networking/sysadmin skill base.


No argument there.  I think the road you laid out would be a little hard-going for a beginner and many people would be better served by reading a book or two first to give them a bit of a foundation.  I wouldn't expect anybody to become a professional anything just by reading a book.

That actually sounds pretty cool.  Certs are just a bonus to some of those decent technical courses, honestly the main reason I am currently taking eCPPT is just for the knowledge.  In my market it is not that well known of a cert.  But the content is decent and a great way to get a better understanding of the material.

As for what you are trying to do, I think that would be a great way to learn.  Then afterwards the students can take that knowledge back to their current jobs and making their pen tests worth that much more or for the beginners to go and maybe pursue some entry level certs.  I look forward to hearing more about this when you find time in the busy schedule.

Hi lynoharvey,
I agree with you. There is so much to learn. I am at a crossroad right now. I'm trying to get my foot in the door but do not know what direction to go in or where to start. App Security and Forensics are the most interesting to me. So I may continue on the EC-Counsil route and get the CHFI or get a Masters. Where did you go for your Masters?
The advice Sil offers at his site is great. Thanks Sil.

^ ++1