HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 111 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow Career Centralarrow Pen-Testing Career?
EH-Net
May 26, 2012, 10:18:11 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Pen-Testing Career?  (Read 5318 times)
0 Members and 1 Guest are viewing this topic.
p0et
Full Member
***
Offline Offline

Posts: 197



View Profile
« on: December 14, 2006, 05:29:58 PM »
Has anyone here actually went out and became a consultant in which the majority of what you do are pen-tests?  This is my ultimate career goal.  I'm just finishing up my SANS GCIH and you can probably already see what other certs I have.  I'm taking my CEH after the SANS one.

Anyways, just wanted to get some thoughts on starting out in this specialized field and if any of you are already here.

Thanks!  Wink
Logged
GCIH, Security+, Network+, A+, MCP, DCSE
Cutaway
Jr. Member
**
Offline Offline

Posts: 96


Cutaway


View Profile WWW
« Reply #1 on: December 15, 2006, 10:12:50 AM »
There are plenty of consulting businesses that use pentesting as one of their tasks.  Usually with a specific person assigned to it.  This is mainly so that the person can properly represent themselves when speaking about techniques and findings.  Also, the time that is usually involved with pentesting (also depends on the depth of assignment) usually requires that this be the only task for the length of the assignment.  As a person gets more experience then they can usually include assessment work but now we are really talking about a team effort.

Currently you are on the right track.  Getting your certifications means that you have the basics.  Getting real world experience can be a bit of a problem.  Do the hacking challenges and keep reading.  If you can do some local consulting then start working on it but be careful and ALWAYS get written permission with detailed specifics as to what the job entails (and stick to the specifics outlined in the documents).  I am sure that you are currently working some where so see how you can start integrating assessment and penetration testing into their environment (but if they say no then they mean no).

Lastly, really start working on your writing skills.  How you write and how you present technical information is key.  You may consider finding a college with a masters degree program.  SANS offers one but it is not currently an accredited university.  You can check the NSA's site as they have certified several programs http://www.nsa.gov/ia/academia/caemap.cfm?MenuID=10.1.1.2.

Also remember that networking is the key.  Getting to know people in the field.  Making a name for yourself as a person who is trustworthy, smart, honest, and hard working will get you far.  Remember, the majority of the people in this field (or who have gone far in it) are workaholics and tenacious.

Hang in there and good luck.

ADDITION:  I also just found this at CIRT.net http://www.cirt.net/cgi-bin/jobs.pl?method=showjobs&product=Metasploit.  Hope that helps.
« Last Edit: December 15, 2006, 10:53:57 AM by Cutaway » Logged
Go forth and do good things,
Cutaway
Kev
Guest
« Reply #2 on: February 08, 2007, 09:09:23 AM »
  I think its important to be aware of both the good things and some of the bad things that are involved in being a pentester. Some schools make it seem like all you do is try and break into a system using some cool hacks and then you get paid and go off to your next client and hack his network, all the while wowing them with your amazing hacking genius.  Well, its not like that. 

   First of all, you need to be good at paperwork. Sometimes lots of paperwork! Corporations respond only to very well constructed reports.  I have seen really good pentesters get hurt by this.  On the other hand I have seen poor testers impress their clients with some very well done reports.

   Also, you need to be a very skilled diplomat. If the client you are dealing with has their own Admin, it can be a little uncomfortable sometimes.  Often they are scared to death you are going to make them look bad and don’t want you there. It can be a little stressful if you are conducting an onsite security audit and have all the Admin glaring at you and trying to sneak and see what you are doing.  The trick is getting them to feel you are not against them and anything presented will be done in a way as to not make them look bad. You are there to “tweak” the security. If you do find someone has been terribly incompetent, then you need to be prepared for the possibility you have just caused that person to lose their job.  Are you comfortable with that? You need to be, because often there is a lot at stake.

 So why would someone want to have to deal with all that? For 2 reasons. One is it does give you the chance to legally hack!  The other reason is if you feel what you are doing is positive. You sometimes are helping to protect a lot of innocent people from things like identity theft, etc...   
Logged
oleDB
Recruiters
Full Member
*
Offline Offline

Posts: 236



View Profile WWW
« Reply #3 on: February 08, 2007, 01:16:48 PM »
Kev you brought up a great point. Pen Testing is one area where you can make a big positive difference. You are helping companies better secure their network and it makes you feel that you are doing something worthwhile. Versus being a security person at an enormous company with so much red tape you can't accomplish anything meaningful. The only downside I see is the travel, which can be difficult if you have a family depending on the situation.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.08 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.