Becoming Pentester / EH

This topic contains 21 replies, has 13 voices, and was last updated by  Kev 9 years, 7 months ago.

  • Author
    Posts
  • #4832
     pizza1337 
    Participant

    As you guys know, i am still in high school(senior year). I have to decide(in few months) if i want to go to big university or a small college(like ivy tech or  something). In big university you have to take some required classes that are not related to what i am going to do. In small college you just take the classes that are focused or related to your career. What do you guys recommend?

    I understand that i will have to get some certs and experience too.

    whats the best way to enter this career, what would get me a job?

    (i don’t care too much about learning the material, because i just learn it, and there are courses, and there is Google)

    Any reply(thats related) would be very helpful.

  • #30371
     Ketchup 
    Participant

    I am not sure if the size of the school matters honestly.  The size of the school is mostly about what you favor in terms of class sizes.  Larger schools may allow you to acquire more influential contacts that may help you land a better job.  To some employers, the school name and recognition will matter much more than the size. 

  • #30372
     Jhaddix 
    Participant

    Hey Pizza1337,

    Here’s what i would suggest. If you are heading in that direction, always go for a 4 year degree. I know there are good examples of lots of pentesters not getting a 4 year year degree but honestly you will hit a lot of glass ceilings not having one. it doesnt realy matter all that much from where you get it, just get it.

    Try to find a college with a network security program, or lots of electives in that area or pick a major that’s related. Do you want to do do practical pentesting? Try and find a networking or IT degree, are you interested in developing exploits or tools? Take Computer Science. There are lots of programs that have security electives. Take at least one per semester/quarter, to keep your interest.

    I know some guys at UCSB (the team that competes as shellphish) and they have had a running hacking club ever since they won Defcon. Do that, try and compete in ccdc competitions if you have it in your region.

    Lastly look for summer internships with security places that do pentests or assessments. Learn all the industry tools, do all the training you can find on the net, and start writing your own scripts. Even if they are just simple things you think are cool, they show passion for the field.

    Start a website or blog, go to cons, and come here when you have questions.

    i know thats a lot but, sorry, must have brain dumped there =P

  • #30373
     n1p 
    Participant

    From my personal experience, completing a Masters in infosec at a well respected institute known for it’s course, provided me with a lot more opportunities. It got me in front of the right people and allowed me to demonstrate relevant knowledge and enthusiasm for the field. Pen-testing/EH requires more demonstrable practical experience and you could find that you will need to acquire security consultant role or similar for year to gain some valuable commercial experience.

    Although, it is different for everyone and hardwork, determination and knowledge also works great!

    Cheers,
    n1p

  • #30374
     rattis 
    Participant

    My advice, look at a 4 year school, and the community college (2 year schools in the area). Find out what classes will transfer to the 4 year school from the 2 year.

    Don’t take your time, but try to save money by starting at a 2 year school. Transfer over, and then try to move on to a Master’s if you wish.

    You could be able to take some of the money you save and apply them to certs.

    Jhaddix said you’ll hit a glass ceiling without a 4 year degree. It’s not so much a glass ceiling, but it’s hard to get past HR without a 4 year degree. I also know that some places won’t hire you as anything more than a contractor without a 4 year degree.

    As Ketchup said, it’s less about the size of the school, and more about it’s reputation. The higher degree, the more it matters (from my experience).

  • #30375
     j0rDy 
    Participant

    good advice people! getting a master degree sure opens doors in a lot more places then without. i dont know about the try to save money advice. i dont mean you should skip class, get behind or have to redo a semester, but investing in education (if this is a 4 year master or a cert) is the best investment you can make. if a 4 year master gets you further then a 2 year one and you have the budget, go for it! so what it costs a little more, it will repay itself (alteast it should) over the years.

  • #30376
     rattis 
    Participant

    @j0rdy wrote:

    good advice people! getting a master degree sure opens doors in a lot more places then without. i dont know about the try to save money advice. i dont mean you should skip class, get behind or have to redo a semester, but investing in education (if this is a 4 year master or a cert) is the best investment you can make. if a 4 year master gets you further then a 2 year one and you have the budget, go for it! so what it costs a little more, it will repay itself (alteast it should) over the years.

    The degrees in the states work in two categories:

    Undergrad: which contain Associate (2 year) and Bachelor (4 year) degrees
    Graduate: which contain Master and Doctorate. (The way I understand grad, never got past undergrad, is you have to have a Masters before you can go for a Doctorate).

  • #30377
     j0rDy 
    Participant

    thanks for clearing this out.

    you are right about the master/doctorate thing. i believe the doctorate degree will only help when you want to become an academic/teacher? atleast over here it does not provide anything extra in the business world.

  • #30378
     rattis 
    Participant

    J0rDy

    Its useful for some other things to. Some research positions outside of academics, and places like NASA want them. (I know NASA does from personal experience).

  • #30379
     pizza1337 
    Participant

    I am meeting Ivy tech(community college) representative tomorrow, I will see what courses they have, and if they can transfer credits for some classes i take there. I do want to get computer science degree and networking(offered by university).

    thank you guys.

  • #30380
     j0rDy 
    Participant

    @chrisj wrote:

    J0rDy

    Its useful for some other things to. Some research positions outside of academics, and places like NASA want them. (I know NASA does from personal experience).

    good to know. (there goes my chance of joining NASA ;)) how about government?

  • #30381
     ziggy_567 
    Participant

    You may also want to check out schools on this list:

    http://www.nsa.gov/ia/academic_outreach/nat_cae/index.shtml

    I believe there are Centers of Academic Excellence in every state, so there should be one close to you. If not, there are a couple with online degree programs. Having earned a Master’s from one of the schools on the list, I will say that there are benefits to them. First of all, each of these schools has a scholarship program sponsored by the Federal Gov’t. Some of the scholarship programs offer guaranteed federal placement upon graduating.


    Ziggy

  • #30382
     j0rDy 
    Participant

    thanks for the info. note i do not live in the US so i am just interested in the way of education/government operating.

  • #30383
     Triban 
    Participant

    Hey Pizza, definitely another vote for the degree, you learn more at college than just what you pick up in class.  Once you get out in the real world, you need to learn the soft skills as well as technical.  There are a ton of people out there that can rattle off technical speak but there area  good number of these folks that don’t know how to rattle it off to the manager types and non-technical people.  Not to mention you need to know how to deal with different types of people.  These soft skills are important from getting the interview to doing your daily duties.

    Next piece is getting that real world experience!  Be prepared to take grunt jobs just to get into the door (break/fix computers, helpdesk etc…).  Everyone has to start somewhere!

    Find a specialization, or your head will explode trying to keep up with everything as you get older.  Also if you are interested in government jobs, looks like there may be some government funding to those who are interested in pursuing a career in Information/Cyber Security.  Mostly likely though, you will probably need to enlist to get the full benefits.  Then again getting a security clearance can be very beneficial.  I think you can get a security clearance without enlisting, but it could take a very long time.

    Good luck!!

  • #30384
     pizza1337 
    Participant

    I am not really interested into gov jobs.

    I am more interested in military jobs. I know navy and army has security testing jobs, one of my friends worked in army before, and i talked to a navy recruiter.

    anyone worked for military before? is it good to work there?

  • #30385
     hayabusa 
    Participant

    I’m sure there are folks on here that have worked either directly in, or on contract for, the military.  But if you don’t find anything else out, my wife’s got a good friend in military IT / security, and I might be able to link you up for a chat.  PM me, if nobody else gets you some info, and I’ll see if I can make a connection.

  • #30386
     BillV 
    Participant

    I don’t know where he’s been (probably busy) but Chris Gates has done military red team stuff. Maybe try shooting him a PM? (ChrisG)

  • #30387
     Triban 
    Participant

    If I had known that I was going to be interested in InfoSec back in high school, I think I would have signed up with the Navy/Airforce.  They have some nice toys.  Unfortunately I wanted to save trees and animals so I was into Biology, oh well hindsight…  You will probably find it more rewarding to sign up with the military if you want to get those skills up and put them to good use, specially now-a-days.  Good luck man!

  • #30388
     ziggy_567 
    Participant

    I was in the Army. If you want to do Cyber Warfare/Security, the Air Force is the best place to be as far as the military goes. The other branches are lagging behind the Air Force in regard to Cyber Command.

    Go check out http://taosecurity.blogspot.com/

    Richard Bejtlich is a seriously smart person that spent a lot of time in the Air Force in that field.


    Ziggy

  • #30389
     Dengar13 
    Participant

    The Marines perform IT Security tasks as well.  Just wanted to throw that out there.  But, I would agree with ziggy_567 as far as the Air Force is concerned.  I know that the Marines use Core Impact as do the other branches, but don’t know what else they do since I have been out of the loop since 2002.

  • #30390
     dynamik 
    Participant

    I’d encourage you to try and land a gig doing system and/or network administration as you further your education. In my experience, those with a solid foundation in a given technology have an edge over those who have strictly focused on things from a security perspective. Personally, I feel like I’m able to provide more value to my customers since I can discuss things beyond just a pen test, IT audit, etc.

    Similarly, you should also gain an understanding of how things work on the business side of things. A business exists to make a profit, not be secure. If you can’t relate to that and help them obtain that goal, you’re going to continue to run into roadblocks.

    I’d also focus on your writing and communication skills as well. Report writing is an enormous part of my job, and I regularly have to prevent findings to executives. You don’t want to come off as the stereotypical socially inept computer nerd. Toast Masters is an excellent organization that will help you build confidence and improve your public speaking and leadership skills.

    None of those are as exciting as obtaining root, but they’re part of being a professional. You don’t want to find yourself in a position where you’re amazing on the technical side but weak everywhere else.

  • #30391
     Kev 
    Participant

    Thought I would throw my sorry 2 cents in on this topic as someone that has been pen testing for longer than I care to admit.  Having a degree is good but not absolutely critical. However, it will definitely open doors faster for you, that is if you don’t having any contacts or rep. Having a good reputation because you know your stuff and a few friends can catapult you into the industry faster that you can say “buffer overflow” regardless of diplomas or certs.   But hey, you might just learn something if you go to college, hopefully more than the 3 French words I remember years later,lol!   You might want to get a 4 year degree in computer science, but your masters in business. This will give you a lot of flexibility and still make you a prime candidate for a security firm.  Flexibility is a key to survival in life and a great mental attribute to have for hacking. What if you find you hate doing pen testing for a living?  For most of us it requires a lot of travel and I have seen a number of marriages end due to this. Traveling 30 or more times a year seems cool when you’re young but believe me it gets old fast. Good god every hotel room is the same!  What really sucks is you don’t have any time to sight see! I have been to every major city and I could not really tell you much about them.  

    Working with the military can be a good career and it can mean being hired by the DOD if you are a civilian, just make sure you can get a security clearance.  In other words, if you go to college drink responsibly!  If you ever get any kind of arrest you will find it very hard to get a security clearance. Well, unless you run for president or congress, lol!   Anyway, I have one acquaintance that has a dream job working for the DOD but has to live in Germany pen testing military bases throughout Europe.  

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?