.

Advice on the rigth Path in becoming an Penetration Tester

<<

niker02

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 11, 2007 5:44 am

Location: UK

Post Fri Jul 13, 2007 5:59 pm

Advice on the rigth Path in becoming an Penetration Tester

Hi fellow Ethical hackers,


I passed my CEH last month thanks to the advice from all the great posts in the forums.

Blackazarro post was a great help check it out:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1369.msg4925/topicseen,1/#msg4925

My only concern NOW is what next and what path should I take. I want to become a Penetration Tester but I'm not sure that I am following the right path.

I was told that I should get certified in Linux+ for OS ( as I have already got my MCSE)  then do the CCNA for networking and get some Programming Language experience in Perl or python.

Do you guys have any good advice on where I should be heading, what path to take and what certifications or experience I would need to get me started on this journey? :)
Don't just think out of the box. There is no BOX !!


MCSA, MCSE, CEH
<<

Kev

Post Fri Jul 13, 2007 7:08 pm

Re: Advice on the rigth Path in becoming an Penetration Tester

This might seem like a silly question and dont take offense, but do you know what's the life of a Pentester?  Do you want to make a living as a full time pentester?  Many pentester travel as much as 30 times a year or more.  If you are married it can become a problem for some.  You are living out of hotel rooms and under a lot of pressure to get results. Some people cant handle the stress. If you certify a network as secure and it gets hacked a day later because you missed a simple vulnerability, well your reputation just went down big time.  You might show up to do an inside audit and all the admin see you as their enemy because they are worried you are going to make them look bad.  Also you better be into paper work, lots of paper work. Those are the negative. The positives are extremely rewarding if you are the kind of person that likes to solve puzzles and riddles. Its never boring and each situation is a new adventure.  Each person has to decide if the positives out way the negatives. 

Any way, my very first advice to someone is to research what  being a pentester involve. What is his lifestyle. If you feel comfortable with what you find, then move forward. But really get a handle on that first and I cant stress that enough.
Last edited by Kev on Fri Jul 13, 2007 7:12 pm, edited 1 time in total.
<<

What90

Full Member
Full Member

Posts: 120

Joined: Sat Jun 09, 2007 2:23 am

Location: Syndey, Australia

Post Fri Jul 13, 2007 9:17 pm

Re: Advice on the rigth Path in becoming an Penetration Tester

ITninja,

Kev's advice is excellent and well worth taking the time to work out if that's what your after as a career.

If it is, then a good starting point to look at is working for one of the big auditing companies - Ernest and Young, KPMG, PWC and so on. Some of the smaller security companies do the same thing.

They have intake programmes for new starters. It's long hours, some boring work (you've got to love documentation) and lots of travel, but after two years you'll have solid experience and proven security work on the CV.

You just need to contact them and see what they want or can offer.
<<

niker02

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 11, 2007 5:44 am

Location: UK

Post Sat Jul 14, 2007 3:29 am

Re: Advice on the rigth Path in becoming an Penetration Tester

Thanks for the advice guys, you have summed it up very well and gave me food for thought.

I know there will be a lot of hours, traveling, and I would need to like doing lots of documentation work and have a pay attention to detail kind of skill.  I will do more research on what involves being a pentester, their lifestyle and risks at their reputation etc. But from what I know so far it is something that I would like to pursue.

I always think that you should try something first and experience it for yourself and then you can decide if it is for you or not.

I think like what What90 said if I do it for 2 years I would gain solid experience and proven work in security.  Then I could go into computer forensics which is another area I would like to specialize in.

Thanks again for great the adivce.

On a another note what do you guys consider to be an appealing job in the areas of IT security?
Don't just think out of the box. There is no BOX !!


MCSA, MCSE, CEH

Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software