Right now you're looking at someone who is a blank canvas of knowledge to be painted on. I have been working as a systems admin for 4 years in various forms of the DoD. This is a short time, but then again I'm only 21. Over those years, I've been exposed to, and become very interested in network security. For awhile I thought Forensics was where it was at, but I've slowly wandered away from that and in to Pen-Testing.
It's come to a point now where I am forced to take Security+ to keep my job (I only ever got A+ because I had to, I don't believe the certs make the man, the experience and proven applied knowledge do). I figure now that I'm going to take a cert, as rudimentary and basic as it is to some in this field, is going to start me down a security path, I ought to take a look at what is also available to enrich myself with.
So my question for you all, as long winded as I may sound, is...
If you were to give advice to someone who's goal is to become a pen-tester, and that person was at the very beginning of their career path, what would you tell them? What education would they need? What certs should they want?
My idea of what is needed goes as follows:
Linux+ or RHEL
I realize this isn't glamorous or what the movies make it out to be, but it doesn't make me any less interested and it doesn't make me enjoy Sneakers any less either