I am in the process of taking the practical portion of the IACRB CPT exam. As most of you well know, you've got 60 days to complete and submit. I'm on the final step of the exam, which requires cracking of the root password on a Linux host. For me, this step seems to be taking quite a long time (15+ days now). While I realize that real-world password cracking can take days, months, or even years (depending on complexity), I'm curious to see if others have had the same experience. Also, what are your general feelings on the CPT and the amount of weight it carries in the pen-testing field? I've passed the CEH (InfoSec training) and have been considering the OSCP. Thoughts on that?
My planned direction is to "break into" this field starting next year, and I'm looking for suggestions on a sound approach. Ideally, I'd like to work as an independent, providing services to small companies (in the long run), but I realize that true pen-testing is seldom a one-man show.
Thanks in advance!