I'm an engineer with a growing interest in security related computer topics. I'm not scared to read a ton, and I know that's required to learn anything in this field. I've also looked over awesome threads in your forum such as skills required for pen testers etc, which gives a nice high level overview for the basics that are required. In other words, I have looked around a lot for this question I'm asking, please do your best not to tell me to search I promise I have.
After reading several books such as (sorry to list them all off)
- "Backtrack 4, Assuring Security by Pen Testing"
- "Grey Hat Hacking"
- "Metasploit - The Pen Testers Guide"
- "Google Hacking for Pen Testers"
- "The Basics of Hacking and Penetration Testing"
- "The Web Application Hackers Handbook"
- "Backtrack 5 - Wireless Penetration Testing"
Currently Reading "TCP/IP Illustrated"
I feel as though I have a solid fundamental grasp of how different areas of security function, and unfortunately for me, how wide this area is for learning. I really feel like I want to knuckle down and learn more topics in depth (i.e. like learning about TCP/IP from the current book I'm reading) but I don't know what area's in pen testing are important / more important than others; or if it's purely a preference thing. It seems you can go into forensics, network testing, wireless testing, web application testing, exploit writing etc.
Give your experiences - Do you feel there is a particular field is most used, or perhaps a topic that is most prevalent throughout? What should a beginner learn first? I understand the "soft" areas of security are important such as linux / windows / network protocols, but I'm curious if there is actually a security field that should be focused on?
If you had to recommend a certificate for someone starting out, what would you recommend?
I know it's hard to answer these questions, and sorry if there isn't a right answer, but any feedback you could give me on the topic would be greatly appreciated. If it does all come down to personal preference I can accept that, but at least I know I won't regret whatever I choose. I can also appreciate that it's hard to assign a right answer without knowing motivation and background, but for me really it comes down to really enjoying learning about security, fascinating how people can bypass / make things do unintended things and gaining access to systems.
Thanks so much if you've read this far. I look forward to participating in the community