Re: How to get into Penetration testing?

[Mitch Pope <MPope () gwail com au>]

Systems and Network security is a very specific specialisation within our 
industry and most security experts have had quite an extensive career 
through the ranks of systems/network administration and into 
systems/network engineering.  You cant just read a book and then do a 3 
day CEH course and expect to begin working as a security expert.

Most of these consultants are expected to analyse every aspect of the 
clients network and systems which involves an extremely high understanding 
of networking, routing and protocols, firewalling, operating systems (not 
just server operating systems but router and firewall operating systems 
such as Cisco IOS).

Remembering that any open port with a service running on it has the risk 
of being used to exploit the server, that could be a web server running 
apache, mail server running Postfix/Cyrus, SSH server, Bind DNS server and 
the list goes well on.  Exploits exist for all the services I just 
mentioned that allow the hacker to gain root or administrative privileges 
on the server.

Part of the specialisation is being on the frontline and when a 
vulnerability is found and patches are released knowing about those 
vulnerabilities and knowing how to apply those patches on any operating 
system or service that might be running within a clients infrastructure.

My advice for you is aim for a systems administrator position and build 
your knowledge of operating systems, networking and scripting.  Maybe do a 
few respectable industry certifications such as MCSE, CCNA and RHCE.

Kind Regards,
Mitch Pope

> Hi Guys,
>
> Apologies if this has been asked before (and if this is posted in the
> wrong thread) but I am seeking advice on how to get into a career in 
Pen.
> testing and IT security.
>
> I am based in the UK and have been a Java developer for the last 2.5
> years after leaving university. However security is where my interest
> lies and I would like to get into this sector. 
>
> My question is how? I have looked at many job adverts for pen. testers
> however they all require people with 1 years+ experience in the field. 
>
> Should I pursue a certification such as the CEH first? Or are there 
other
> ways?
>
> Your advice and suggestions would be greatly appreciated.
>
> Thanks
>
> Rahul 


**********************************************************************
This email message is intended for the named recipient(s) only. Please
advise GWA if you have received this email message in error and delete
all  copies.    This  email  message  may  contain  information  which
represents the views  of  the sender and  not necessarily those of GWA
and/or  subsidiary companies.  Virus  protection  is  in  place at GWA
however liability for viruses or similar in any attachment remains the
responsibility of the recipient.  If you are the intended recipient of
this email message you should not copy, disclose  or  distribute  this
email message without the authority of GWA.  GWA cannot guarantee this
email message  has  not  been intercepted  or  interfered with  as  it
traverses the Internet.  Internet email messages sent to  GWA  are not
private communications  and may be viewed by GWA at any time to ensure
compliance with the  GWA Electronic Communications Policy available at
http://policy.gwail.com.au. Please be familiar with this policy if you
intend sending email to GWA or Subsidiary companies.
**********************************************************************