Dailydave mailing list archives
Re: Career Progression
From: "wirepair" <wirepair () roguemail net>
Date: Thu, 25 Mar 2004 12:10:54 -0800
Not that I am wonderful or even good at it, but for me it is primarily motivation, and a lot of free time. Even though I stop "working" at 5:00, I'd still rather be sitting infront of my machines at home poking at applications. I had the luck of finding someone who wanted to motivate me to learn programming, I still definitly suck at C but I just need to know enough to construct my exploit buffers at this point. (I'd still really like to spend more time learning it). Then I obviously needed some assembly language knowledge, so I started messing with debuggers, writing vulnerable programs and exploiting them, see how it worked ect. Bought some books, too many books. And now I just enjoy poking at applications. Obviously I need to do it for work too so that always helps, unfortunatley I'm getting tired of hacking because as they say, anyone can do it.
If you have any more specific questions also feel free to shoot me an email off list. -wireOn Thu, 25 Mar 2004 18:48:02 +0100
<rick_list () darwinsweb net> wrote:
The last group of e-mails "Mentors" has got me thinking again and I'm really curious to find out how to get from where I am to where some of you are? Not geographically speaking of course. I already know where the airport is thank you very much. I've been doing pen testing/application assessments for about 3 years now. I learned a lot on my own by keeping up with the old bugtraq and digging up old posts from the dc-stuff mailing list (not sure if that'seven alive anymore).Once we got funding at work I started taking any class that they'd pay for. A few Hacking Exposed classes by Foundstone, a CSI Application Assessment blah blah blah class (which really sucked) and a secure application class put on by @stake. Now, at work, we've had overall funding cut (all pen test/app assessments to be outsourced) and our training budget is $0. So I won't be getting anymore training classes this year. I took it upon myself to learn python. Mainly because I tried going through the "learning c in 21 days" and O'Reilly C books but I wasn't really getting it. I never took programming in school... so after I read a few things on the W I decided to learn python. I have a decent grasp of it now, but I'm wondering how the hell I'm going to get to where I want to be, which is more towards the line of applicationassessments.Not that it's a great career path, but at least some of the application assessment stuff I was doing was fun. That's more than I can say for this IDS crap that I got involved in by accident. Plus the fact that we're paying 20G for two guys for 1 week, per application, to do what I used to do for my crappy annual salary. I could use 10k a week and work 7 or 8 weeks out of the year. I'm OK with that. ;) Oh yeah, back to my question: Any suggestions, comments quips on what I should be focusing on now and how to get where I want to be? I just started wondering how everyone else got to a sophisticated level ofapplication hacking/testing/assessing/understanding.Feel free to reply off-list. -Rick _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
-- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Career Progression rick_list (Mar 25)
- Re: Career Progression wirepair (Mar 25)
- Re: Career Progression Andrew Simmons (Mar 25)
- <Possible follow-ups>
- Re: Re: Career Progression rick_list (Mar 25)
- RE: Career Progression Clemens, Dan (Mar 26)
- Re: Career Progression Matt Hargett (Mar 26)