Re: Requesting Informational Interview

["Rob" <wia () ignoranceisbliss info>]

I apologize for the late reply.  It's been a zoo, as of late.

A few comments inline.


> Hello Rob,
>
> While I cannot answer your questions directly as I do not work in the
> Pen Testing specialty, I can provide some useful information.
>
> Check out this interview Slashdot did with Fyodor (creator of nmap).
>
> http://interviews.slashdot.org/article.pl?sid=03/05/30/1148235&startat=&threshold=4&mode=nocomment&commentsort=3&op=Change
>
> Look at his answer to question #4.  There is a lot of good advice
> there, advice I myself have followed.

That was a very good read.  There were a few things in there that I hadn't
considered - for example, the comment on "people skills".

> I would emphasize his comments on hands on experience.  There simply
> is no substitute.  Books and college style learning are next to
> worthless in this case.  You need to basically teach yourself and just
> "hack" your way through problems until you have legitimate skills.

I agree that there is no substitute to hands on, but I think that bookwork
also has it's own value.  In my experience, the one class that I did take,
really filled in the gaps.  But I would not rely solely on the classes.

Thank you for your reply.  The link has been bookmarked for further
reference.

Rob.

> Best of luck,
>
> Steve Mullins
>
> On Mon, Jun 15, 2009 at 8:00 PM, Rob<wia () ignoranceisbliss info> wrote:
> > Hello all.
> >
> > I am sure you all have seen many of these questions posed on this list,
> > as
> > well as others.  I am aware of the typical answers of, write a program,
> > compile a new LiveCD, etc.  But I was hoping to try something a little
> > bit
> > different.
> >
> > I have found myself in a precarious situation.  I have been in between
> > jobs since October and am now finding myself able to attend some
> > schooling.  On this path to schooling, I was posed with a very
> > interesting
> > question.
> >
> > "How did the others that do what I want to do, get there?"
> >
> > I want to be a pen-tester.
> >
> > I have been working with computers for over fifteen years - eight of
> > those
> > professionally (Help Desk, SysAdmin, InfoSec Admin).  I am fluent in
> > Windows and can get done what I need to in Linux.  I am good at just
> > about
> > everything, with the exception of databases, coding and routing.  I am
> > almost entirely self-taught and simply have not done that type of work,
> > yet...  I did attend a class at a school that I will not name (they have
> > earned no plugs through me), though many of you have heard of it.  I
> > also
> > certified afterwords.  It is a certification that is very similar to a
> > CISSP, though is is more technically based.
> >
> > So, to all of you pen-testers out there, if I could please ask you for
> > 10-15 minutes of your valuable time.  If you could either reply
> > privately
> > to the questions below - allowing me one reply with any questions that
> > you
> > may have invoked.  Or if you would prefer to be contacted via phone - a
> > private message with a number and the best time to be contacted, would
> > be
> > appreciated.  If unsure, please choose the first choice.
> >
> > My questions:
> >
> > I am trying to discover the best path, to get me from here to there.
> >  What
> > was it that you did to get there?
> >
> > What do you think are the good parts of the job?
> >
> > What do you think are the bad parts of the job?
> >
> > What is it about pentesting that keeps you coming back?
> >
> > Do you have any recommendations on what to watch out for?
> >
> > If you were able to do it all over again, would you go back into
> > pentesting?
> >
> > --
> >
> > Thank you so much for your time.  It is very much appreciated.
> >
> > Rob Thompson
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review
> > Board
> >
> > Prove to peers and potential employers without a doubt that you can
> > actually do a proper penetration test. IACRB CPT and CEPT certs require
> > a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------