Re: Best route to penetration testing learning

[robertwood50 () gmail com]

The SANS courses are pretty good in that you will actually be learning useful information, not just information 
required to pass a test. Also, for a lot of Security Consultant jobs, either the CISSP or a GIAC cert is required so 
this is another reason to get involved with SANS. 

In my opinion, books are great but they only get you so far. You only retain the knowledge in a book for so long unless 
it is put into practice. For reading I would recommend subscribing to security research and current pen testers blogs 
as you will get the most up to date content. When new attacks are posted, try to replicate them yourself inside of a VM 
lab, starting to do this will get your hands dirty to start. There are also plenty of challenges out there that can 
feed your skills, the more practice you get with these tools and familiarity with different methodologies and attacks 
the more you can support what's on your resume. 

Also, consider taking a technical writing course, whether a free or local community college one, or whatever. Being a 
strong writer is the most important skill of all, at the end of a test no matter how skilled of a tester you are, if 
you deliver a bad report then that's all the customer sees. Make sure your resume reflects this skill as well as 
communication.

Robert Wood

--Sent from my iPhone.

On Jan 3, 2012, at 2:34 PM, wlandymore <will.landymore () hotmail com> wrote:

> I'm new to penetration testing and recently took the CEH. I found that it was
> pretty basic but I was wondering if people had some insight as to the best
> route to take if you wanted to be a penetration testing engineer....
>
> Any courses/books that are mandatory that will help get me on my way, or
> other opinions as to how I can get into this?
>
> Thanks.
> -- 
> View this message in context: 
> http://old.nabble.com/Best-route-to-penetration-testing-learning-tp33074323p33074323.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------