Re: Career Progression

["wirepair" <wirepair () roguemail net>]

Not that I am wonderful or even good at it, but for me it is primarily motivation, and a lot of free time. 
Even though I stop "working" at 5:00, I'd still rather be sitting infront of my machines at home poking at 
applications. I had the luck of finding someone who wanted to motivate me to learn programming, I still 
definitly suck at C but I just need to know enough to construct my exploit buffers at this point. (I'd still 
really like to spend more time learning it). Then I obviously needed some assembly language knowledge, so I 
started messing with debuggers, writing vulnerable programs and exploiting them, see how it worked ect. Bought 
some books, too many books. And now I just enjoy poking at applications. Obviously I need to do it for work 
too so that always helps, unfortunatley I'm getting tired of hacking because as they say, anyone can do it.
If you have any more specific questions also feel free to shoot me an email off list.
-wire
 
On Thu, 25 Mar 2004 18:48:02 +0100
 <rick_list () darwinsweb net> wrote:
> The last group of e-mails "Mentors" has got me thinking again and I'm
> really curious to find out how to get from where I am to where some of
> you are?  Not geographically speaking of course.  I already know where
> the airport is thank you very much.
>
> I've been doing pen testing/application assessments for about 3 years
> now.  I learned a lot on my own by keeping up with the old bugtraq and
> digging up old posts from the dc-stuff mailing list (not sure if that's
> even alive anymore).  
>
> Once we got funding at work I started taking any class that they'd pay
> for.  A few Hacking Exposed classes by Foundstone, a CSI Application
> Assessment blah blah blah class (which really sucked) and a secure
> application class put on by @stake.  Now, at work, we've had overall
> funding cut (all pen test/app assessments to be outsourced) and our
> training budget is $0.  So I won't be getting anymore training classes
> this year.
>
> I took it upon myself to learn python.  Mainly because I tried going
> through the "learning c in 21 days" and O'Reilly C books but I wasn't
> really getting it.  I never took programming in school... so after I
> read a few things on the W I decided to learn python.  I have a decent
> grasp of it now, but I'm wondering how the hell I'm going to get to
> where I want to be, which is more towards the line of application
> assessments.  
>
> Not that it's a great career path, but at least some of the application
> assessment stuff I was doing was fun.  That's more than I can say for
> this IDS crap that I got involved in by accident.  Plus the fact that
> we're paying 20G for two guys for 1 week, per application, to do what I
> used to do for my crappy annual salary.  I could use 10k a week and work
> 7 or 8 weeks out of the year.  I'm OK with that.  ;)
>
> Oh yeah, back to my question:  Any suggestions, comments quips on what I
> should be focusing on now and how to get where I want to be?  I just
> started wondering how everyone else got to a sophisticated level of
> application hacking/testing/assessing/understanding.  
>
> Feel free to reply off-list.
>
> -Rick
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://www.immunitysec.com/mailman/listinfo/dailydave

--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave