Re: Career Advice

[allison nixon <elsakoo () gmail com>]

My most generic advice is to:
1. teach yourself how to do it and then
2. convince the right person that you can do it

is your current job related to security or not?  get to know people in the
field because there is always a huge labor shortage and they will try to
hire you.

if you're looking for part time pentesting work only, you're going to have
to get to know a lot of people because very few would be setup to contract
that stuff out piecemeal, and they would only do it to trusted people they
know anyways.  very small pentesting companies are your best bet here.

If you dont have any pentesting certs it would be wise to get some, but may
not be necessary if you have the skills and the right people know that.

you're going to have your best luck getting a full time job.  I know it
isn't easy to change large aspects of your life, but sometimes it's worth
it and you'll be a happier person in the long run.

-Allison



On Sat, Feb 23, 2013 at 12:07 AM, Brian Seel <brian.seel () gmail com> wrote:

> Note: I am trying to keep this email vague so it is generic
> for posterity's sake. I am trying to not make the question specific to my
> situation so others can use your advice.
>
> =========
>
> So long time listener (pre Ep 100) who has been doing computer security
> related things for the last four years or so since college. I would really
> like to break into the pentesting arena, but I really like my current day
> job for a variety of reasons (pay definitely not being one of them).
>
> Basically, I would really like to do commercial pentesting on a part time
> basis, where I take a week or two off from my day job every few months and
> try to gain experience in the commercial realm and get my feet wet with a
> different way of approaching computer security. Within the next year I
> would love to leave my day job and do pentesting full time, but I dont feel
> confident enough just yet. As a bit of background, right now I am doing
> some Metasploit dev for my employer, but I am not able to do an end to end
> pentest.
>
> My question is if you have any advice about the best way to try to get a
> part time pentesting job. I am not under any illusion that trying to do
> pentesting part time is not going to be an easy sell. I know that, but I
> think my unique skill set will make *someone* want to take a flier on me.
> But, considering that most of you are probably pentesters, or in fields
> closely related, what would make you want to take someone on in a part time
> basis. Or is there really no case where you would consider that?
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
_________________________________
Note to self: Pillage BEFORE burning.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com