PaulDotCom mailing list archives

Re: Career Advice

From: Michael Allen <sector876 () gmail com>
Date: Fri, 22 Mar 2013 13:36:02 -0500

I have taken both. The first obvious difference is the price. Offsec
courses are a LOT cheaper than SANS. That said, both courses compliment
each other quite well.

As mentioned earlier Offsec is very practical and focuses primarily on
attack. SANS on the other hand also focuses on offensive techniques but
also touches on the business aspects of a pentest. So you cover things
like establishing scope, rules of engagement applicable laws etc.

One other notable difference is the support structure. With Offsec you are
on your OWN. Yes, there is the IRC forum but the majority of the time you
will be on your own. Contrast that against SANS. If for example you are
doing GPEN via onDemand then you have access to an online tutor etc.

For a better feel of the differences check out the reviews on
ethicalhacker.net. Several threads over there address this issue.

Regards,
Michael aka @_dark_knight_

On Thu, Mar 21, 2013 at 8:17 AM, Brian Seel <brian.seel () gmail com> wrote:

I am proud to say that I am working on setting up a blog (want to do it
with Dango instead of using a plug and play blog to hopefully work on my
Web knowledge which is in adequate). Thanks yo you guys for motivating me
to do that.

I am taking sans 560 this week (found out my employer had an extra seat
and jumped on it). How does that compare to the Os course?
On Mar 21, 2013 8:16 AM, "Dan" <xxsegfaultxx () gmail com> wrote:

One thing that I can't recommend enough is the training from Offensive
Security. The reason I like this training/cert is that not only do you
learn the tools and techniques of how to conduct a pen test, you also need
to show it in a practical exam.

This also includes the most important element of pen testing…the
reporting. You could be the most elite kernel hacker but if you can't
document findings to a variety of people (technical and non techicanl)
you've wasted a lot of time.


http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/




On Feb 23, 2013, at 12:07 AM, Brian Seel <brian.seel () gmail com> wrote:

Note: I am trying to keep this email vague so it is generic for

posterity's sake. I am trying to not make the question specific to my
situation so others can use your advice.


=========

So long time listener (pre Ep 100) who has been doing computer security

related things for the last four years or so since college. I would really
like to break into the pentesting arena, but I really like my current day
job for a variety of reasons (pay definitely not being one of them).


Basically, I would really like to do commercial pentesting on a part

time basis, where I take a week or two off from my day job every few months
and try to gain experience in the commercial realm and get my feet wet with
a different way of approaching computer security. Within the next year I
would love to leave my day job and do pentesting full time, but I dont feel
confident enough just yet. As a bit of background, right now I am doing
some Metasploit dev for my employer, but I am not able to do an end to end
pentest.


My question is if you have any advice about the best way to try to get

a part time pentesting job. I am not under any illusion that trying to do
pentesting part time is not going to be an easy sell. I know that, but I
think my unique skill set will make *someone* want to take a flier on me.
But, considering that most of you are probably pentesters, or in fields
closely related, what would make you want to take someone on in a part time
basis. Or is there really no case where you would consider that?

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
Michael Allen| Security Consultant
CEH, OSCP, GPEN, GWAPT, GCIA

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Re: Career Advice, (continued)
- - - Re: Career Advice gold flake (Feb 25)
    - Re: Career Advice Brian Seel (Feb 25)
    - Re: Career Advice yersinia (Feb 25)
    - Re: Career Advice Bill Swearingen (Mar 23)
    - Re: Career Advice Brian Seel (Mar 24)
    - Re: Career Advice Kevin Shaw (Feb 25)
  - Re: Career Advice Michael Dickey (Feb 25)
- Re: Career Advice Dan (Mar 21)
  - Re: Career Advice Brian Seel (Mar 21)
    - Re: Career Advice Dan (Mar 22)
    - Re: Career Advice Michael Allen (Mar 22)
    - Re: Career Advice Michael D. Wood (Mar 24)