Re: [PEN-TEST] How to "break into" the Pen-Testing field

[El Nahual <nahual () S0D SAL ITESM MX>]

On Fri, 8 Sep 2000, Lashley, Bryan wrote:

> I am wondering how did the readers of this list get into the pen-testing
> field? What steps did you take to get from where you started in the field to
> where your at now? Did employers train you? Did you get promoted into it?
> Did you create the position yourself?

I can only speak on experience, my employer found me in Black Hat, I went
by myself because I always liked to learn security stuff, they were
impressed a Mexican guy could actually code some stuff (hehehe).

We have internal training courses, one guy is a master of overflows,
another on IDS systems and so on, so they speack about it, is very
interesting and is not ofrmal at all so all kinds of questions are allowed
and we all learn ....

> Pen testing & security is a very interesting area of the IS field I would
> like to break into but many positions posted are requiring years of
> pen-testing skills which I just don't have outside of my personal lab at
> home (combo of Win95,NT Srv, RH Linux). Would you recommend starting at a
> big 5 firm? A small firm? Fortune 500's? Has anybody heard of any
> pen-testing firms in St. Louis?

Well check it out, working in your lab at home could be called pen
testing, you should include that in your resume or throw it in on the
interview, Pen testing can be boring (raise your hand all pen testers that
have never nevre never had a really boring audit? .. you lucky you) but if
you are interested enough to waste personal time in something that doesn't
give you any money back then you defenetly can get in.

Enrique Sanchez (El Nahual)
http:// w w w . s 0 d . o r g