Re: [PEN-TEST] How to "break into" the Pen-Testing field

[INOM <peter () PETERSPLACE COM>]

Make friends, find people that will answer questions ( that's called
networking and those network last a lifetime). Test out stuff at home. Offer
to audit your friends webservers (Get permission first). Try and keep an
overall knowledge but specialize in at least one thing. If you see a website
with good information write to the webmaster and ask him how he got his
knowledge. I have found that quite a few will write back  Find out who in
your area is doing Pen testing and offer your time free to do research for
them. That way they will see you are not just in it for the glory, and you
can add it to your CV.

Remember this rule
 For every 1 hour at the keyboard on a hack, you may  spend 100 hours
reading. People need to see you have staying power to do that. Show them
that and you will get what you want..

I don't know if everybody will agree with me but that's how I did it.

 Thanks to El Nahual and Am3ntiA, the dudes I been bugging for my info.


IN0M
http:// w w w . s 0 d . o r g



----- Original Message -----
From: "El Nahual" <nahual () S0D SAL ITESM MX>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Sunday, September 10, 2000 3:50 AM
Subject: Re: How to "break into" the Pen-Testing field


> On Fri, 8 Sep 2000, Lashley, Bryan wrote:
>
> > I am wondering how did the readers of this list get into the pen-testing
> > field? What steps did you take to get from where you started in the
field to
> > where your at now? Did employers train you? Did you get promoted into
it?
> > Did you create the position yourself?
>
> I can only speak on experience, my employer found me in Black Hat, I went
> by myself because I always liked to learn security stuff, they were
> impressed a Mexican guy could actually code some stuff (hehehe).
>
> We have internal training courses, one guy is a master of overflows,
> another on IDS systems and so on, so they speack about it, is very
> interesting and is not ofrmal at all so all kinds of questions are allowed
> and we all learn ....
>
> > Pen testing & security is a very interesting area of the IS field I
would
> > like to break into but many positions posted are requiring years of
> > pen-testing skills which I just don't have outside of my personal lab at
> > home (combo of Win95,NT Srv, RH Linux). Would you recommend starting at
a
> > big 5 firm? A small firm? Fortune 500's? Has anybody heard of any
> > pen-testing firms in St. Louis?
>
> Well check it out, working in your lab at home could be called pen
> testing, you should include that in your resume or throw it in on the
> interview, Pen testing can be boring (raise your hand all pen testers that
> have never nevre never had a really boring audit? .. you lucky you) but if
> you are interested enough to waste personal time in something that doesn't
> give you any money back then you defenetly can get in.
>
> Enrique Sanchez (El Nahual)
> http:// w w w . s 0 d . o r g