Need Some Guidance Please

[Elizabeth Tolson <elizabethtolson () gmail com>]

Hi Everyone:

I am finishing up my Master's Degree in Information Assurance from
Capitol College.  I had one Penetration Testing Classes which I really
enjoyed.

I have done some research on Pen Testing and this seems to be
something that I might be interested in doing.

During my research, I saw someone who was a Licensed Pen
Tester/Consultant.  Basically, he was hired by companies -- anywhere
from banks, law firms, accountants, merchants, etc --- to conduct pen
testing.  He would "ethically hack" without the employees knowing it.
He would also do some pen testing via social engineering.  He would
conduct Pen Testing during different hours of the day and night to
discover vulnerabilities, etc.  After the testing, he would submit a
report to the president/owner of the company with suggestions on
making his network a stronger, more secure network.

Does anyone do this as a consultant?  Or, is this guy blowing smoke
and this is not a "real job".  I have seen some companies that do
this, but have not seen any individuals who do this.

Also, if I am interested in pursing Pen Testing, what certs would you
recommend.  What additional training would you recommend.  What books
would you recommend?

Thanks a lot.

Elizabeth

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------