Re: Need Some Guidance Please

[Stephen Mullins <steve.mullins.work () gmail com>]

If you're in the D.C. area then the only thing standing in your way is
a security clearance.

The elitist/snobbish attitude is pretty prevalent around here,
especially among IT workers.  If you have the right attitude and find
the right hiring manager (one that values college education more than
experience, and won't look down on you because you didn't graduate
from MIT or Johns Hopkins) then you should be good to go.

Try to get a security clearance though, even if it requires you to
work in a non-Security related IT role (like Help Desk, Jr. Sys Admin
etc.) for a year.  As far as getting in the door with security, I
don't think Pen-Testing is really a starting point as it requires a
great deal of legitimate, hard-core technical skill.  I'd suggest
Information Assurance or perhaps shift work in a SOC/NOSC environment
as an analyst.

Just my 2 cents.

Steve

On Sun, Apr 19, 2009 at 3:39 PM, Elizabeth Tolson
<elizabethtolson () gmail com> wrote:
> THANKS EVERYONE!!!! I really received some valuable information.
>
> One thing I did not state clearly --- when this guy "Ethically Hacked"
> without employees knowing it, he did it with the permission of the CEO
> or owner of the company.  Apparently, he meets with the CEOs and they
> are the only ones aware of his Pen Testing.
>
> Anyway, I do appreciate the advice.  Yes, I did receive my fair share
> of questions of "Do you know this ...... Do you know that ..... Do you
> know how to do this ........ Do you know what xxxxxxx means, etc."
> Sometimes I find that computer geeks run hot and cold --- many are so
> eager to help others and on the other hand, many want to feel that
> they are the only ones who can do a certain job or should be the only
> ones doing a job.  Again, I really appreciate all the advice you all
> gave me.
>
> Someone asked about experience.  That is the one thing I am REALLY
> lacking in.  However, I feel I can safely say that no one on this list
> was born knowing how to PenTest --- you learned somehow and
> somewhere....... and that is what I am doing now.
>
> I graduated from College with a Bachelors Degree in Social Work.  For
> 20 years, I have been a Child Protective Social Worker, an Adult
> Protective Services Social Worker, and now I am a Social Worker for
> the Terminally Ill.  The abuse was bad enough of Children and Elderly,
> but now I lose several clients per month and burn out has set in.  Oh,
> not to mention the pay --- after 20 years, last year I finally made
> over the $30,000.00 salary.
>
> Two years ago, I started taking Information Security Courses at the
> Community College knowing I wanted a change.  Computer Forensics has
> always interested me --- and I wanted to see what Computer Security
> was all about.  From those courses, I became Security+ Certified and
> Network+ Certified.
>
> I decided to pursue my Masters --- either get a teaching job or
> something.  The Community College suggested that I get an Associates
> in Info Sec, then transfer and get a Bachelors in Info Sec and then
> pursue my Masters.  I knew that if I did that -- and work full time, I
> would be in a nursing home when I graduated!!  So I decided to jump
> right in and get my Masters.
>
> EVERYONE in my classes work in some sort of Computer Security Field
> --- either at the Pentagon, Lockheed Martin, Military Bases, or Banks,
> etc.  I attend Capitol College in Laurel Maryland.  My classes have
> been Network Security, Internal Protection, Computer Forensics,
> Malware, Cryptography, Wireless Security, Applied Wireless Security,
> Complimentary Security, Computer Security Risk Management, Perimeter
> Protection, and Internet Law.  I have a 3.97 average.
>
> One thing about me --- I am stubborn --- when someone tells me I
> cannot do something, I dig my heels in and work my tail off to do it.
> That is what I have done at Capitol ---- where some people study three
> hours a week, I have to study 10 because I am not as well versed as
> they are.  The labs are coming easier for me, but to begin with, they
> were HARD!!!!!
>
> I will get a better job --- I am determined ---- I know it will be at
> an entry level but I wll do it!!!!!
>
> I will keep you all posted on my next steps.
>
> Thanks friends.
>
> Elizabeth
>
>
> On Fri, Apr 17, 2009 at 10:11 AM, Elizabeth Tolson
> <elizabethtolson () gmail com> wrote:
> > Hi Everyone:
> >
> > I am finishing up my Master's Degree in Information Assurance from
> > Capitol College.  I had one Penetration Testing Classes which I really
> > enjoyed.
> >
> > I have done some research on Pen Testing and this seems to be
> > something that I might be interested in doing.
> >
> > During my research, I saw someone who was a Licensed Pen
> > Tester/Consultant.  Basically, he was hired by companies -- anywhere
> > from banks, law firms, accountants, merchants, etc --- to conduct pen
> > testing.  He would "ethically hack" without the employees knowing it.
> > He would also do some pen testing via social engineering.  He would
> > conduct Pen Testing during different hours of the day and night to
> > discover vulnerabilities, etc.  After the testing, he would submit a
> > report to the president/owner of the company with suggestions on
> > making his network a stronger, more secure network.
> >
> > Does anyone do this as a consultant?  Or, is this guy blowing smoke
> > and this is not a "real job".  I have seen some companies that do
> > this, but have not seen any individuals who do this.
> >
> > Also, if I am interested in pursing Pen Testing, what certs would you
> > recommend.  What additional training would you recommend.  What books
> > would you recommend?
> >
> > Thanks a lot.
> >
> > Elizabeth
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Tired of using other people's tools? Why not learn how to write your own exploits?
> InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits 
> for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.
>
> http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------