Penetration Testing mailing list archives
Re: Need Some Guidance Please
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Tue, 21 Apr 2009 07:11:27 -0400
If you're in the D.C. area then the only thing standing in your way is a security clearance. The elitist/snobbish attitude is pretty prevalent around here, especially among IT workers. If you have the right attitude and find the right hiring manager (one that values college education more than experience, and won't look down on you because you didn't graduate from MIT or Johns Hopkins) then you should be good to go. Try to get a security clearance though, even if it requires you to work in a non-Security related IT role (like Help Desk, Jr. Sys Admin etc.) for a year. As far as getting in the door with security, I don't think Pen-Testing is really a starting point as it requires a great deal of legitimate, hard-core technical skill. I'd suggest Information Assurance or perhaps shift work in a SOC/NOSC environment as an analyst. Just my 2 cents. Steve On Sun, Apr 19, 2009 at 3:39 PM, Elizabeth Tolson <elizabethtolson () gmail com> wrote:
THANKS EVERYONE!!!! I really received some valuable information. One thing I did not state clearly --- when this guy "Ethically Hacked" without employees knowing it, he did it with the permission of the CEO or owner of the company. Apparently, he meets with the CEOs and they are the only ones aware of his Pen Testing. Anyway, I do appreciate the advice. Yes, I did receive my fair share of questions of "Do you know this ...... Do you know that ..... Do you know how to do this ........ Do you know what xxxxxxx means, etc." Sometimes I find that computer geeks run hot and cold --- many are so eager to help others and on the other hand, many want to feel that they are the only ones who can do a certain job or should be the only ones doing a job. Again, I really appreciate all the advice you all gave me. Someone asked about experience. That is the one thing I am REALLY lacking in. However, I feel I can safely say that no one on this list was born knowing how to PenTest --- you learned somehow and somewhere....... and that is what I am doing now. I graduated from College with a Bachelors Degree in Social Work. For 20 years, I have been a Child Protective Social Worker, an Adult Protective Services Social Worker, and now I am a Social Worker for the Terminally Ill. The abuse was bad enough of Children and Elderly, but now I lose several clients per month and burn out has set in. Oh, not to mention the pay --- after 20 years, last year I finally made over the $30,000.00 salary. Two years ago, I started taking Information Security Courses at the Community College knowing I wanted a change. Computer Forensics has always interested me --- and I wanted to see what Computer Security was all about. From those courses, I became Security+ Certified and Network+ Certified. I decided to pursue my Masters --- either get a teaching job or something. The Community College suggested that I get an Associates in Info Sec, then transfer and get a Bachelors in Info Sec and then pursue my Masters. I knew that if I did that -- and work full time, I would be in a nursing home when I graduated!! So I decided to jump right in and get my Masters. EVERYONE in my classes work in some sort of Computer Security Field --- either at the Pentagon, Lockheed Martin, Military Bases, or Banks, etc. I attend Capitol College in Laurel Maryland. My classes have been Network Security, Internal Protection, Computer Forensics, Malware, Cryptography, Wireless Security, Applied Wireless Security, Complimentary Security, Computer Security Risk Management, Perimeter Protection, and Internet Law. I have a 3.97 average. One thing about me --- I am stubborn --- when someone tells me I cannot do something, I dig my heels in and work my tail off to do it. That is what I have done at Capitol ---- where some people study three hours a week, I have to study 10 because I am not as well versed as they are. The labs are coming easier for me, but to begin with, they were HARD!!!!! I will get a better job --- I am determined ---- I know it will be at an entry level but I wll do it!!!!! I will keep you all posted on my next steps. Thanks friends. Elizabeth On Fri, Apr 17, 2009 at 10:11 AM, Elizabeth Tolson <elizabethtolson () gmail com> wrote:Hi Everyone: I am finishing up my Master's Degree in Information Assurance from Capitol College. I had one Penetration Testing Classes which I really enjoyed. I have done some research on Pen Testing and this seems to be something that I might be interested in doing. During my research, I saw someone who was a Licensed Pen Tester/Consultant. Basically, he was hired by companies -- anywhere from banks, law firms, accountants, merchants, etc --- to conduct pen testing. He would "ethically hack" without the employees knowing it. He would also do some pen testing via social engineering. He would conduct Pen Testing during different hours of the day and night to discover vulnerabilities, etc. After the testing, he would submit a report to the president/owner of the company with suggestions on making his network a stronger, more secure network. Does anyone do this as a consultant? Or, is this guy blowing smoke and this is not a "real job". I have seen some companies that do this, but have not seen any individuals who do this. Also, if I am interested in pursing Pen Testing, what certs would you recommend. What additional training would you recommend. What books would you recommend? Thanks a lot. Elizabeth------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Re: Need Some Guidance Please, (continued)
- Re: Need Some Guidance Please Daniel Clemens (Apr 18)
- Re: Need Some Guidance Please Jeffrey Walton (Apr 18)
- Re: Need Some Guidance Please Micheal Cottingham (Apr 18)
- Re: Need Some Guidance Please Michael Boman (Apr 21)
- Re: Need Some Guidance Please Nate (Apr 18)
- Need for Intrusion/Infection Data Baykal, Adnan (CSCIC) (Apr 21)
- Re: Need for Intrusion/Infection Data Jon Janego (Apr 21)
- Re: Need for Intrusion/Infection Data Leonardo Cavallari Militelli (Apr 21)
- RE: Need for Intrusion/Infection Data Honer, Lance (Apr 21)
- Re: Need Some Guidance Please Daniel Clemens (Apr 18)
- Re: Need Some Guidance Please Elizabeth Tolson (Apr 21)
- Re: Need Some Guidance Please Stephen Mullins (Apr 21)
- Re: Need Some Guidance Please Aarón Mizrachi (Apr 30)
- Re: Need Some Guidance Please Matt Gardenghi (Apr 21)
- Re: Need Some Guidance Please Pete Herzog (Apr 21)
- Re: Need Some Guidance Please Todd Haverkos (Apr 23)