Penetration Testing mailing list archives
Re: Skills needed to become a Security Expert and Penetration Tester?
From: bartlettNSF <bartlettNSF () comcast net>
Date: Mon, 27 Apr 2009 00:23:18 -0400
Stephen Mullins wrote:
What books have you studied from. Maybe that would give some of us a better idea of what your current scope of knowledge is. I could recommend a few to you for study. I'm currently reading Hacking Exposed 6. Which has some very useful information. It's more of a refresher book for me, but none the less, it contains stuff I still find interesting and leads to researching other points of interest in network and system security. My biggest lack of experience is in programming. I've been told, more times then once, that programming in C, C++, Python, and other such languages is desired in the Pen-Testing field occupational field. I do hope you succeed in your endeavor. It will be nice to see another person willing to take on the task to secure networks and systems.I don't think any of those things will actually lead to getting a job as a Pen Tester. Figure out what employers actually want and then try to match your skills and resume as closely as possible. In other words, there is a list of skills you need to be legitimately qualified (programming, in depth networking/protocol knowledge, etc.) and then there is a list of "skills" (usually knowledge of a specific set of GUI tools) employers want; these are not the same thing. I suggest you put out a resume and try to get some interviews for Information Security jobs that you know you're not qualified for. Use them as informational interviews to figure out what employers are looking for. Could be embarrassing, but look at it as an early start to your Pen Testing career, using social engineering attacks against employers to eventually "penetrate" their defenses and have one of them hire you. Brush up on your acting skills and go into the interviews with a specific plan of what you want to find out and how to approach things. Someone on this list mentioned "Pen Testing" HR/hiring processes yesterday. Sounds like this is a chance for you to do some field work in this subject area. Steve On Fri, Apr 24, 2009 at 6:47 AM, Chip Panarchy <forumanarchy () gmail com> wrote:Hello There was a nice link with information on this which I found a while ago, does anyone still have the link? To learn all skills required to be a Security Expert and Penetration Tester I plan on; - Learning C++ - Creating my own Linux Distribution (security-orientated LiveCD) - Creating my own Windows Distribution (security-orientated, non-distributed, PE type, LiveCD) - Creating my own Mac Distribution (security orientated, non-distributed, LiveCD/DVD) - Continue to subscribe to this mailing-list (pen-test & security-basics) Are there any other skills which I should be aiming to acquire? Would really appreciate any advice. Thanks in advance, Chip D. Panarchy PS: I currently reside as a full-time IT Support Analyst, and have held my job for a fortnight. Plan on working there for quite a while, and in my spare time training myself for the IT Security field. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteTired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Hope to see you on the battle field. Stephen ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteTired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.
http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Skills needed to become a Security Expert and Penetration Tester? Chip Panarchy (Apr 26)
- Re: Skills needed to become a Security Expert and Penetration Tester? Richard Thomas (Apr 26)
- Re: Skills needed to become a Security Expert and Penetration Tester? Stephen Mullins (Apr 26)
- Re: Skills needed to become a Security Expert and Penetration Tester? bartlettNSF (Apr 27)