Penetration Testing mailing list archives
Re: Requesting Informational Interview
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Fri, 19 Jun 2009 04:10:55 -0400
Erin, Your mileage may vary. Having solid fundamentals and a deep understanding of specific subject areas is valuable indeed, and exactly the sort of thing you don't learn sitting in a classroom in my experience. I'm sure there are exceptions. Do check out that Slashdot link Rob. Cheers, Steve On Thu, Jun 18, 2009 at 5:23 PM, Erin Carroll<amoeba () amoebazone com> wrote:
Stephen, While I do agree that there is no substitute for hands-on learning, dismissing books/class learning as next to worthless is a bit harsh. While there are many things you can learn hacking your way through things, having solid fundamentals and a deep understanding of subject areas that books/classes can provide is invaluable. For example, it's one thing to know how to use something like hping or paketto to craft custom packets to achieve a particular result but quite another to understand exactly what is happening on the stack (and why) that causes that result to occur. Both styles of learning have their good and bad points. -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "I cannot brain today, I have the dumb"-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Stephen Mullins Sent: Wednesday, June 17, 2009 11:11 PM To: wia () ignoranceisbliss info Cc: pen-test () securityfocus com; security-basics () securityfocus com Subject: Re: Requesting Informational Interview Hello Rob, While I cannot answer your questions directly as I do not work in the Pen Testing specialty, I can provide some useful information. Check out this interview Slashdot did with Fyodor (creator of nmap). http://interviews.slashdot.org/article.pl?sid=03/05/30/1148235&startat= &threshold=4&mode=nocomment&commentsort=3&op=Change Look at his answer to question #4. There is a lot of good advice there, advice I myself have followed. I would emphasize his comments on hands on experience. There simply is no substitute. Books and college style learning are next to worthless in this case. You need to basically teach yourself and just "hack" your way through problems until you have legitimate skills. Best of luck, Steve Mullins On Mon, Jun 15, 2009 at 8:00 PM, Rob<wia () ignoranceisbliss info> wrote:Hello all. I am sure you all have seen many of these questions posed on thislist, aswell as others. I am aware of the typical answers of, write aprogram,compile a new LiveCD, etc. But I was hoping to try something alittle bitdifferent. I have found myself in a precarious situation. I have been inbetweenjobs since October and am now finding myself able to attend some schooling. On this path to schooling, I was posed with a veryinterestingquestion. "How did the others that do what I want to do, get there?" I want to be a pen-tester. I have been working with computers for over fifteen years - eight ofthoseprofessionally (Help Desk, SysAdmin, InfoSec Admin). I am fluent in Windows and can get done what I need to in Linux. I am good at justabouteverything, with the exception of databases, coding and routing. Iamalmost entirely self-taught and simply have not done that type ofwork,yet... I did attend a class at a school that I will not name (theyhaveearned no plugs through me), though many of you have heard of it. Ialsocertified afterwords. It is a certification that is very similar toaCISSP, though is is more technically based. So, to all of you pen-testers out there, if I could please ask youfor10-15 minutes of your valuable time. If you could either replyprivatelyto the questions below - allowing me one reply with any questionsthat youmay have invoked. Or if you would prefer to be contacted via phone -aprivate message with a number and the best time to be contacted,would beappreciated. If unsure, please choose the first choice. My questions: I am trying to discover the best path, to get me from here to there.Whatwas it that you did to get there? What do you think are the good parts of the job? What do you think are the bad parts of the job? What is it about pentesting that keeps you coming back? Do you have any recommendations on what to watch out for? If you were able to do it all over again, would you go back intopentesting?-- Thank you so much for your time. It is very much appreciated. Rob Thompson ------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification ReviewBoardProve to peers and potential employers without a doubt that you canactually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ----------------------------------------------------------------------------------------------------------------------------------------------- - This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ----------------------------------------------------------------------- -
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Requesting Informational Interview Rob (Jun 15)
- Re: Requesting Informational Interview Anthony Cicalla (Jun 16)
- RE: Requesting Informational Interview Teodorski, Chris (Jun 16)
- RE: Requesting Informational Interview Rob (Jun 17)
- Re: Requesting Informational Interview Stephen Mullins (Jun 18)
- RE: Requesting Informational Interview Erin Carroll (Jun 18)
- Re: Requesting Informational Interview Stephen Mullins (Jun 19)
- Re: Requesting Informational Interview Rob (Jun 22)
- RE: Requesting Informational Interview Erin Carroll (Jun 18)
- <Possible follow-ups>
- Re: RE: Requesting Informational Interview rracic (Jun 18)
- Re: RE: Requesting Informational Interview Justin Ferguson (Jun 24)
- Re: RE: Requesting Informational Interview Radmilo Racic (Jun 24)
- Re: RE: Requesting Informational Interview Justin Ferguson (Jun 24)
- Fwd: Re: Requesting Informational Interview Rob (Jun 22)
- Re: Requesting Informational Interview Rob (Jun 22)
- Fwd: Re: Requesting Informational Interview Rob (Jun 24)