Fwd: Re: Requesting Informational Interview

["Rob" <wia () ignoranceisbliss info>]

---------------------------- Original Message ----------------------------
Subject: Re: Requesting Informational Interview
From:    "Chris Griffin" <chris.griffin () isecom org>
Date:    Tue, June 16, 2009 7:24 am
To:      wia () ignoranceisbliss info
--------------------------------------------------------------------------

Hi Rob,

Below Ill give you my answer for the questions you asked.

I am trying to discover the best path, to get me from here to there.  What
was it that you did to get there?
Personally, I started volunteering with ISECOM
working on the OSSTMM about 5 or so years ago. Not only have I been able to
put that on my resume I have learned a great deal doing so. If you would
like to
check it out, osstmm.org or email pete () isecom org. I am biased, but you can
ask others
and they will tell you the OSSTMM can really help you in pen testing to be
complete and accurate.



What do you think are the good parts of the job?
Its fun, if your a super geek. You can
get quite an adrenalin rush at times!

What do you think are the bad parts of the job?
Sometimes it can involve lots of travel, so
depending on what you like that can be good or bad. I have a wife and 4 kids
so I like to be near home.

What is it about pentesting that keeps you coming back?
 Again, its fun, you always have to keep
learning, you CAN NOT sit still in this line of work, you literately have to
learn something new at least
every week, or it will pass you by.

Do you have any recommendations on what to watch out for?
To me, network/system testing is the easiest but
will require the most travel. Web app testing is harder and can be much more
involved but in most cases can
be done from the office or home. Lots of the web app testing jobs are work
from home. Atleast once you make
it to a senior level.

If you were able to do it all over again, would you go back into pentesting?

Without a doubt!
This is one industry that no matter how many people are in it, someone
somewhere can push the envelope further
and keep things going. So id say after technical ability, creativity is
crucial.




On Mon, Jun 15, 2009 at 8:00 PM, Rob <wia () ignoranceisbliss info> wrote:

> Hello all.
>
> I am sure you all have seen many of these questions posed on this list, as
> well as others.  I am aware of the typical answers of, write a program,
> compile a new LiveCD, etc.  But I was hoping to try something a little bit
> different.
>
> I have found myself in a precarious situation.  I have been in between
> jobs since October and am now finding myself able to attend some
> schooling.  On this path to schooling, I was posed with a very interesting
> question.
>
> "How did the others that do what I want to do, get there?"
>
> I want to be a pen-tester.
>
> I have been working with computers for over fifteen years - eight of those
> professionally (Help Desk, SysAdmin, InfoSec Admin).  I am fluent in
> Windows and can get done what I need to in Linux.  I am good at just about
> everything, with the exception of databases, coding and routing.  I am
> almost entirely self-taught and simply have not done that type of work,
> yet...  I did attend a class at a school that I will not name (they have
> earned no plugs through me), though many of you have heard of it.  I also
> certified afterwords.  It is a certification that is very similar to a
> CISSP, though is is more technically based.
>
> So, to all of you pen-testers out there, if I could please ask you for
> 10-15 minutes of your valuable time.  If you could either reply privately
> to the questions below - allowing me one reply with any questions that you
> may have invoked.  Or if you would prefer to be contacted via phone - a
> private message with a number and the best time to be contacted, would be
> appreciated.  If unsure, please choose the first choice.
>
> My questions:
>
> I am trying to discover the best path, to get me from here to there.  What
> was it that you did to get there?
>
> What do you think are the good parts of the job?
>
> What do you think are the bad parts of the job?
>
> What is it about pentesting that keeps you coming back?
>
> Do you have any recommendations on what to watch out for?
>
> If you were able to do it all over again, would you go back into
> pentesting?
>
> --
>
> Thank you so much for your time.  It is very much appreciated.
>
> Rob Thompson
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------