Re: Requesting Informational Interview

[Anthony Cicalla <anthony.cicalla () gmail com>]

Go to owasp.org get web goat, download webmaven buggy bank, get vmare
setup a mock network use buggy bank and web goat and learn to exploit
those vulnerabilities, Also get metaploit and get familiar with it,
hit up packetstorm security, security focus , sans, and other security
sites and learn about the vulnerabilites you think you want to test
for / exploit. When you have the knowledge you will get the work.

Anthony

On Mon, Jun 15, 2009 at 5:00 PM, Rob <wia () ignoranceisbliss info> wrote:
> Hello all.
>
> I am sure you all have seen many of these questions posed on this list, as
> well as others.  I am aware of the typical answers of, write a program,
> compile a new LiveCD, etc.  But I was hoping to try something a little bit
> different.
>
> I have found myself in a precarious situation.  I have been in between
> jobs since October and am now finding myself able to attend some
> schooling.  On this path to schooling, I was posed with a very interesting
> question.
>
> "How did the others that do what I want to do, get there?"
>
> I want to be a pen-tester.
>
> I have been working with computers for over fifteen years - eight of those
> professionally (Help Desk, SysAdmin, InfoSec Admin).  I am fluent in
> Windows and can get done what I need to in Linux.  I am good at just about
> everything, with the exception of databases, coding and routing.  I am
> almost entirely self-taught and simply have not done that type of work,
> yet...  I did attend a class at a school that I will not name (they have
> earned no plugs through me), though many of you have heard of it.  I also
> certified afterwords.  It is a certification that is very similar to a
> CISSP, though is is more technically based.
>
> So, to all of you pen-testers out there, if I could please ask you for
> 10-15 minutes of your valuable time.  If you could either reply privately
> to the questions below - allowing me one reply with any questions that you
> may have invoked.  Or if you would prefer to be contacted via phone - a
> private message with a number and the best time to be contacted, would be
> appreciated.  If unsure, please choose the first choice.
>
> My questions:
>
> I am trying to discover the best path, to get me from here to there.  What
> was it that you did to get there?
>
> What do you think are the good parts of the job?
>
> What do you think are the bad parts of the job?
>
> What is it about pentesting that keeps you coming back?
>
> Do you have any recommendations on what to watch out for?
>
> If you were able to do it all over again, would you go back into pentesting?
>
> --
>
> Thank you so much for your time.  It is very much appreciated.
>
> Rob Thompson
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------



--
Anthony,

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------