RE: Requesting Informational Interview

["Rob" <wia () ignoranceisbliss info>]

> Rob,
>
> Why would you want these replies private?

It appears I wrote that incorrectly.  I meant to say for phone calls,
please reply privately so the person replying wasn't putting their
personal information out there.  I didn't intend to include that with the
e-mail part.

> I think the answer to these
> questions might be of great value to the list generally.

I think that you may be right.  I did not think that I would get back a
reply at all.  I received quite a few.  The range of answers did vary
between them all - significantly in some cases.  And every single reply
that I got back was a good one.

Since I worded it as I did, I need to get permission from the folks that
replied.  There were a couple of people that explicitly requested to
remain private and I will respect that.  Give me a day'ish to give folks a
chance to get back to me.  Those that give the okay, I'll forward on.  :)

> Chris
>
>
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Rob
> > Sent: Monday, June 15, 2009 8:00 PM
> > To: pen-test () securityfocus com
> > Cc: security-basics () securityfocus com
> > Subject: Requesting Informational Interview
> >
> > Hello all.
> >
> > I am sure you all have seen many of these questions posed on this list,
> > as
> > well as others.  I am aware of the typical answers of, write a program,
> > compile a new LiveCD, etc.  But I was hoping to try something a little
> > bit
> > different.
> >
> > I have found myself in a precarious situation.  I have been in between
> > jobs since October and am now finding myself able to attend some
> > schooling.  On this path to schooling, I was posed with a very
> > interesting
> > question.
> >
> > "How did the others that do what I want to do, get there?"
> >
> > I want to be a pen-tester.
> >
> > I have been working with computers for over fifteen years - eight of
> > those
> > professionally (Help Desk, SysAdmin, InfoSec Admin).  I am fluent in
> > Windows and can get done what I need to in Linux.  I am good at just
> > about
> > everything, with the exception of databases, coding and routing.  I am
> > almost entirely self-taught and simply have not done that type of work,
> > yet...  I did attend a class at a school that I will not name (they
> > have
> > earned no plugs through me), though many of you have heard of it.  I
> > also
> > certified afterwords.  It is a certification that is very similar to a
> > CISSP, though is is more technically based.
> >
> > So, to all of you pen-testers out there, if I could please ask you for
> > 10-15 minutes of your valuable time.  If you could either reply
> > privately
> > to the questions below - allowing me one reply with any questions that
> > you
> > may have invoked.  Or if you would prefer to be contacted via phone - a
> > private message with a number and the best time to be contacted, would
> > be
> > appreciated.  If unsure, please choose the first choice.
> >
> > My questions:
> >
> > I am trying to discover the best path, to get me from here to there.
> > What
> > was it that you did to get there?
> >
> > What do you think are the good parts of the job?
> >
> > What do you think are the bad parts of the job?
> >
> > What is it about pentesting that keeps you coming back?
> >
> > Do you have any recommendations on what to watch out for?
> >
> > If you were able to do it all over again, would you go back into
> > pentesting?
> >
> > --
> >
> > Thank you so much for your time.  It is very much appreciated.
> >
> > Rob Thompson
> >
> >
> > -----------------------------------------------------------------------
> > -
> > This list is sponsored by: Information Assurance Certification Review
> > Board
> >
> > Prove to peers and potential employers without a doubt that you can
> > actually do a proper penetration test. IACRB CPT and CEPT certs require
> > a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > -----------------------------------------------------------------------
> > -



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------