Re: How to become a pentester

[Danux <danuxx () gmail com>]

It depends, there are different levels of pen testers, the ones who
only run tools, in which case Organizations does not need them since
they can do the same thing, and the ones who create their one exploits
based on the Organization being tested. You will not be able to cover
all the pieces by yourself, commonly, there should be a team with
different skills, some with good experience in the networking side
(routes, switches, firewalls, ids/ips, etc), other with background in
Application Security, other in different flavors of Operating Systems
and so on, so I kinda disagree with Andres, since for me to become a
real pen tester which means acting as real hacker is too too far away
from I guy who holds CE|H and or Security +.

Now, you as a student, you gotta start from scratch (as all of us), I
mean, you need to join a Company doing pen testing, be part of the
testing team, learn, learn and learn and then you will get to a point
where is up to you to decide if you wanna become a high-skill
pentester by getting training from different sources and mainly doing
your own research or as I said, the other option is just keep running
hundreds of tools as taught by CE|H, sorry, I am not a fan of this
certification, actually ... it sucks!!!! specially because they named
you an Ethical Hacker once you pass their written exam.

Again, all training is good, specially when you are trying to get more
experience, just choose the right path based on your expectations.


Hope this helps.

On Fri, Dec 10, 2010 at 2:05 AM, Anupam Kumar <anupam () kumargroups org> wrote:
> Hi Andres,
>
> It is quite simple to become a pentester. You need to ensure that you have thorough understanding in security. Having 
> certifications like CEH or Security+ is helpful. Remember that a pentester can't be confined to one technology. You 
> virtually need to know everything. However, in the beginning you might not get a job as a pentester as organisations 
> want experienced people. So it is often helpful to join as an Administrator and then become a pentester after a 
> couple of years.
>
>
> ------Original Message------
> From: Andres Rauschecker
> Sender: listbounce () securityfocus com
> To: pen-test () securityfocus com
> Subject: How to become a pentester
> Sent: Dec 9, 2010 1:56 AM
>
> Hello guys,
>
> I am going to school yet, but I want to become a pentester in my later life. I've been programming for four years now 
> and started to deal with IT-security two years ago. I've asked a lot of people working in IT-business, what they did 
> to get their job, but unfortunately I never got to know a pentester.
>
> Because of that, it would be really great if anyone of you could tell me, how he became a pentester.
>
> Thanks in advantage and sorry for my bad English (I'm from Germany),
>
> Andres Rauschecker
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
>
> Thanks & Regards
> Anupam Kumar
> Mobile: +91 98860 45030
>
> Sent on my BlackBerry® from Vodafone



-- 
DanUx

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------