mailing list archives
Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: El Nahual <nahual () S0D SAL ITESM MX>
Date: Sat, 9 Sep 2000 09:50:35 -0800
On Fri, 8 Sep 2000, Lashley, Bryan wrote:
I am wondering how did the readers of this list get into the pen-testing
field? What steps did you take to get from where you started in the field to
where your at now? Did employers train you? Did you get promoted into it?
Did you create the position yourself?
I can only speak on experience, my employer found me in Black Hat, I went
by myself because I always liked to learn security stuff, they were
impressed a Mexican guy could actually code some stuff (hehehe).
We have internal training courses, one guy is a master of overflows,
another on IDS systems and so on, so they speack about it, is very
interesting and is not ofrmal at all so all kinds of questions are allowed
and we all learn ....
Pen testing & security is a very interesting area of the IS field I would
like to break into but many positions posted are requiring years of
pen-testing skills which I just don't have outside of my personal lab at
home (combo of Win95,NT Srv, RH Linux). Would you recommend starting at a
big 5 firm? A small firm? Fortune 500's? Has anybody heard of any
pen-testing firms in St. Louis?
Well check it out, working in your lab at home could be called pen
testing, you should include that in your resume or throw it in on the
interview, Pen testing can be boring (raise your hand all pen testers that
have never nevre never had a really boring audit? .. you lucky you) but if
you are interested enough to waste personal time in something that doesn't
give you any money back then you defenetly can get in.
Enrique Sanchez (El Nahual)
http:// w w w . s 0 d . o r g