Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] How to "break into" the Pen-Testing field
Date: Sun, 10 Sep 2000 13:27:06 +1000

Make friends, find people that will answer questions ( that's called
networking and those network last a lifetime). Test out stuff at home. Offer
to audit your friends webservers (Get permission first). Try and keep an
overall knowledge but specialize in at least one thing. If you see a website
with good information write to the webmaster and ask him how he got his
knowledge. I have found that quite a few will write back  Find out who in
your area is doing Pen testing and offer your time free to do research for
them. That way they will see you are not just in it for the glory, and you
can add it to your CV.

Remember this rule
 For every 1 hour at the keyboard on a hack, you may  spend 100 hours
reading. People need to see you have staying power to do that. Show them
that and you will get what you want..

I don't know if everybody will agree with me but that's how I did it.

 Thanks to El Nahual and Am3ntiA, the dudes I been bugging for my info.

http:// w w w . s 0 d . o r g

----- Original Message -----
From: "El Nahual" <nahual () S0D SAL ITESM MX>
Sent: Sunday, September 10, 2000 3:50 AM
Subject: Re: How to "break into" the Pen-Testing field

On Fri, 8 Sep 2000, Lashley, Bryan wrote:

I am wondering how did the readers of this list get into the pen-testing
field? What steps did you take to get from where you started in the
field to
where your at now? Did employers train you? Did you get promoted into
Did you create the position yourself?

I can only speak on experience, my employer found me in Black Hat, I went
by myself because I always liked to learn security stuff, they were
impressed a Mexican guy could actually code some stuff (hehehe).

We have internal training courses, one guy is a master of overflows,
another on IDS systems and so on, so they speack about it, is very
interesting and is not ofrmal at all so all kinds of questions are allowed
and we all learn ....

Pen testing & security is a very interesting area of the IS field I
like to break into but many positions posted are requiring years of
pen-testing skills which I just don't have outside of my personal lab at
home (combo of Win95,NT Srv, RH Linux). Would you recommend starting at
big 5 firm? A small firm? Fortune 500's? Has anybody heard of any
pen-testing firms in St. Louis?

Well check it out, working in your lab at home could be called pen
testing, you should include that in your resume or throw it in on the
interview, Pen testing can be boring (raise your hand all pen testers that
have never nevre never had a really boring audit? .. you lucky you) but if
you are interested enough to waste personal time in something that doesn't
give you any money back then you defenetly can get in.

Enrique Sanchez (El Nahual)
http:// w w w . s 0 d . o r g

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]