Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: Oliver Petruzel <oliverpetruzel () EMAIL COM>
Date: Mon, 11 Sep 2000 00:50:28 -0400

I am wondering how did the readers of this list get into the pen-testing
field? What steps did you take to get from where you started in the
field to where your at now? Did employers train you? Did you get
promoted into it? Did you create the position yourself?

my 2 cents: A few items (in no particular order) to gain some knowledge

1. Coding in C and perl, (and perhaps assembler)
2. Strong understanding of IP networking (mainly packet structure and
device purpose. ie. "what does a switch do?"  Work on other, more unique
archictures, later)
3. Collect and play with EVERY operating system you can get a copy of.
(use swappable hard drives or ghost images with generic/hardened
installs of each OS to set up "scenerios")
4. A strong desire to know how EVERYTHING in the universe around you

Like many, I came up through the ranks starting back in the late 80's
doing this on my own.  Then, reading as many howto's and RFCs' as
possible. (including all of the old hacker-group texts you can find)  I
first started in tech support.. then admin..then engineering.. And
ultimately, I was able to move to security specific work.  Beginning
with easier Audits and Evaluations, and moving on (backwards in a way!)
to pen-testing specifically.  The key is making your employer aware of
your genuine interest in security specific work.  ALL companies need
some security professionals of a sort, so opportunities are everywhere.
Offer yourself up as an admin, then train your assistant to do YOUR job,
and at the same time let your employer know you wish to start securing
the place!

Read EVERYTHING mentioned in this list, on secfocus, bugtraq,
techtronic, slashdot...EVERYTHING!...and ask questions! as many as you
need to!  Forums, newsgroups, direct emails.  Every security
professional I know is willing to pass on his/her knowledge in one way
or another...that's the whole point!

And go buy "Hacking Exposed" (unsolicted plug!) right away.  This will
show you, at an easy to follow level, atleast the baseline for today's
security problems and actual command-line tactics and tools.  It will
begin the process of giving you the needed "badguy" mentality.  It's a
truly great book for both new and old hackers... but by no means the
ONLY book...

enjoy your lab at home.
I do. We all do.  Otherwise we wouldnt be in this business at all...

Oliver Petruzel
pentest specialist
BA&H Inc. National Security Team

FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]