I'm really interested in starting a career in pentesting...

[drakoth777]

I'm 27, just barely picked up linux 7 months ago, but it's something that I really enjoy. It's all I can think about. I've already gone through two books, Counter Hack Reloaded by Skoudis, and Hacking Explosed by McClure, and I'm currently reading TCP/IP Illustrated Vol.1 and Hacking by Erickson(which I've found to contain a few mistakes) but is otherwise really good. I setup a computer lab in my living room, two mains, an e8400 and an q6700. I also have a small celeron(I used to despise celerons for their lack of computing power when it came to power gaming, but I now admire them for their energy efficiency) acting as a server for http, ventrilo, ftp, ssh, etc. I even put up a dry eraser board and hung up a poster of all the TCP/IP Networking Data Structures that came with the TCP/IP Illustrated 3 Volume Set. Anyhow, my point is, I constantly thirst to learn more. It's just simply fun.

So, I wanted to know the advantages/disadvantages, likes/dislikes, job security, fun factor, and what degree to get for such a career. I'd like to do EVERYTHING, hehe. I have a degree in Economics from Cornell University. I did my own Web Design business for a year after college and now I'm working as a Landman researching acreage to find out surface/mineral ownership for my company's clients so that they can go and lease for oil/gas drilling. I'm making around $80,000/yr and I just started 7 months ago. Anyhow, I did some reading and found that a degree in Information Systems with a major in Security seems like the way to go. Or maybe even getting a PH.D in IT or IS and maybe teaching and running some consulting on the side? My uncle, a professor with a PH.D in History, said that IT PH.D Professors are high in demand and will pay anywhere between $100k-$200k. What do you guys think? I mean it makes sense. This would be a highly skilled job that is high in demand, so I would think the pay would be decent. I mean I figure that there are not that many pentesters out there compared to the whole and that everyday more and more businesses are born with a bundle of computers that need to be secured. This growth of computers is exponentially growing. So the job market seems like it would be quite favorable to pentesters in the future.

What do you guys think?

[hhmatt]

I think its all about doing something your really passionate about. A passion that can last until your old and grey. Getting to the point of being a prestigious pentester can take MANY years and you must be prepared for such. The learning will never stop and there will always be more.

[imported_cybrsnpr]

drakoth777: If you are really interested in a career in pentesting and are not already "in the field" (a catch 22 I know), your best bet (other than shooting resumes out via monster or getting an "in" via the good old boy network) is to offer up your services as an intern for little or no pay to a reputable pentest group. Where are they? Attend some of the conventions in your general area (or outside your area) and get to know the attendees. Find a group or individuals who do this work and let them know you are interested in getting into the field and want to gain experience. If there are LUG (linux user group) or other related groups in your area (I know in the Northern VA area, NOVA Sec would be a good group to meet), attend their meetings and get to know the people. Basically, network and sell yourself. You seem eager, so get out there and beat the (useful) bushes.

Good Luck in your quest.

[NoobBiscUiT]

@drakoth777:

IS with an emphasis on security like you said in one of the best ways to go.
Your best bet following your BA in IS, is getting your Masters in Information Assurance.

This is also my passion, and goal

[whistler2008]

drakoth,

i couldn't agree more with hhmatt81 ... i am old and gray & i have been into computers
since I got my Kaypro II (64K of RAM,they first appeared on the scene in the early 80's. my first box was a Kaypro II (do u believe 191 Kb disk drive??) and i have been
hooked ever since.

it's all about passion.. following your heart. degrees from institutions can be useful
but are not really needed. Who is to say that a teacher knows more about a technology which is a mere 30 yrs old? If u read enough, you can get very very good and not
have to spend a day in a classroom listening to a pedant.

Good luck ...