Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: I'm really interested in starting a career in pentesting...

  1. #1
    Member
    Join Date
    May 2008
    Posts
    190

    Default I'm really interested in starting a career in pentesting...

    I'm 27, just barely picked up linux 7 months ago, but it's something that I really enjoy. It's all I can think about. I've already gone through two books, Counter Hack Reloaded by Skoudis, and Hacking Explosed by McClure, and I'm currently reading TCP/IP Illustrated Vol.1 and Hacking by Erickson(which I've found to contain a few mistakes) but is otherwise really good. I setup a computer lab in my living room, two mains, an e8400 and an q6700. I also have a small celeron acting as a server for http, ventrilo, ftp, ssh, etc. I even put up a dry eraser board and hung up a poster of all the TCP/IP Networking Data Structures that came with the TCP/IP Illustrated 3 Volume Set. Anyhow, my point is, I constantly thirst to learn more. It's just simply fun.

    So, I wanted to know the advantages/disadvantages, likes/dislikes, job security, fun factor, and what degree to get for such a career. I'd like to do EVERYTHING, hehe. I have a degree in Economics from Cornell University. I did my own Web Design business for a year after college and now I'm working as a Landman researching acreage to find out surface/mineral ownership for my company's clients so that they can go and lease for oil/gas drilling. I'm making around $80,000/yr and I just started 7 months ago. Anyhow, I did some reading and found that a degree in Information Systems with a major in Security seems like the way to go. Or maybe even getting a PH.D in IT or IS and maybe teaching and running some consulting on the side? My uncle said that IT PH.D Professors are high in demand and will pay anywhere between $100k-$200k. What do you guys think? I mean it makes sense. This would be a highly skilled job that is high in demand, so I would think the pay would be decent. I mean I figure that there are not that many pentesters out there compared to the whole and that everyday more and more businesses are born with a bundle of computers that need to be secured. This growth of computers is exponentially growing. So the job market seems like it would be quite favorable to pentesters in the future.

    What do you guys think?

  2. #2
    Member
    Join Date
    May 2008
    Posts
    190

    Default

    sorry for the accidental double post, plz delete me.

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by drakoth777 View Post
    sorry for the accidental double post, plz delete me.
    You better hope the mods don't take this too literally.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    15

    Default

    Yes, you could do pentesting as a job. But do you want to start for yourself? Or want to work as an employer?

    If you want to have a job like that i should try to get certificated so you can sell yourself for more money
    Two things are infinite: the universe and human stupidity;

  5. #5
    Member
    Join Date
    May 2008
    Posts
    190

    Default

    I initially wanna work for an employer, get some xp, then start a biz of my own.

    Yea, I wanna take all the online courses to get all the certificates. I'm thinking about going back to school. What would be the appropriate degree? IT or IS? or Computer Science, or does it not really matter?

  6. #6
    Just burned his ISO
    Join Date
    May 2008
    Posts
    7

    Default

    I was going to create a post like this but I found this one instead. I searched the forums and only came up with this link which turned out to be a flame war

    forums.remote-exploit.org/archive/index.php/t-12375.html

    I also checked Google and searched Career Builder and Dice and couldn't really find my answer so I am going to try here.

    I would like to work for a pen testing company or under someone. I know that I don't have the reference or skills (in pen testing) to create my own company currently. What outlets can you use to find such companies or employers? I was surprised when I entered "Pen Testing Analyst" on Dice I got back 0 replies. I might be using the wrong search words however.

    Anyone who started off working under a company or someone care to discuss how they "got in the field"?

    Any advice is greatly appreciated and thanks for making one of the best programs I have ever used

  7. #7
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    Good morning guys!

    well, let me provide you an insight into my current state.
    I've already mentioned in the 'New User Thread', but i will write again in details:

    First of all, i'm from Germany and i'm working on my diploma thesis.
    I was searching for a company where i can write a thesis about advanced network security.
    So i was writing some letter of application and found a (middle)-great IT company with about 300 working stations.
    In the interview for the job, i've explained what i want to do for them and what they could do for me:

    I will have a look at their complete network infrastructure and devise X scenaries for penetration tests on their network,
    the clients itself (vulnerabilities) and all the access possibilities such as WLAN,UMTS,Bluetooth...
    In one sentence: Hacking their network and avoid further attempts
    What they could do for me? Give me some money and the needed hardware

    The senior manager first was skeptic, but after a little demonstration with BT3
    he swallowed, smiled and said: Welcome to the team!


    You ask why i tell u all that? Well, i just want to give u some food for thought!
    Search for some buisness companies (IT), write some job applications and ask to demonstrate some vulnerabilities or so.
    Beeing a little lucky, they will be impressed and give u a job.
    Gather some experience and anytime , start your own business.

    Just my two cents in the morning with a cup of coffee.
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  8. #8
    Member
    Join Date
    May 2008
    Posts
    190

    Default

    I have a major in Economics hehe. Should I go back to school and get an IT or IS or Computer Science degree? I'm doing really well as far as learning goes in my computer lab. I'm going to take all the online pentesting certifications once I feel confident. So, should I go back to college, and if so, what degree would be best for a future pentester?

  9. #9
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    Quote Originally Posted by drakoth777 View Post
    Should I go back to school [...] what degree would be best for a future pentester?
    Going back to school and learning something new or enlarging your knowledge never will be wrong
    But I don't know what they teach u exactly at your universities, so if it is near the praxis...?!
    If you already have a successfull education i think it will be better to get some online certificates than going back to school and wasting time.
    I went to college 5 years and i've just finished, so maybe i'am prejudiced a little bit

    I also think there is no "best degree" for a pentester, most knowledge isn't learned at school, right?

    But i think your enthusiasm will bring you to the point you want to be !

    Good luck at all!
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  10. #10
    Member
    Join Date
    May 2008
    Posts
    190

    Default

    My parents are urging me to get my mba, but honestly, I think I'd be trudging through the major. It'd take a lot of effort since I'd have no motivation. I did one year of law school and I hated it. I do remember most of the stuff and it helped with my public speaking. Anyhow, I'm pretty enthusiastic about pentesting.

    I agree that my enthusiasm would take me right to where I want to be. On the weekends, all I ever do is work in my lab. I also have a gf to hang with who doesn't mind my obsession. However, with a gf and working out of town during the week, I simply feel like I need more time. I kinda want to quit my job and work in my lab full time. I mean there's soo much stuff to learn, which is another thing I like about this field. It never gets boring, because there's always something to learn. But at the same time, I'm making good money as a landman. Besides the first 6 months I was spending like crazy hehe. Bought tons of computer hardware. This is pretty much the first time I make my own serious money so I went all out. Now I'm saving up for taxes hehe. Sux working as a landman, because you're working on a contract. So in addition to paying 10% for taxes, I have to pay an additional self employment tax of 15%. Guess the government doesn't want people to work for themselves. At the same time, I guess they are making money with this tax. Anyhow, how are the offensive-security online courses on time? Do they require a lot of time? Is a month enough time to complete the course while working during the week? Is the course very deep? Does it explain each method? I still want to get more proficient before I start the courses.

    I'm still thinking about going back to school to get a Ph.D in IT or IS. That way I could teach just in case. I'm really enthusiastic about being a pentester. However, at the same time, it's a bit scary on the employment part. It just sounds a bit intimidating. What if you get employed and then make a mistake and the company has its credit card database stolen. I mean your career is pretty much finished after that. It just seems very dangerous job security wise. Not to mention getting employed. What is the basic demonstration to show a future employer, crack their network? All this is, at the moment, so far in the future, but I just want to know what it'll be like before I begin my full pursuit.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •