I too want to start a career in pentesting. My problem is that I have no work experience in the field. I have been teaching myself in my own home. I found a institute(www.onlc.com) that offers CEH, SCNP, SCNS, SCP, and Security + certifications in my city. Each course is an intense all day 5 day course. I thought it'd be a good idea to strengthen my resume with a few certifications. I tried to sign up for the CEH course, but since I don't have any work experience in the field, the institute wants me to take a few other certifications like Network + and some others before I proceed taking the CEH course. Thing is, each certification is like $2,000-$2,500. However, I feel that these certifications would strengthen my resume. I would think it would give an employer a better understanding of my knowledge in the field and greatly increase my chances of being hired as opposed to hiring someone who was "self-taught."
I was also going to apply to a unversity for a Masters Degree in IT, with a specialization in Infrastructure/Information Assurance. The classes for the degree are such:
Security Risk Analysis, Secure Network Designs, Security Incident Response, Computer Forensics, Cyber Law, Policy Assurance for Infrastructure Assurance, Secure Software Design, Supervisory Control & Data Acquisition, and Independent Study.
I also want to get my Cisco Certification and maybe take an electrical engineering course.
Would this be a good route to take for starting a career in pentesting?
Stop the TSA now! Boycott the airlines.
I think I have an intermmediate understand if linux. I've been reading Volume 1 of TCP/IP Illustrated by Stevens. I setup a computer lab and have tcpdump running to see how tcp/ip protocol works. I've also been reading HACKING: art of exploitation by Erickson and have been learning C/C++ and perl. I'm also going to take that Network + course in a few weeks.
So what about taking those certs and getting that masters? A good route to take?
My opinion is there are 3 paths that make up this field. Experience/Certs/Education. All of them work together but you don't necessarily need all 3. Some companies will hire someone based on experience vs certs and vice versa. Some companies won't even talk to you unless you have a Masters. Just how it is.
You will have to choose a balance that fits you.
Also the Offsec course kicks ass and is worth the investment