+ Reply to Thread
Results 1 to 3 of 3
  1. Member
    Join Date
    Mar 2012
    Posts
    37
    #1

    Default What is the biggest "problem" becoming a Professional Pentester

    I am thinking about pursuing a career in InfoSec - ive posted a few other threads on qualifications etc but what do you reckon is my biggest problem or better said challenge?

    Is it persuading an employer that I am skilled enough or experienced enough or "clever" enough to think out of the box?

    Thanks kinda confused - just want to make sure that this is the right path for me!

    Or let me ask another thing, especially if you are a PenTester yourself: why did you become a PenTester?
    Did it just happen or did you seek out that role?

    (To be honest I want to be a PenTester just cause it looks like the more fun side)

    Thanks for all replies..
    Reply With Quote Quote  

  2. SS -->
  3. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #2
    What does your current IT work experience look like? Nobody really gets into infosec without some years doing standard IT stuff because you need technology fundamentals if you're going to do security and pentest work. If you already have a good grasp of operating system, application, and networking principles as well as practical experience managing them in various environments, you'll be better equipped to know your way around a client's environment when you're performing vulnerability assessments. There's a ton of minutia involved and you'll be held accountable for them.

    I see a lot of people wanting to get into pentesting because they see the sexy side of it - the recon, the mapping, the breaking in... But a good portion of the work is writing reports. Strong communication skills (especially writing) is very much a requirement. You have to be able to convey the problem, support your findings with evidence, and recommend fixes. At the end of the day, you're responsible for every single packet that you send out and that requires a deep understanding of what's in the traffic and knowing exactly how your tools operate. You don't want to inadvertently damage a target network that's in scope.

    Being in infosec generally requires a certain degree of creativity, improvisational skills, as well as determination. It's fast-paced, very strenuous, and you'll be expected to keep up with a lot of new information on an ongoing basis which requires a core dedication to constantly reading and growing. It's a rigorous mental exercise that not everyone understands or is prepared for. This is for both the defense and offensive sides.

    It's good to have an interest, but understand your real motivation and what's driving you. Reality may not necessarily correspond with your expectations.
    Last edited by docrice; 03-14-2012 at 09:35 AM.
    Reply With Quote Quote  

  4. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    1,211

    Certifications
    CISSP, CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #3
    I like your replay, require constant preparation (study a lot), experience in IT, it is a good field but require a lot of self study and discipline.

    I remember one time, testing one Windows 2003 server and got shell attacking the dns, it felt good but not when the users called you saying that they could not reach any site in internet, lol. It is interesting but you need to know what will happen with some exploits.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks