Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to get into Penetration testing?

From: Erin Carroll <amoeba () amoebazone com>
Date: Tue, 13 Jun 2006 19:20:40 +0000 (UTC)
It all depends on your level of experience. For someone who has been working actively in the security field for a while, the CEH may be a little basic. However, just because you know all about firewalls doesn't mean you shouldn't consider a course like the CEH to help round out your realm of knowledge.
For practical hands-on courses, the SANS classes are a good way to go.. but again YMMV depending on the course selection and your background. If you want to get into pen-testing, the GCIH is a good primer which covers some of the more well-known OSS security tools and their uses.
The CISSP (IMHO) is not as useful to people looking for practical experience since it tends to focus on security concepts, procedures, information assurance, and areas of security which don't always have direct relavence to pen-testing (eg. physical security... I have yet to get to break in or social enginer my way into a facility... but I'm hopeful :). However, the CISSP is required for most government security-type jobs and is a widely recognized certification. 

-Erin


On Tue, 13 Jun 2006, Alberto Arroyo wrote:


I have heard about people saying that CEH is too basic and not good. I also
want to learn about this topic. I have enrolled my self in the Master of
Science in Information Assurance @ Norwich University. They say this masters
prepares you for CISSP.

Any feedback would be great!!!

Thank You

Jose Arroyo



On 6/13/06, Erin Carroll <amoeba () amoebazone com> wrote:


Another thing to consider would be joining the SecurityFocus penetration
testing mailing list. There are always discussions going on about new
tools, techniques and scenarios, and other areas of interest for
pentesters. In addition to the suggestions you've received so far, you'll
get to interact with people in the business and your question on how to
get started would be a welcome topic to the list.

-Erin Carroll
Moderator, SecurityFocus pen-test list
"I drank what?"


On Tue, 13 Jun 2006, Michal Merta wrote:

> Hi all,
>
> I think that the best way how to start is to study tcp/ip, ipsec,
> application protocols, standards.
> If you want to be pen. tester, you have to have an excellent knowledge
> of these things.
> Michal
> Btw. it depends, but very often you should know social engineering and
> this stuff.
>
> On 12 Jun 2006 11:24:05 -0000, rahul.joshi2 () googlemail com
> <rahul.joshi2 () googlemail com> wrote:
>> Hi Guys,
>>
>>
>> Apologies if this has been asked before (and if this is posted in the
wrong
>> thread) but I am seeking advice on how to get into a career in Pen.
testing
>> and IT security.
>>
>>
>> I am based in the UK and have been a Java developer for the last 2.5years 
>> after leaving university. However security is where my interest lies
and I
>> would like to get into this sector.
>>
>>
>> My question is how? I have looked at many job adverts for pen. testers
>> however they all require people with 1 years+ experience in the field.
>>
>>
>> Should I pursue a certification such as the CEH first? Or are there
other
>> ways?
>>
>>
>> Your advice and suggestions would be greatly appreciated.
>>
>>
>> Thanks
>>
>>
>> Rahul
>>
>
>
> --
> Michal Merta
> Network Security Engineer
> http://www.misuta.cz
>
> The information contained in this electronic message and any
> attachments to this message are intended for the exclusive use of the
> addressee(s) and may contain proprietary, confidential or privileged
> information. If you are not the intended recipient, you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately and destroy all copies of this message and any
> attachments.
>





--
MCP Jose Arroyo
Gables Breeze Cocoplum Dr. # 15
Dorado PR 00646

"Deal with it !!!!!!!!"
Previous By Date Next
Previous By Thread Next

Current thread: