Career Advice Needed: My end-goal is to be a penetration tester

TextbookTextbook Member Posts: 5 ■□□□□□□□□□
Hi everyone! I just joined these forums after seeing a post made by Keatron, as I felt like this forum has some really helpful and wise members. My only hope is that down the road I can help others like you have all helped countless people (and hopefully myself! )

I'd like to eventually, one day, work as a network penetration tester. That's my dream job. After reading in countless places when I was younger, this job is only achieved after climbing the "IT **** ladder" as I've heard it called. Starting at support desk, and growing your way up while obtaining certifications, etc.

My question(s) to you are:
1. What is the wisest (not fastest, not easiest, not anything other than smartest/wisest) certification path to pursue (in your opinion, obviously nothing here would be 100% fact):
2. Do you have any links or information as to the best way to setup a lab machine for hands-on practice at home? I've found a few that were either behind my means, or would be hard to tailor to my situation. (I have 1 desktop [lab/host machine] and 1 laptop [my pentesting laptop with Kali]). I'd obviously be using virtualization software to run a few OS's in certain realistic network configurations with free open source firewalls, etc. This was a terrible question.. just if you have any information that would be helpful, I would love to hear it. Thanks and sorry for this utterly ridiculous lengthed "question" lol.
3. Is there a way to skip the "lower rungs of the ladder" ?What was your personal path? What would you have done with yourself back when you were in college if you had known what you know now? What advice would you give to someone like me in this regard?
4. How realistic is it to live off of the salary of being a penetration tester? I've heard a (terrifying) variation in salaries between people. I live in Atlanta, Georgia (USA) currently.


If you have any other knowledge or advice that you feel would be helpful, please do share it! You know more than I do. I want to know even what I wasn't smart enough to ask about! Knowledge is power, and knowledge is interesting icon_study.gif


Thank you so much for your time, advice, and everything,
Austin

Comments

  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    1) CEH, GCIH, GPEN, GWAPT, OSCP
    2)Buy the book advanced penetration testing - the ultimate security guide. Best internal lab recommendation ever, 1 Backtrack Kali, 1 Unbuntu, 2 Kioppix, 1 pfsense firewall, 1 windows workstation; even comes with load balancer on an internal website. You should also set up webgoat on one of these machine.
    3) Yes, out of 10 resume, only 3 are applicable with IT Security skills. Fall into secondary consideration, the company may drop the primary consideration because of budget problem, sometimes it could also be due to much headcount requirement and they run out of primary consideration and that is how you would get in.
    4) If penetration testing in your area is mature, its very realistic, on higher end you can climb up to being an exploit researcher for companies like nessus, fireEye, core impact, you can earn up to 100k to 150k or even higher when you become the team lead. On extreme case like Kevin Johnson, he had his own company (secure ideas) and he is earning a living as an CEO while at the same time being penetration tester

    Read more.

    http://www.techexams.net/forums/jobs-degrees/87522-career-penetration-tester.html
    http://www.techexams.net/forums/security-certifications/100679-path-advice.html
  • LinuxNerdLinuxNerd Member Posts: 83 ■■□□□□□□□□
    LionelTeo wrote: »
    1) CEH, GCIH, GPEN, GWAPT, OSCP
    2)Buy the book advanced penetration testing - the ultimate security guide. Best internal lab recommendation ever, 1 Backtrack Kali, 1 Unbuntu, 2 Kioppix, 1 pfsense firewall, 1 windows workstation; even comes with load balancer on an internal website. You should also set up webgoat on one of these machine.
    3) Yes, out of 10 resume, only 3 are applicable with IT Security skills. Fall into secondary consideration, the company may drop the primary consideration because of budget problem, sometimes it could also be due to much headcount requirement and they run out of primary consideration and that is how you would get in.
    4) If penetration testing in your area is mature, its very realistic, on higher end you can climb up to being an exploit researcher for companies like nessus, fireEye, core impact, you can earn up to 100k to 150k or even higher when you become the team lead. On extreme case like Kevin Johnson, he had his own company (secure ideas) and he is earning a living as an CEO while at the same time being penetration tester

    Read more.

    http://www.techexams.net/forums/jobs-degrees/87522-career-penetration-tester.html
    http://www.techexams.net/forums/security-certifications/100679-path-advice.html

    Excellent advice here. Great thread.
  • TextbookTextbook Member Posts: 5 ■□□□□□□□□□
    LionelTeo wrote: »
    1) CEH, GCIH, GPEN, GWAPT, OSCP
    2)Buy the book advanced penetration testing - the ultimate security guide. Best internal lab recommendation ever, 1 Backtrack Kali, 1 Unbuntu, 2 Kioppix, 1 pfsense firewall, 1 windows workstation; even comes with load balancer on an internal website. You should also set up webgoat on one of these machine.
    3) Yes, out of 10 resume, only 3 are applicable with IT Security skills. Fall into secondary consideration, the company may drop the primary consideration because of budget problem, sometimes it could also be due to much headcount requirement and they run out of primary consideration and that is how you would get in.
    4) If penetration testing in your area is mature, its very realistic, on higher end you can climb up to being an exploit researcher for companies like nessus, fireEye, core impact, you can earn up to 100k to 150k or even higher when you become the team lead. On extreme case like Kevin Johnson, he had his own company (secure ideas) and he is earning a living as an CEO while at the same time being penetration tester

    Read more.

    http://www.techexams.net/forums/jobs-degrees/87522-career-penetration-tester.html
    http://www.techexams.net/forums/security-certifications/100679-path-advice.html

    Hey LionelTeo,
    Thanks for the very high quality post and advice. I've ordered that book and am anxious (in a good way) to setup my lab and start playing and learning :) I'm glad penetration testing and other fields very closely related can make a (good) living, as that's not something I've thought to ask/find out up until this point. I'm looking into the URL's you've provided now.
    Thank you again so much. Your post was greatly appreciated!
    Austin
Sign In or Register to comment.