Another Pen Testing Thread...Really?

Hello all,

I have read through some of the other pen testing threads (I didn't have to go too far, the first page is literally full of them), and I guess I just wanted to get an idea of what people think in general about pen testing as it relates to the federal government or consulting part time.

Here's what I am thinking. I just recently went to the CNSS 4016-I Risk Analyst course, and a lot of guys there were either full time validators for DoD or they were moving into pen testing. It would seem the appropriate path for me would be to move forward with OSCP for my own good, and also follow the respective branch/organization process for becoming a member of the red team, or other entity to test their networks. You can see my certs on the left...but I will list them below as well. Thank you "zaaa" for the format...I'm using it since I like the way it was laid out.

My Experience:

4 years of T1-T2 Helpdesk/Hardware support
1 year of imaging and XP->7 migrations for an 8k+ machine environment
3 years of Sys Admin experience / primarily Windows with a touch of Linux
1 year as a CND Analyst (ArcSight, Sourcefire, Netscout, Wireshark, NetWitness)
2 years as an IA policy geek
2 years as a Network Admin in a primarily Cisco based environment

My Education:

B.S. in Information Technology - Security
A.A.S. in Applied Computer Studies

My Certs:

Comptia A+
CompTIA Net+
CompTIA Sec+
CompTIA Linux+
CompTIA Project+
Cisco CCNA
Cisco CCNA Security
LPI LPIC-1
EC-Council C|EH
CIW (Web Design Specialist, JavaScript Specialist, Database Design Specialist)
CNSS 4016-I Risk Analyst

My Cert Plan:

OSCP

I would say that's pretty much it. At this point, I think it's best to just get my hands on some sort of programming/scripting action...(python etc.), and go from there. That sound about right? I know that I will need a home lab and that's not a problem. I have a good bit of experience with tool suites like BackTrack...but my experience was more like 4-5 years ago when I was hardcore about InfoSec. Then I became a CND Analyst...got burnt out looking at packets all day and went back to IA and Compliance. Which is where I sit now. It's not that I don't like paperwork, because I do like to research and type; it's just that I don't like ONLY doing paperwork. I also want to retain technical skills and knowledge.

Of course, I've been saying I need to figure out where I want to go with my career for 5 years now and I'm still not sure haha.

Find more posts tagged with

Comments

MrAgent

If you're looking to get into penetration testing, then I would definitely go for it.
You seem to have a solid background and would do well in the course.

ConflagrateCarl

MrAgent wrote: »

If you're looking to get into penetration testing, then I would definitely go for it.
You seem to have a solid background and would do well in the course.

Thanks for the response! I actually saw your blog in your sig and went and read through your whole OSCP writeup. Sickness...of the greatest kind haha. That is awesome man, you should be super proud of your accomplishment.

Motivational beyond words, that's for sure.

MrAgent

I am glad it helped! My career path may be changing and I may end up going for the OSCE instead of the CISSP this summer. If I manage to pass that beast, then I will feel really accomplished!

NovaHax

Jason...I was actually thinking about finally taking the plunge and going for OSCE in Q3. Spending Q2 knocking out all of the PenTester academy and Corelan content I can get my hands on.

What were you thinking for your start time?

ConflagrateCarl

NovaHax wrote: »

Jason...I was actually thinking about finally taking the plunge and going for OSCE in Q3. Spending Q2 knocking out all of the PenTester academy and Corelan content I can get my hands on.

What were you thinking for your start time?

What in the heck NovaHax? First you come in and haxor my thread....psssh.

Then you have to put all those certs on the left like anybody REALLY has all those. Haha. I'm just kidding...but holy cow, that's a lot of goodness there. You must have had a pretty darn good idea of what you wanted to do when you started because everything lines up with one simple concept. InfoSec to the extreme. Good stuff indeed. Guess I'm about a decade late, and a few thousand $$$ short. Haha. Cheers to you and Jason!

MrAgent

If I do it it'll be in the summer.

On topic.
@OP do you think you will sign up for the OSCP? Let us know if you do.