What is the biggest "problem" becoming a Professional Pentester

listerlister Member Posts: 38 ■■□□□□□□□□
in Other Security Certifications
I am thinking about pursuing a career in InfoSec - ive posted a few other threads on qualifications etc but what do you reckon is my biggest problem or better said challenge?

Is it persuading an employer that I am skilled enough or experienced enough or "clever" enough to think out of the box?

Thanks icon_rolleyes.gif kinda confused - just want to make sure that this is the right path for me!

Or let me ask another thing, especially if you are a PenTester yourself: why did you become a PenTester?
Did it just happen or did you seek out that role?

(To be honest I want to be a PenTester just cause it looks like the more fun side)

Thanks for all replies..
· Share on FacebookShare on Twitter

Comments

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    What does your current IT work experience look like? Nobody really gets into infosec without some years doing standard IT stuff because you need technology fundamentals if you're going to do security and pentest work. If you already have a good grasp of operating system, application, and networking principles as well as practical experience managing them in various environments, you'll be better equipped to know your way around a client's environment when you're performing vulnerability assessments. There's a ton of minutia involved and you'll be held accountable for them.

    I see a lot of people wanting to get into pentesting because they see the sexy side of it - the recon, the mapping, the breaking in... But a good portion of the work is writing reports. Strong communication skills (especially writing) is very much a requirement. You have to be able to convey the problem, support your findings with evidence, and recommend fixes. At the end of the day, you're responsible for every single packet that you send out and that requires a deep understanding of what's in the traffic and knowing exactly how your tools operate. You don't want to inadvertently damage a target network that's in scope.

    Being in infosec generally requires a certain degree of creativity, improvisational skills, as well as determination. It's fast-paced, very strenuous, and you'll be expected to keep up with a lot of new information on an ongoing basis which requires a core dedication to constantly reading and growing. It's a rigorous mental exercise that not everyone understands or is prepared for. This is for both the defense and offensive sides.

    It's good to have an interest, but understand your real motivation and what's driving you. Reality may not necessarily correspond with your expectations.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    · Share on FacebookShare on Twitter
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    I like your replay, require constant preparation (study a lot), experience in IT, it is a good field but require a lot of self study and discipline.

    I remember one time, testing one Windows 2003 server and got shell attacking the dns, it felt good but not when the users called you saying that they could not reach any site in internet, lol. It is interesting but you need to know what will happen with some exploits.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

    · Share on FacebookShare on Twitter
Sign In or Register to comment.