just got AAS, best BS (WGU) route to pentesting?

Hello guys, it's been awhile since I've been here but I'm loving all the info that still flows.

I just got my AAS at local community college and am going for a BS at WGU next (then MS). I would like to eventually get into Pen Testing. From what I understand, with no experience, when I start looking for a job (after BS) I will need to work in a different entry-level field such as networking or programming when I first start my job search (to get experience and foot in industry), and then trying to get into more of a security type of position after that.

I was hoping to get some opinions from some guys getting into or are already into pen testing as far as what kind of BS I should get and therefore what kind of field I would enter the industry doing, such as networking or programming or something else, knowing my end goal of becoming a pen tester? What is per se the best background to have (networking, programming, etc.) for an aspiring pen tester? I kind of feel like I am going to need to be well versed in kind of everything, but if you had to pick, what would it be?

Thanks a ton, I feel like the choice I make in which BS i decide to get is critical so any input is greatly appreciated!
IvyTech - AS CINS (Completed: May, 2013)
WGU Indiana - BS IT Security
(Started: August 1st, 2013)
Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
Required: SBT1 RGT1 RIT1

Comments

  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    You could pick up the programming on your own for the most part, so I would probably focus on networking and systems administration. Everything is networked and knowing how data flows through the stack will prove to be invaluable. From there I'd focus on whatever OS will get you a job and to begin to play with the command line in Linux on your own.

    http://www.infiltrated.net/pentesting101.html

    The above link should prove to be very helpful on your quest. Good luck!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • CoolAsAFanCoolAsAFan Member Posts: 239
    Thanks the_Grinch, this is kind of what I was expecting but wanted to make sure before I set anything in stone.
    edit: just read that article you provided, very good stuff, thank you so much for that!

    My plan was and I guess still is to: (all-the-while studying programming: C*, perl, python, php, etc, and getting better acquainted with Linux via CentOS)
    -get BS with CCNA and CCNA:sec
    -then get NOC entry-level and trying to get into Sec department when I can
    -get MS with CEH and CHFI (while working)
    -after MS evaluate the plethora of pen testing certs and go from there...

    I think this plan sets me up okay to get into pen testing, although I still have a looong way to go. If anyone has any advice or would deviate from my plan I would really love to hear how and why?

    I really appreciate all the advice and help on this site. I recommend to all my friends trying to get into IT to come here because of the friendly atmosphere and really great help and advice.
    IvyTech - AS CINS (Completed: May, 2013)
    WGU Indiana - BS IT Security
    (Started: August 1st, 2013)
    Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
    Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
    Required: SBT1 RGT1 RIT1
  • dmoore44dmoore44 Member Posts: 646
    @CoolAsAFan - I probably wouldn't focus on CentOS so much (maybe to get your feet wet as a one or two day introduction...) and instead would focus on BackTrack. BackTrack is used by the majority of PenTesters because it's already configured to do PenTesting (i.e. it comes with the majority of tools needed to perform a PenTest).
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • CoolAsAFanCoolAsAFan Member Posts: 239
    @dmoore44 Thank you for that. I have a BT5-GNOME-64 iso that I got for that very reason awhile back but never really played with it due to being intimidated lol. I will definitely get it up and running on a VM and play around for sure. I'm thinking I might just go through the wiki they have to learn BT5, or at least get acquainted with it and all the tools.
    IvyTech - AS CINS (Completed: May, 2013)
    WGU Indiana - BS IT Security
    (Started: August 1st, 2013)
    Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
    Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
    Required: SBT1 RGT1 RIT1
  • demonfurbiedemonfurbie Member Posts: 1,819
    if i were you id do the normal bs degree at wgu and then go into the masters for info sec

    the sec degree at wgu seams to be more centered around cisco so i think it would be best todo the faster degree (the standard one) and spec with certs and a masters after
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • SephStormSephStorm Member Posts: 1,732
    On the other hand, the cisco will give him the networking knowledge he needs, and an infosec nod on the resume, which is important, more so than the content of the degree. Try to pick up a few programming classes, try out backtrack (dont worry, plenty of videos on youtube, and securitytube.net.)

    I will say, imo, scratch CHFI off your list, look for a OSCP/E.
  • demonfurbiedemonfurbie Member Posts: 1,819
    true cisco will give him networking knowledge, however its cheaper to get it on your own after

    and if he gets chfi it will count to his masters at wgu, i totally agree that off sec certs are better in the end
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • CoolAsAFanCoolAsAFan Member Posts: 239
    Good info guys, thank you!

    @demonfurburbie I wondered about the cost effectiveness of getting certs on my own vs through WGU. If I do 6 classes per 6 month term, it comes to around $450 per class. It's a little more expensive than testing on my own (CCNA-$300, CCNA:S-$250), but through WGU, I at least have financial aid to help (really my deciding factor) as I'm currently unemployed. The knowledge of networks, as well as having a backup plan if I find pen testing not for me, are the main reasons I want to get CCNA, CCNA:S in the BS InfoSec at WGU.

    @sephstorm Thank you for confirming that getting the knowledge from CCNA will help towards my end goal. The link that the the_Grinch had mentioned network knowledge to be one of the first things I should learn on my road to pen testing as well. The CEH and CHFI come with the MS at WGU, or else I wouldn't do CHFI as I understand it's not really in the pen testing field, but more so forensics. I wish WGU offered more programming classes, but I really only see java. I will have to ask the guys in one of the WGU forums if they offer programming classes that I don't know about, and if we are allowed to take them if they don't count towards our degrees. If not I have plenty of tutorials and vids I've accumulated teaching all kinds of languages.

    The Off Sec certs are definitely what I would like to get into, as well as some of the more expensive GIAC ones. I feel I have a long ways to go before I can start studying for any of these though.

    Is it advisable or not to use BT5 as main OS (but most likely in VM) to learn about it? They say not to learn Linux with BT5, but I feel I have enough basic Linux knowledge that I should be fine. Or am I looking at this wrong and should only really use BT5 when playing with its tools?

    Also, would it be possible for someone to rank programming languages from maybe most important or most used to least important/used concerning pen testing? This would kind of give me some sort of structure as far as which languages to tackle first.

    Again, thanks a ton guys! Hopefully when I'm more knowledgeable I will be able to pay it forward on this site.
    IvyTech - AS CINS (Completed: May, 2013)
    WGU Indiana - BS IT Security
    (Started: August 1st, 2013)
    Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
    Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
    Required: SBT1 RGT1 RIT1
  • CoolAsAFanCoolAsAFan Member Posts: 239
    dbl post
    IvyTech - AS CINS (Completed: May, 2013)
    WGU Indiana - BS IT Security
    (Started: August 1st, 2013)
    Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
    Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
    Required: SBT1 RGT1 RIT1
  • demonfurbiedemonfurbie Member Posts: 1,819
    java is fine and fairly universal for pentesting ... i see a some prefer python.

    the java classes at wgu are no joke (in stuck in one right now)
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
Sign In or Register to comment.