Security/ Penetration Tester Advice Needed
M3Cody
Member Posts: 19 ■□□□□□□□□□
Hey Guys,
My log term goal is to be a penetration tester. I currently have an A+ Cert and a few years of Help Desk/Desktop Support.
I just got laid off from my job and want to take some time and get some certs.
So what's my next steps? What certs would you recommend I get and what title should I shoot for my next job?
My log term goal is to be a penetration tester. I currently have an A+ Cert and a few years of Help Desk/Desktop Support.
I just got laid off from my job and want to take some time and get some certs.
So what's my next steps? What certs would you recommend I get and what title should I shoot for my next job?
Comments
-
NovaHax Member Posts: 502 ■■■■□□□□□□Cert wise...probably CEH or Sec+.
But really, just start learning everything you can. Every language you can. How info systems work. It never ends and you will never catch up. Just so you know what you're in for. -
M3Cody Member Posts: 19 ■□□□□□□□□□Cert wise...probably CEH or Sec+.
But really, just start learning everything you can. Every language you can. How info systems work. It never ends and you will never catch up. Just so you know what you're in for.
Yah, Ill pretty much be forever learning and trying to stay up on everything. I just know trying to get into the field with an A+ and some help desk wont get me in. -
NovaHax Member Posts: 502 ■■■■□□□□□□If you are wanting to get hands on experience, enroll in a eLearn Security or Offensive Security course.
-
docrice Member Posts: 1,706 ■■■■■■■■■■Make sure your foundations are good. You can learn all the pentesting tools out there, but if you lack solid grounding on the fundamentals, your ability to choose/use tools and make judgement calls will result in you standing on shaky ground. If you're going to hand someone a report on findings, you're inevitably going to get questioned/challenged on it. For these inevitable events, you better be able to back up your claim with (IT-scientific) proof and be able to communicate resolutions in a way that's meaningful to your client.
So while getting "security certs" is all fine and dandy, make sure you understand common principles. Networking is a good start, and maybe solid Windows and Linux skills. Many things in the pentest world stem from these basic things which are essentially typical system/network admin functions. Learning these well will help glue together your understanding of the various parts which make up the digital ecosystem.
Above all else, you must learn to dig while having a never-satisfied curiosity and hunger to probe further. In many ways, your ability to be a good pentester will depend on your capability to improvise and think creatively, which ultimately requires knowing the fundamentals down cold.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
JaneDoe Member Posts: 171Play practical jokes on your friends that involve hacking things. I don't suggest you do anything malicious, just enough to get them to laugh and ask how you did it. Pay attention the mistakes people make that let you do that easily. Fix the vulnerabilities that let you do these things if you can.
-
M3Cody Member Posts: 19 ■□□□□□□□□□Make sure your foundations are good. You can learn all the pentesting tools out there, but if you lack solid grounding on the fundamentals, your ability to choose/use tools and make judgement calls will result in you standing on shaky ground. If you're going to hand someone a report on findings, you're inevitably going to get questioned/challenged on it. For these inevitable events, you better be able to back up your claim with (IT-scientific) proof and be able to communicate resolutions in a way that's meaningful to your client.
So while getting "security certs" is all fine and dandy, make sure you understand common principles. Networking is a good start, and maybe solid Windows and Linux skills. Many things in the pentest world stem from these basic things which are essentially typical system/network admin functions. Learning these well will help glue together your understanding of the various parts which make up the digital ecosystem.
Above all else, you must learn to dig while having a never-satisfied curiosity and hunger to probe further. In many ways, your ability to be a good pentester will depend on your capability to improvise and think creatively, which ultimately requires knowing the fundamentals down cold.
VERY helpful thank you! Good points to. -
bobloblaw Member Posts: 228I agree with everything docrice said.
To add, the single most common thing you will see in InfoSec is that no one ever started in InfoSec. Everyone always comes from another primary background (Sys admin, network engineer, dba, etc.). This could change in years to come, but no one is going to expect someone to perform a security audit/pen test of their Windows domain when that person hasn't ran a Windows domain (same for their network, unix systems, etc). -
lsud00d Member Posts: 1,571Also, look for events in your area. I participated in a multiple-site CTF (capture the flag) cybersecurity exercise and it really helped to see all of the moving pieces working simultaneously in the big puzzle.
Watch videos from DEFCON. Stay current with security related blogs. Follow CVE's. Go through the Metasploit Unleashed course. Etc.