Another Pen Testing Thread...Really?

ConflagrateCarlConflagrateCarl Member Posts: 13 ■■■□□□□□□□
Hello all,

I have read through some of the other pen testing threads (I didn't have to go too far, the first page is literally full of them), and I guess I just wanted to get an idea of what people think in general about pen testing as it relates to the federal government or consulting part time.

Here's what I am thinking. I just recently went to the CNSS 4016-I Risk Analyst course, and a lot of guys there were either full time validators for DoD or they were moving into pen testing. It would seem the appropriate path for me would be to move forward with OSCP for my own good, and also follow the respective branch/organization process for becoming a member of the red team, or other entity to test their networks. You can see my certs on the left...but I will list them below as well. Thank you "zaaa" for the format...I'm using it since I like the way it was laid out.

My Experience:
  • 4 years of T1-T2 Helpdesk/Hardware support
  • 1 year of imaging and XP->7 migrations for an 8k+ machine environment
  • 3 years of Sys Admin experience / primarily Windows with a touch of Linux
  • 1 year as a CND Analyst (ArcSight, Sourcefire, Netscout, Wireshark, NetWitness)
  • 2 years as an IA policy geek
  • 2 years as a Network Admin in a primarily Cisco based environment
My Education:
  • B.S. in Information Technology - Security
  • A.A.S. in Applied Computer Studies
My Certs:
  • Comptia A+
  • CompTIA Net+
  • CompTIA Sec+
  • CompTIA Linux+
  • CompTIA Project+
  • Cisco CCNA
  • Cisco CCNA Security
  • LPI LPIC-1
  • EC-Council C|EH
  • CIW (Web Design Specialist, JavaScript Specialist, Database Design Specialist)
  • CNSS 4016-I Risk Analyst
My Cert Plan:
  • OSCP

I would say that's pretty much it. At this point, I think it's best to just get my hands on some sort of programming/scripting action...(python etc.), and go from there. That sound about right? I know that I will need a home lab and that's not a problem. I have a good bit of experience with tool suites like BackTrack...but my experience was more like 4-5 years ago when I was hardcore about InfoSec. Then I became a CND Analyst...got burnt out looking at packets all day and went back to IA and Compliance. Which is where I sit now. It's not that I don't like paperwork, because I do like to research and type; it's just that I don't like ONLY doing paperwork. I also want to retain technical skills and knowledge.

Of course, I've been saying I need to figure out where I want to go with my career for 5 years now and I'm still not sure haha.
M.S.(Cyber/IA), CISSP, GCIA, CEH, CASP+, Sec+, Net+, A+, Project+, Linux+

Comments

  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    If you're looking to get into penetration testing, then I would definitely go for it.
    You seem to have a solid background and would do well in the course.
  • ConflagrateCarlConflagrateCarl Member Posts: 13 ■■■□□□□□□□
    MrAgent wrote: »
    If you're looking to get into penetration testing, then I would definitely go for it.
    You seem to have a solid background and would do well in the course.

    Thanks for the response! I actually saw your blog in your sig and went and read through your whole OSCP writeup. Sickness...of the greatest kind haha. That is awesome man, you should be super proud of your accomplishment. :) Motivational beyond words, that's for sure. icon_thumright.gificon_thumright.gif
    M.S.(Cyber/IA), CISSP, GCIA, CEH, CASP+, Sec+, Net+, A+, Project+, Linux+
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    I am glad it helped! My career path may be changing and I may end up going for the OSCE instead of the CISSP this summer. If I manage to pass that beast, then I will feel really accomplished!
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Jason...I was actually thinking about finally taking the plunge and going for OSCE in Q3. Spending Q2 knocking out all of the PenTester academy and Corelan content I can get my hands on.

    What were you thinking for your start time?
  • ConflagrateCarlConflagrateCarl Member Posts: 13 ■■■□□□□□□□
    NovaHax wrote: »
    Jason...I was actually thinking about finally taking the plunge and going for OSCE in Q3. Spending Q2 knocking out all of the PenTester academy and Corelan content I can get my hands on.

    What were you thinking for your start time?

    What in the heck NovaHax? First you come in and haxor my thread....psssh. icon_lol.gif Then you have to put all those certs on the left like anybody REALLY has all those. Haha. I'm just kidding...but holy cow, that's a lot of goodness there. You must have had a pretty darn good idea of what you wanted to do when you started because everything lines up with one simple concept. InfoSec to the extreme. Good stuff indeed. Guess I'm about a decade late, and a few thousand $$$ short. Haha. Cheers to you and Jason!
    M.S.(Cyber/IA), CISSP, GCIA, CEH, CASP+, Sec+, Net+, A+, Project+, Linux+
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    If I do it it'll be in the summer.

    On topic.
    @OP do you think you will sign up for the OSCP? Let us know if you do.
Sign In or Register to comment.