Good advice Allison. In the last few months I have been trying to get more involved with the security community... its been hard because I have a reclusive streak to myself but I am working on it.
As for certs, do you have any suggestions? I have not tried to focus on certs just because my experience with getting my A+ and CISSP has left me feeling like certs are a joke that cover up for deeper deficiencies... but I have only attempted the A+ and CISSP. What certs are out there that you think would make someone stand out. As a follow up, do you think its worth the time it takes to get a cert (do you value knowing that someone has a standard level of knowledge)? Or would you think higher of someone that has job related experience? Thanks, Brian PS: Allison, I never get a chance to watch the podcasts, but whenever I hear them, I always picture you as Dr Park<http://en.wikipedia.org/wiki/Chi_Park>because you sound almost exactly like her. On Sat, Feb 23, 2013 at 8:52 AM, allison nixon <[email protected]> wrote: > My most generic advice is to: > 1. teach yourself how to do it and then > 2. convince the right person that you can do it > > is your current job related to security or not? get to know people in the > field because there is always a huge labor shortage and they will try to > hire you. > > if you're looking for part time pentesting work only, you're going to have > to get to know a lot of people because very few would be setup to contract > that stuff out piecemeal, and they would only do it to trusted people they > know anyways. very small pentesting companies are your best bet here. > > If you dont have any pentesting certs it would be wise to get some, but > may not be necessary if you have the skills and the right people know that. > > you're going to have your best luck getting a full time job. I know it > isn't easy to change large aspects of your life, but sometimes it's worth > it and you'll be a happier person in the long run. > > -Allison > > > > On Sat, Feb 23, 2013 at 12:07 AM, Brian Seel <[email protected]> wrote: > >> Note: I am trying to keep this email vague so it is generic >> for posterity's sake. I am trying to not make the question specific to my >> situation so others can use your advice. >> >> ========= >> >> So long time listener (pre Ep 100) who has been doing computer security >> related things for the last four years or so since college. I would really >> like to break into the pentesting arena, but I really like my current day >> job for a variety of reasons (pay definitely not being one of them). >> >> Basically, I would really like to do commercial pentesting on a part time >> basis, where I take a week or two off from my day job every few months and >> try to gain experience in the commercial realm and get my feet wet with a >> different way of approaching computer security. Within the next year I >> would love to leave my day job and do pentesting full time, but I dont feel >> confident enough just yet. As a bit of background, right now I am doing >> some Metasploit dev for my employer, but I am not able to do an end to end >> pentest. >> >> My question is if you have any advice about the best way to try to get a >> part time pentesting job. I am not under any illusion that trying to do >> pentesting part time is not going to be an easy sell. I know that, but I >> think my unique skill set will make *someone* want to take a flier on me. >> But, considering that most of you are probably pentesters, or in fields >> closely related, what would make you want to take someone on in a part time >> basis. Or is there really no case where you would consider that? >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > _________________________________ > Note to self: Pillage BEFORE burning. > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
