One thing that I can't recommend enough is the training from Offensive Security. The reason I like this training/cert is that not only do you learn the tools and techniques of how to conduct a pen test, you also need to show it in a practical exam.
This also includes the most important element of pen testing…the reporting. You could be the most elite kernel hacker but if you can't document findings to a variety of people (technical and non techicanl) you've wasted a lot of time. http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/ On Feb 23, 2013, at 12:07 AM, Brian Seel <[email protected]> wrote: > Note: I am trying to keep this email vague so it is generic for posterity's > sake. I am trying to not make the question specific to my situation so others > can use your advice. > > ========= > > So long time listener (pre Ep 100) who has been doing computer security > related things for the last four years or so since college. I would really > like to break into the pentesting arena, but I really like my current day job > for a variety of reasons (pay definitely not being one of them). > > Basically, I would really like to do commercial pentesting on a part time > basis, where I take a week or two off from my day job every few months and > try to gain experience in the commercial realm and get my feet wet with a > different way of approaching computer security. Within the next year I would > love to leave my day job and do pentesting full time, but I dont feel > confident enough just yet. As a bit of background, right now I am doing some > Metasploit dev for my employer, but I am not able to do an end to end pentest. > > My question is if you have any advice about the best way to try to get a part > time pentesting job. I am not under any illusion that trying to do pentesting > part time is not going to be an easy sell. I know that, but I think my unique > skill set will make *someone* want to take a flier on me. But, considering > that most of you are probably pentesters, or in fields closely related, what > would make you want to take someone on in a part time basis. Or is there > really no case where you would consider that? > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
