Do you like CTF challenges? If you have this kind of event near you, it's a good place to expand your networking and show your skills. Create a blog and write the challenges solutions up.
Also there is a lot of CTF events that you can participate from the web, take a look at these sites: http://ctftime.org/ http://sysexit.wordpress.com/ http://techblog.rosedu.org/ Although CTF events aren't exactly a real world pentest ( In CTF you already know that something is vulnerable and you don't have to write a professional report) they will require that you have the technical knowledge. Em domingo, 24 de fevereiro de 2013, Brian Seel escreveu: > Good advice Allison. In the last few months I have been trying to get more > involved with the security community... its been hard because I have a > reclusive streak to myself but I am working on it. > > As for certs, do you have any suggestions? I have not tried to focus on > certs just because my experience with getting my A+ and CISSP has left me > feeling like certs are a joke that cover up for deeper deficiencies... but > I have only attempted the A+ and CISSP. What certs are out there that you > think would make someone stand out. > > As a follow up, do you think its worth the time it takes to get a cert (do > you value knowing that someone has a standard level of knowledge)? Or would > you think higher of someone that has job related experience? > > Thanks, > > Brian > > PS: Allison, I never get a chance to watch the podcasts, but whenever I > hear them, I always picture you as Dr > Park<http://en.wikipedia.org/wiki/Chi_Park>because you sound almost exactly > like her. > > On Sat, Feb 23, 2013 at 8:52 AM, allison nixon > <[email protected]<javascript:_e({}, 'cvml', '[email protected]');> > > wrote: > >> My most generic advice is to: >> 1. teach yourself how to do it and then >> 2. convince the right person that you can do it >> >> is your current job related to security or not? get to know people in >> the field because there is always a huge labor shortage and they will try >> to hire you. >> >> if you're looking for part time pentesting work only, you're going to >> have to get to know a lot of people because very few would be setup to >> contract that stuff out piecemeal, and they would only do it to trusted >> people they know anyways. very small pentesting companies are your best >> bet here. >> >> If you dont have any pentesting certs it would be wise to get some, but >> may not be necessary if you have the skills and the right people know that. >> >> you're going to have your best luck getting a full time job. I know it >> isn't easy to change large aspects of your life, but sometimes it's worth >> it and you'll be a happier person in the long run. >> >> -Allison >> >> >> >> On Sat, Feb 23, 2013 at 12:07 AM, Brian Seel >> <[email protected]<javascript:_e({}, 'cvml', '[email protected]');> >> > wrote: >> >>> Note: I am trying to keep this email vague so it is generic >>> for posterity's sake. I am trying to not make the question specific to my >>> situation so others can use your advice. >>> >>> ========= >>> >>> So long time listener (pre Ep 100) who has been doing computer security >>> related things for the last four years or so since college. I would really >>> like to break into the pentesting arena, but I really like my current day >>> job for a variety of reasons (pay definitely not being one of them). >>> >>> Basically, I would really like to do commercial pentesting on a part >>> time basis, where I take a week or two off from my day job every few months >>> and try to gain experience in the commercial realm and get my feet wet with >>> a different way of approaching computer security. Within the next year I >>> would love to leave my day job and do pentesting full time, but I dont feel >>> confident enough just yet. As a bit of background, right now I am doing >>> some Metasploit dev for my employer, but I am not able to do an end to end >>> pentest. >>> >>> My question is if you have any advice about the best way to try to get a >>> part time pentesting job. I am not under any illusion that trying to do >>> pentesting part time is not going to be an easy sell. I know that, but I >>> think my unique skill set will make *someone* want to take a flier on me. >>> But, considering that most of you are probably pentesters, or in fields >>> closely related, what would make you want to take someone on in a part time >>> basis. Or is there really no case where you would consider that? >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] <javascript:_e({}, 'cvml', >>> '[email protected]');> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> >> -- >> _________________________________ >> Note to self: Pillage BEFORE burning. >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] <javascript:_e({}, 'cvml', >> '[email protected]');> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > -- []'s Danilo Nascimento
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
