On Friday 22 March 2002 05:13 am, Steven Boshuizen wrote: > In my understanding people with these skills come > from a UNIX background, having worked on projects > with VPN's, intrusion detection, administering and > implementations.
For the most part, it -does- seem that most pen-testers come from a UNIX background, but that isn't to say that people who use Windows cannot do the same work; They just have different skillsets. And yes, I don't know of anyone that jumped directly into pen-testing without doing something else in the tech industry previously... it just doesn't seem like something that you can just jump into. If anyone out there has jumped into the pen-testing industry without any previous experience in another IS field, I'd be interested to hear your stories. > Could anyone tell me that if I was > looking for a shit hot penetration tester what sort of > background would such a guy have, and what would > be the keyskills/ buzzwords that I would have to look > for so that I would know I am talking to an ace?? > Would appreciate any assistance. Background? Well only hire pen-testers that have had troubled childhoods, are anti-social, have no friends, et cetera; You know those will be the dedicated ones (just kidding). I think more importantly than checking someone's past work experience, school experience, and their exact skillsets, you must find someone who truly loves what he does, and has a passion for it (penetration testing that is). You can stick a trained (or untrained?) monkey in front of a computer and he might be able to get into -something- after banging random keys for a while, so it's not like we're talking about something for the elitists only. Make sure the person can not only do the tasks that are required upon hiring, but has a strong desire to keep current with the goings-on in the industry, and also has a desire to keep learning and developing his/herself. As far as you knowing if you're talking to an "ace"... If you know what you are looking for, you should be able to figure that one out... If you don't, look for the person who spouts out tech jargon that goes wayyy over your head? I'm writing this with the view that you are looking for someone, but if you are trying to find the words to fill your resume, sorry. Just my two cents on this issue, it's always a fun one to talk about, no matter how many times someone posts the same mail to the list. erik at digitaloffense dot net
