Re: Best route to penetration testing learning



The SANS courses are pretty good in that you will actually be learning useful information, not just information required to pass a test. Also, for a lot of Security Consultant jobs, either the CISSP or a GIAC cert is required so this is another reason to get involved with SANS.

In my opinion, books are great but they only get you so far. You only retain the knowledge in a book for so long unless it is put into practice. For reading I would recommend subscribing to security research and current pen testers blogs as you will get the most up to date content. When new attacks are posted, try to replicate them yourself inside of a VM lab, starting to do this will get your hands dirty to start. There are also plenty of challenges out there that can feed your skills, the more practice you get with these tools and familiarity with different methodologies and attacks the more you can support what's on your resume.

Also, consider taking a technical writing course, whether a free or local community college one, or whatever. Being a strong writer is the most important skill of all, at the end of a test no matter how skilled of a tester you are, if you deliver a bad report then that's all the customer sees. Make sure your resume reflects this skill as well as communication.

Robert Wood

--Sent from my iPhone.

On Jan 3, 2012, at 2:34 PM, wlandymore <will.landymore@xxxxxxxxxxx> wrote:


I'm new to penetration testing and recently took the CEH. I found that it was
pretty basic but I was wondering if people had some insight as to the best
route to take if you wanted to be a penetration testing engineer....

Any courses/books that are mandatory that will help get me on my way, or
other opinions as to how I can get into this?

Thanks.
--
View this message in context: http://old.nabble.com/Best-route-to-penetration-testing-learning-tp33074323p33074323.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------