NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2009-05

Re: Skills needed to become a Security Expert and Penetration Tester?

From: Joseph McCray (joelearnsecurityonline.com)
Date: Sat May 02 2009 - 18:16:35 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'd say that you are on the right track Chip.

I think interpreted languages like Perl, Python, and Ruby might be more
helpful than languages like C++, and I think getting really comfortable
on the web application security side of the house is important as well.

The bottom line is you can't go wrong as long as you are always trying
to improve. For me when I'm interviewing pentesters the key thing I look
for is the background.

1. Are they comfortable with Linux/Unix? If so - how comfortable?
2. Are they comfortable with Windows/Active Directory? If so - how
comfortable?
3. Can you program? If so - what languages? Any database experience?
4. Can you problem solve? And can you find solutions that work for the
customer's technical and political environment?
5. Are you comfortable interfacing with people that aren't very
technical (i.e. senior management)?
6. Are you comfortable writing technical documentation because believe
me - you will be writing a lot of it as a pentester.

I hope this helps you out Chip.

--
Joe McCray

Toll Free: 1-866-892-2132
Email: joelearnsecurityonline.com
LinkedIn: http://www.linkedin.com/in/joemccray
Twitter: http://twitter.com/j0emccray
Website: http://www.learnsecurityonline.com

Video of my Advanced SQL Injection Presentation:
http://vimeo.com/3418947

"The only thing worse than training good employees and losing them
is NOT training your employees and keeping them."

- Zig Ziglar

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]