how can I become a full time pentester?

[kerpap]

No, I'm not going to ask "How do i become a pentester"

what I want to know is How did YOU become a pentester? What is a good course of action to find a job with a firm that does pentesting? what/who might they be looking for?

are there internships?

what if your experience is limited? for instance I have done security testing with back-track/kali but mostly white box stuff as part of my roll in general security. I am mostly self taught.

I want to get more experience and want to do this full time however it seems like a chicken and egg scenario where as in order to get a job pentesting I need experience but to get experience I need to have worked doing pentesting. OR I would have had to do black/grey hat type stuff. its not that easy to get access to a corporate network (legitimately) to practice on and practicing on my home network seems not enough.

I would guess that a "job interview" would consist of a lab. "here is a laptop, get from point A to B and avoid detection" or something like that to prove you understand the basics of pentesting (recon, foot printing, exploiting, cover your tracks reporting etc etc.)

maybe I am looking at it the wrong way I dont know. I dont know anyone else who even remotely comes close to being a "hacker" even within my peers at work. I know tons of people who can implement security solutions but none who can audit it strangely enough. I know a brilliant web coder and I asked him if he can help me audit web apps he said "I dont know how to hack".

what have some of your experiences been?

[Mr-Protocol]

Most places I've heard about are willing to teach if the desire and abilities are there. Taking Offensive Security's courses are a good place to start for training. I would also recommend going to some hacker cons and network, see if people are hiring, etc.

[kerpap]

Ive looked into offensive security. actually to correct myself from my previous post, I knew 1 coworker who was OSCP certified but was real secretive about it and has since moved away somewhere and I lost contact with him.

I took a class in college called "Ethical Hacking" and I have also taken an online class of the same name but found them to be very basic. more conceptual and less hands on.

sure we used NMAP and john and cain and able etc. but I never felt it gave me anything usable other than understanding the process of pentesing.

ive been scared to take the OSCP course as it is a huge chunk of change but more and more lately I find myself leaning towards doing it.

[digininja]

I'd strongly recommend the OSCP if you can afford it but if not how about Security Tube, loads of free stuff and then their paid for courses are a reasonable price and very good quality.

I'll also plug my own research data and talk video, Breaking in to Security http://www.digininja.org/projects/breaking_in_part_1.php and http://www.youtube.com/watch?v=LSrF3VGUrR0

As you aren't already skilled I'd suggest getting a job in a company who do security in some way and then make friends with the security department, see if you can then slowly slide over or at least help out and gain skills through them. You could try to get a job at the entry level but that will probably be a bit pay cut which is never good.

[kerpap]

Thanks for the feedback!

cheers!

[Coalminer22]

If you are looking to build your skills I would go so far to suggest you start with the basics of Harding a system first. Then follow that up with learning to measure the effectiveness of that single control.

example

- lock the ports down on a computer

- measure your efforts with a couple different port scanners

Keep going threw the ABC's of system hardening from a defense point of view. Learn to implement a security item then learn to how to verify it.

Comprehensive security from defense point is hard. You need to do everything, all the time, and do it well. While attacks can focus on a single crack.

From a money point of view I wouldn't pay for someone to come in and blow up my network (I already have stacks of reports and have more projects than time as well as access to tools like metasploit)

What I would see large company paying for is someone that can come in and make recommendations on how to fix (or prioritize) the issues they find after the pentest.

I could be wrong on this, maybe people are just doing it to check a pci compliance box or because they need help selling the need for security, but if that is the case I'd imagine they are looking for lowest bid to come in and isn't the point to make big money? :D

Also, don't under estimate the value of communication skills - you need to discus the scope of the attack thoroughly and present your findings afterwards. My current employer perked up during the interview when the topic of me presenting a large design project I had worked on came up. I think it helped stand out from the 80 other candidates they had.

I do get chances to test items on a larger system, but when I do it is normally after weeks of discussion and reflection on the possible risk, systems that could be effected, possibility of outside software doing something undocumented or having malicious program and if everyone is safe with me testing it or if the test needs should be done by another member of the team. Plus it helps I have worked to build trust.

B) The Future of security and pentest is going to move more in to the testing of application, web apps in particular

Recent issue by LinuxFormat "the hackers manual 2014" has on page 67 article about setting up a wordpress VM that in vulnerable then attacking it and learning to patch it. Also I would pay attention to the mention of OWASP ! We actively review and teach their items with our developers (side note: most of the issue isn't stuff a pentester would care about, but the section on web hacking alone is worth the cost IMHO)

alright, enough rambling for now