Author Topic: Security/Penetration Testing Career Change  (Read 1853 times)

vagon

  • Stubble
  • **
  • Posts: 238
  • Location: Sydney
Security/Penetration Testing Career Change
« on: July 28, 2015, 09:30:39 PM »
I believe I have a fairly good shot at a path into security with my existing company, which I also believe is an industry in high demand and pays well.
I know how to code at a reasonable level, understand network and sysadmin basics. I also understand the underlying concepts of security and am frequently a consumer of my companies penetration tests, but lack any practical experience in the field.
My thoughts were to give a couple of SANS and EC-council courses a go, try some stuff out on my own, do some shadowing at work and then aim for OCSP or SANS 660 after getting more hands on experience.
I had a couple of questions for anyone in the security arena:
  • Am I on the right track in terms of my theoretical progression?
  • How hard is it to get proficient in this area?
  • Is it an interesting field?
  • Any other general thoughts/tips?

RyanAtTanagra

  • Handlebar Stache
  • *****
  • Posts: 1316
  • Location: Sierra Mountains
Re: Security/Penetration Testing Career Change
« Reply #1 on: July 29, 2015, 11:06:59 AM »
Commenting to bump and follow.  I'm always going back and forth on getting into security/system auditing/pen testing/etc.  I enjoy system and network security in general and it seems like a field that would be constantly challenging, but there's also A LOT of drudgery from what I can see.

Mother Fussbudget

  • Pencil Stache
  • ****
  • Posts: 839
  • Age: 62
  • Location: Indianapolis, IN
Re: Security/Penetration Testing Career Change
« Reply #2 on: July 29, 2015, 05:31:42 PM »
Have you guys gotten into any non-work-related "white-hat hacking" activities on-the-side to try to learn more about security in a hands on way?

vagon

  • Stubble
  • **
  • Posts: 238
  • Location: Sydney
Re: Security/Penetration Testing Career Change
« Reply #3 on: July 29, 2015, 06:14:51 PM »
Yeah I've done some of the free tutorials around the place, but (and this could just be marketing) my suspicion is the quality compromised sandbox environments are all part of some fairly expensive courses. Could be that the free ones really are enough though, which is why I wanted to get some community views on the worthiness of the courses I mentioned earlier.