How to be a pentester?

[evilwit]

I am doing my 12th.I am intrested in ethical hacking and penetration testing, so I want to make my career out of it.I am not intrested in programmig so don't want to study it.Thinking of doing CEH but confused about graduation.I have two ways in my mind
1>After 12th do a graduation program like BCA or B.tech from India and then do some ethical hacking courses.
2>Do a specialized graduation program in Cyber Security from abroad and then do CEH or courses like it to strengthen my CV.
Which one is more effective?
so whats your take?
thanks

 

[cute.bandar]

IMHO to be a pentester, you will need to know programming , at least the basics of it.

To answer your question, try this site: *pentesterlab.com/

This search will also put you in the right direction : *www.google.co.in/search?q=link:*pentesterlab.com/&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest

btw the links are posted are more of self teaching aids/guide. If there are courses to learn penetration testing, then I have no idea about them.

 

[evilwit]

IMHO to be a pentester, you will need to know programming , at least the basics of it.

To answer your question, try this site: *pentesterlab.com/

This search will also put you in the right direction : *www.google.co.in/search?q=link:*pentesterlab.com/&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest


btw the links are posted are more of self teaching aids/guide. If there are courses to learn penetration testing, then I have no idea about them.

Thanks.
Other geeks please help me>

 

[ratul]

I have completed my CEH last month with 96% with 6 months experience in defensive security, and now searching for a job in offsec, and what i have learnt till now, to be a Pentester, Certificates only matter with your experience, certificates just certifies you legally that you know the job, but you should have relative experience with certification to be more efficient, just doing CEH with no experience is not worth, Pentesting is a high level profile in infosec which needs almost 5 yrs of relative experience (can be like an analyst, network admin etc.) and some more certifications (OSCP is the best acc to me, CCIE as industrial standard).
Firstly concentrate on your studies, do either B.Tech or BSc in Computers as most of the companies do require atleast a bachelor in IT for offsec.
Next, after your graduation, companies normally look for one defensive certificate and one offensive certificate in your arsenal, try to grab a networking job and do CCNA->CCNP Security certificates, which would provide the defensive part, and after that you can either do CEH or Security+ for the offensive part, after that you can be a InfoSec Analyst or in a similar profession for some time, collect more certificates as described and then after 4-5yrs. of experience, you can try for penetration tester profile.

(or if you grow out to be an exceptional hacker, then the story might be slightly different.. )

Edit: As for the programming part, if you hate it, you cannot be a successful pentester, a pentester is expected to be able to write his own scripts and exploits, which needs very specialized coding and reverse engineering skills, so you need to work on that..

 

[evilwit]

I have completed my CEH last month with 96% with 6 months experience in defensive security, and now searching for a job in offsec, and what i have learnt till now, to be a Pentester, Certificates only matter with your experience, certificates just certifies you legally that you know the job, but you should have relative experience with certification to be more efficient, just doing CEH with no experience is not worth, Pentesting is a high level profile in infosec which needs almost 5 yrs of relative experience (can be like an analyst, network admin etc.) and some more certifications (OSCP is the best acc to me, CCIE as industrial standard).
Firstly concentrate on your studies, do either B.Tech or BSc in Computers as most of the companies do require atleast a bachelor in IT for offsec.
Next, after your graduation, companies normally look for one defensive certificate and one offensive certificate in your arsenal, try to grab a networking job and do CCNA->CCNP Security certificates, which would provide the defensive part, and after that you can either do CEH or Security+ for the offensive part, after that you can be a InfoSec Analyst or in a similar profession for some time, collect more certificates as described and then after 4-5yrs. of experience, you can try for penetration tester profile.

(or if you grow out to be an exceptional hacker, then the story might be slightly different.. )

Edit: As for the programming part, if you hate it, you cannot be a successful pentester, a pentester is expected to be able to write his own scripts and exploits, which needs very specialized coding and reverse engineering skills, so you need to work on that..

Thanks for the reply.It helped a lot.
I want to ask you few things.
Will I have to do Btech or can I do graduate programme on cyber security offered by international universities?What are the other graduate programme I can look for?like BCA?Can I do CEH now?I will prefer studying abroad or if in India then correspondence.

 

[ratul]

Thanks for the reply.It helped a lot.
I want to ask you few things.
Will I have to do Btech or can I do graduate programme on cyber security offered by international universities.
What are the other graduate programme I can look for?like BCA?

Any bachelor degree (BTech, Bsc, BCA) related to computers should be sufficient, most of the companies just need a computer graduate as the base requirement. For a more realistic idea of current scenario in india for infosec, do look at the jobs and qualifications asked here: All jobs

Can I do CEH now?I will prefer studying abroad or if in India then correspondence.

If you want to do CEH to gain knowledge, then let me tell you one thing, it's very basic and most of the technical stuff there can be learned from internet if you know the right path, and as per some forensics and guidelines stuff, that comes from professional experience in an organization. It could look good on paper, but as i said previously, certification is nothing without experience, it's just a legal stamp on your resume that you officially know and practice that stuff currently, even CEH's eligibility page (Application Process Eligibility) states that if you don't attend their official training camp, then atleast two years experience is recommended, though you can do CEH once you get a job in similar profile and then can work on building up your arsenal.

Concentrate on you graduate program currently, don't rush into CEH right now, it's meant to be done when you are in the corporate world, do self learning while in college, practice pentesting by setting up your virtual lab in VM, and try to read as much related to security as possible, stay updated. Just by doing this correctly, you would be far above the CEH level when you'll graduate from college. And try to attend some security meets near your area while in college, it really helps a lot..

 

[evilwit]

Any bachelor degree (BTech, Bsc, BCA) related to computers should be sufficient, most of the companies just need a computer graduate as the base requirement. For a more realistic idea of current scenario in india for infosec, do look at the jobs and qualifications asked here: All jobs



If you want to do CEH to gain knowledge, then let me tell you one thing, it's very basic and most of the technical stuff there can be learned from internet if you know the right path, and as per some forensics and guidelines stuff, that comes from professional experience in an organization. It could look good on paper, but as i said previously, certification is nothing without experience, it's just a legal stamp on your resume that you officially know and practice that stuff currently, even CEH's eligibility page (Application Process Eligibility) states that if you don't attend their official training camp, then atleast two years experience is recommended, though you can do CEH once you get a job in similar profile and then can work on building up your arsenal.

Concentrate on you graduate program currently, don't rush into CEH right now, it's meant to be done when you are in the corporate world, do self learning while in college, practice pentesting by setting up your virtual lab in VM, and try to read as much related to security as possible, stay updated. Just by doing this correctly, you would be far above the CEH level when you'll graduate from college. And try to attend some security meets near your area while in college, it really helps a lot..

thanks a lot man!i mean it!you're a saviour.
few questions please...if you don"t mind.
You said any bachelor degree.Does that mean I can do graduate programmes offered by some international universities and some Indian universities specially on cyber security.If yes,can you please tell some international and national college that offers bachelors programmes on cyber security?Will graduating from cyber security help me?
thanks in advance

 

[ratul]

thanks a lot man!i mean it!you're a saviour.
few questions please...if you don"t mind.
You said any bachelor degree.Does that mean I can do graduate programmes offered by some international universities and some Indian universities specially on cyber security.If yes,can you please tell some international and national college that offers bachelors programmes on cyber security?Will graduating from cyber security help me?
thanks in advance

yes you can, but i can't guarantee that from the indian market's perspective, if you had a look at that null jobs page in previous post, job posting in india requires mostly BTech/Bsc/BCA in computers, specialized security graduation programmes are well accepted in security jobs outside india, but here in india it's still in it's early stages, so i'd suggest to do either one of these, which would also help in getting network admin or similar profile jobs as a starter, as it's very hard currently in india to land a job in infosec as a fresher. Hope that helps.

 

[sreeml5thira]

Hello,
A newbie here.. First of all, a lot of thanks to the thread creator and those who replied for discussing what I wanted to know for quite some time. Forgive me for jumping in, but I wanted to ask something related. I'm currently waiting for my 12th board results.

After completing BTech/BSc, how should I proceed in order to join National cyber security wing/Police Cyber cell/something like that? What courses should I complete? How will I gain experience? I want to do something for our country's cyber security area.
What's your take?

 

[ratul]

Hello,
A newbie here.. First of all, a lot of thanks to the thread creator and those who replied for discussing what I wanted to know for quite some time. Forgive me for jumping in, but I wanted to ask something related. I'm currently waiting for my 12th board results.

After completing BTech/BSc, how should I proceed in order to join National cyber security wing/Police Cyber cell/something like that? What courses should I complete? How will I gain experience? I want to do something for our country's cyber security area.
What's your take?

don't worry about that for now, concentrate on improving your skills throughout college, read the previous posts for guidance, and if you have good enough skills, you'd get the job in infosec pretty easily just after college (assuming you'd passout in 2018, by that time, infosec jobs would have to be booming in india), and the track would be set after that.
Not sure about the govt. thing as i hate govt. jobs (but want to be on some CBI/FBI/fancy stuff cyber cell.. ), but i think a CISSP would be a bare minimum (which infact requires a min. of 4-5yrs of work experience for eligibility), and as these police cyber security wings deal with the cases with great danger, so either a minimum of 5 yrs prior work experience, or very strong credentials and skills would fetch you a job in these govt. sectors.

 

[sreeml5thira]

don't worry about that for now, concentrate on improving your skills throughout college, read the previous posts for guidance, and if you have good enough skills, you'd get the job in infosec pretty easily just after college (assuming you'd passout in 2018, by that time, infosec jobs would have to be booming in india), and the track would be set after that.
Not sure about the govt. thing as i hate govt. jobs (but want to be on some CBI/FBI/fancy stuff cyber cell.. ), but i think a CISSP would be a bare minimum (which infact requires a min. of 4-5yrs of work experience for eligibility), and as these police cyber security wings deal with the cases with great danger, so either a minimum of 5 yrs prior work experience, or very strong credentials and skills would fetch you a job in these govt. sectors.

Thankyou for answering! If I may bother you for more...
Will I still need to amass prior work experience if I go on to do MTech/MSc? What are the very strong credentials you were talkin about?

 

[ratul]

Thankyou for answering! If I may bother you for more...
Will I still need to amass prior work experience if I go on to do MTech/MSc? What are the very strong credentials you were talkin about?

AFAIK, there's no work experience needed for MTech/Msc.
And by strong credentials, i mean that a very good hacking skills, with active participation in hacker's meets like nullcon in india, participating in hacking challenges, which will help you not only in displaying your skills to public, but also building strong network, that could help you fetch govt. job if you come across the right person..

 

[agarwalmohit]

Hi,

I am also interested in ethical hacking and might do the courses as stated above. How much salary should i be expecting?

 

[SunE]

Nice thread and awesome replies. Glad to have discovered it.

 

[cute.bandar]

btw for those interested, some knowledgeable people hangout on AskNetsec (questions by newbs) and /r/netsec - Information Security News & Discussion (news for the pros) . Use the search function there

 

[TechnoBOY]

[MENTION=122731]ratul[/MENTION] Im interested in pen tester(Doing 12th) Your post really helped but a question ..When goggled up i found that there is a drastic diff in salary ..Why is that?


PS sorry for bumping old thread.

 

[TechnoBOY]

No help?

 

[v.Na5h]

[MENTION=122731]ratul[/MENTION] Im interested in pen tester(Doing 12th) Your post really helped but a question ..When goggled up i found that there is a drastic diff in salary ..Why is that?


PS sorry for bumping old thread.

Diff in salary between what

Sent from my XT1033 using Tapatalk

 

[ratul]

[MENTION=122731]ratul[/MENTION] Im interested in pen tester(Doing 12th) Your post really helped but a question ..When goggled up i found that there is a drastic diff in salary ..Why is that?


PS sorry for bumping old thread.

yup, difference in whose salaries?
indian pentesters are paid **** compared to their global counterparts.

 

[TechnoBOY]

yup, difference in whose salaries?
indian pentesters are paid **** compared to their global counterparts.

India MEDIAN: Rs 365,456
US MEDIAN:4913006.02