[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pen-test
Subject:    Re: PWB - OSCP certification for newbies
From:       Mike Van Hoff <mikev () vanhoff ! com>
Date:       2009-08-29 11:59:18
Message-ID: 1251547158.6609.13.camel () jomammaeee
[Download RAW message or body]

I believe that I we are all entitled to oour opinion, and Mr. H is
certainly correct in his/her assessment that Pentesting with Backtrack
is a difficult course to complete successfully.
However, I disagree that IT is fading.  On the contrary after more than
15 years (and not hair), I see IT as becoming more essential.  Automated
systems will increase the need for IT, and Pentesters, but in very
specialized areas.  Systems are still built by Humans, and Humans make
mistakes that the bad guys will find and exploit.

That said, there is a screening process for any of the Offensive-
Security courses, and experience is one of them.  The student must
already know linux, and windows operating systems, but also must know or
have solid knowledge of routing protocols, application programming, and
many other aspects of IT to be accepted and succeed in these courses.

my 2 centovos worth

On Fri, 2009-08-28 at 09:26 +0100, Hari Sekhon wrote:
> Mau Bs wrote:
> > Hi.
> > I've been following both mailing lists for quite a while, and lately
> > I've seen many people suggest the offensive-security certification
> > Pentesting with Backtrack as a good place to start for learning some
> > basic skills in pentesting. I would like to know how you feel about
> > this suggestion. Also for you guys that have taken the course, what do
> > you consider is the minimum skill set needed to get the most of the
> > course/cert. I'm coursing my last year of my degree in Computer
> > Science.
> 
> If you're only doing a degree then this may go above your head, it's 
> really aimed at more experienced professionals with a few years 
> experience (and even then they often fail it). They do not explain basic 
> things - you are expected to know them already and they assume that you 
> have worked in IT for at least a few years and already have knowledge of 
> multiple operating systems, networking, programming, databases, some 
> security etc etc.
> 
> I'd say it's best for people already working in security really. I don't 
> see there being enough of a future market to invest in this now as 
> technology is basically closing all the holes as well as preventing the 
> need for any more people to run IT (and there are a tonne of unemployed 
> IT people with experience still looking for jobs that are also finding 
> that IT's shrinking job market in the long term is causing them problems).
> 
> Yes I have an OSCP and yes it was tough as suggested. It actually put me 
> off doing pentesting any more (although also because I had done enough 
> of this I felt) as well as the fact that I am enjoying other aspects of 
> IT more these days, they're less sleep deprived and hair-pulling 
> (although after 5 years in IT I have no hair left to speak of anyway!  
> ;-) ).
> 
> -h
> 


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a \
proper penetration test. IACRB CPT and CEPT certs require a full practical \
examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]