Doing a pen-test for a job is a little different than pen-testing a
friend's web server. The biggest difference is documenting what you're
doing and all the steps that it took to get there so that you can then
write up a report. The pen-test isn't any good to anybody if it doesn't
help them secure their systems. And of course, a report needs to fit
somewhat into the mold of what people expect...a title page, index,
executive summary and then the details of the report.
Of the ones you've named, GCIH probably fits the closest. I guess CEH
does too. The CISSP cert is more of a management-level cert. I think
it's a good one to have and the process of getting it will force you to
go through a lot of things that will help you think about things from a
business standpoint.
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of infolookup@gmail.com
Sent: Monday, December 17, 2007 7:45 AM
To: pen-test@securityfocus.com
Subject: GCIA, GSEC, GCIH, CISSP, CEH ???
Good day all,
I know this is not really a tech-pentest question however I wanted to
get some feed back as to what certs/skill set one need to acquire in
order to break into the pentest/information assurance/computer forensics
job market.
I am a about to graduate with my BA in computer system next semester,
and I am tring to get into a security related field, I did very little
vul-testing/pentesting for friends, or on a few work servers and wifi
network.
And that was very interesting, but with so many certs and paths out
there I wanted to know which ones you guys took so I can get an idea.
Thanks in advance.
Sent via BlackBerry from T-Mobile
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use
of the individual or entity to which they are addressed and may contain
information that is privileged, proprietary and confidential. If you are not
the intended recipient, you may not use, copy or disclose to anyone the message
or any information contained in the message. If you have received this
communication in error, please notify the sender and delete this e-mail
message. The contents do not represent the opinion of D&E except to the extent
that it relates to their official business.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
