Good question. The answer is...well, it's not easy, but very rewarding!
Today you can not open any news web site without facing an article about hackers penetrating some high level US government institute server, data breaches, stolen credit card numbers and secure codes, defaced websites, huge and very old bugs found in different applications, etc. The internet is fulll of these stories. You can (and should, btw) ask the question: what is going on out there? Who are behind these attack? How are they so successful?
Tough questions, but it's easy to answer the last one: the attacks are successful, because a) the systems, applications currently used on the net are not well designed and maintained from a security point of view b) and not tested thoroughly or not tested at all from a security point of view. Why not? Cost cutting is the magic phrase (as usually in the QA world). And sometimes lack of education as well.
Here is the point where the penetration tester can step into the game. If you check recent testing job ads, you can see a trend among companies hiring more and more skillful pentesters to ensure the security and protection of their systems. And the good news for you is that there are very few guys out there who are skillfull, have experience and know anything about nmap and metasploit. This is a very promising market gap for testers. It is possible to do it remotely as there is no reason to get into the office. Or you can do it as an entrepreneur. So it's time to change your mindset, turn up your sleeves and start learning!
You can do learning in two ways: self education and trainings. I suggest to choose the first one but it's your decision, of course. Firstly you have to see that the learning phase is a never ending story. Especially in IT you have to learn something new every day as it is a contantly changing industry. Secondly you have to be unwavering: never stop reading articles, books, practicing with tools. You can have breaks, which can last days or weeks, but the more you practice the more skillfull you will be. Thirdly: try to find a mentor. A mentor can help you a lot in showing what tools are the best, what is worth to read and learn. He/she may be on the other side of the planet but can be a huge aid.
OK, so you are eager to start? I guess you are!
Here are some ideas how to start: find and read books about security, collect bookmarks of different security and pentesting related web sites, news pages, forums, join groups which discuss pentesting topics, buy a laptop if you don't have one, install Kali linux (forget windows), read the manuals, try out the tools. I guarantee that in 1 year you will know more about security than the 99,9 % of the people of planet Earth.
What else can you do? I suggest to stop wasting time for activities which are not making you more complex. Examples: facebooking, watching tv, reading celebrity and political news, etc. You should use the time for practicing. Don't forget: it's a long term investment but it will pay you more than would you think!
Nincsenek megjegyzések:
Megjegyzés küldése