how to become a pen tester and/or ethical hacker?

[wafflehammer]

my friend is trying to decide what he wants to do while he is in college and i mentioned the idea to him about becoming a professional penetration tester or ethical hacker and he is kinda skeptical at the idea that they are real professions and confused on what kind of degree you would need.


So what would you need to become one , the other, or both? I'm sure it would have to involves courses with network/OS security and things like that...but is there any preferred degree for this field?

 

[Lexluethar]

Probably networking degree - but there aren't a lot of hacking classes out there. Mostly self taught stuff. There are definately people out there that make tons of money testing systems for vulnerabilities. There are a few companies out there that specialize in this as well (saw one on 60 minutes sunday).

 

[septic]

another admin posted this link a while back. For me, I swing a hammer for a living so I don't have the time to dig into this info. What I have read of it, it seems informative. Imo, a good computer guy should be well versed at penetration testing, be able to crack passwords, and be willing to stay up with the latest technologies, both black and white hat. A good investigator has to think like his enemy to defeat em'

 

[patonb]

Check out Heorot.net

THEy have coarses and practice disks that show what its about. But as said, its alot of networking stuff so a solid knowedge there helps.

An exloiter is much different and could easily be a cs degree.

 

[SapperX]

Information Systems degree. At least at my Uni we have a system security sequence of IS, and that is precisely what they do.

If he wants to start on it before dedicating to a degree, go learn everything there is to know about Unix, enterprise networking, and web security. Application (layer 5) level protocols and security would be an excellent thing to get familiar with as well (example: Exchange).

 

[Kharn]

I'll field this one - Yes there is money to be made as a Pen Tester / EH problem is the jobs are hard to find, even if you have a degree most jobs like you to be well versed with the PCI compliance standards (NOT the PCI slot) and be at least certified to a Security+ level and some jobs require a CISSP.

He would be better off going for industry certs from SANS and CompTIA in my opinion than a uni degree, and starting as a sysadmin then working his way to security from their.