1) How would you recommend getting started on a career toward Network Security/Network Pen Tester?
She has some follow-up questions to that first one requesting some specific information. Go read her post and then come back.
Okay, here is what I suggested. Obviously, not exhaustive.
Here is a good blog post that might help.
1) Certs -
- If you want to be technical, I would start with the SANS GSEC cert. Make sure you go for the GOLD cert and not just the silver. This cert will give you a good base to build on.
- From there, move on to firewalls, ids, etc. as appropriate. SANS certs are the best technology agnostic certs around.
- Defcon – cheap and worthwhile.
- Keep doing what you are doing, watch and read the presentations after they are posted. Garret Gee over at Infosecevents usually posts links to archives when he comes across them.
- See if there is an Infragard chapter nearby. Free and often strong in cyber security.
- Start a chapter of http://www.naisg.org/. You will probably learn more and meet more people that can help you doing this than anything else.
- Security Engineering is a great source.
- For web app security testing the “The Web Application Hacker’s Handbook” book by PortSwiggger is great.
- http://www.learnsecurityonline.com/ is a great site.
- http://www.hackquest.de/ a challenge site.
- http://www.hackthissite.org/ another one.
- The WebGoat project by OWASP is also cool.
- Damn Vulnerable Linux is interesting.
Finally, VirtualBox is a great free virtualization platform for Windows and Linux that will let you setup VMs like DVL to hack against.
Go ahead and offer up your suggestions in the comments.
UPDATE: On the drive home I today, I was still thinking about this question and I realized I left off one things that an individual can do that will probably reap more benefits than any of the items listed above.
Find a mentor.
Find somebody who has been in the business for a while who is willing to let you bounce questions off of them and is willing to give you the benefit of their experience when you hit situations that you are not familiar with. Somebody who can offer you those second opinions that can be so helpful.
Here is a link to a bunch of articles on finding a mentor and the mentoring relationship. The articles are not infosec related at all, but still apply.