#1,162 in Computers & technology books
Use arrows to jump to the previous/next product
Reddit mentions of Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (Open Source: Community Experience Distilled)
Sentiment score: 3
Reddit mentions: 3
We found 3 Reddit mentions of Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (Open Source: Community Experience Distilled). Here are the top ones.
or
Specs:
| Height | 9.25 Inches |
| Length | 7.5 Inches |
| Number of items | 1 |
| Weight | 1.56 Pounds |
| Width | 0.94 Inches |
Hey, you have an interesting history and I'm gonna pump your ego a little bit and tell you what I think you should do.
You could go for a corporate software engineering job or you could have some legal fun being a white hat. And you're qualified for it. You have a proven track record of skill.
I don't really know where you are in your penetration skills, but you seem like you are able to quickly get up to speed. If you have enough money ($800-$1200) to take a serious risk on training, I'd recommend taking the Penetration Testing with Kali class from Offensive Security and get their OSCP cert. It's probably the most respected certification among professionals at the moment. It's 100% practical. For the exam you connect to a lab network, and are given 24 hours to perform the most comprehensive penetration test you can. After your time is up, you get another 24 hours to write a report. You are entirely graded on the findings you include in your report. They don't look at anything you've done on their network.
If you don't have the ability to fund that kind of training, you can get by. This book is highly recommended.. Study it and practice as much as you can. A library of intentionally vulnerable virtual machines you can use to practice exists here. Both of the options I've mentioned should be vastly more fun and interesting than learning to write enterprise java code.
Now all this is well and good, but how do you get by finding some kind of job? The best place for someone in your position is not through the front door of any organization. /r/netsec has a quarterly hiring thread, which is a fantastic place to start. Explore the postings and send messages/emails to the poster. Even if you don't think you have any chance of getting into the organization that posted, talking will give you an idea of what's in demand and what you can do to shore up your chances of getting in. The only catch with the /r/netsec hiring thread is that we're through enough of this quarter that most of the postings are probably dead. Not to worry though, a new thread will begin soon. So you may need to wait a bit. Lastly the people who are posting there are professionals. You won't get ridiculed or mocked because you don't meet some of their requirements.
If you wish to pursue this area I am willing to answer questions, and so is /r/asknetsec.
If you still wish to pursue an enterprise programming job, the #1 advice I can give you is to open source all your projects and get the code on github. Hiring managers LOVE to be given a github full of good code.
My favorite netsec book is Advanced Penetration Testing for Highly-Secured Environments. Gives the basics of just about everything in penetration testing.
I realize this is an old post, but I figured I would add my two cents in:
If you have no Linux Knowledge, I would recommend these two books:
http://www.amazon.com/Introduction-Unix-Linux-John-Muster/dp/0072226951
http://www.amazon.com/Introduction-Linux-Manual-Student-Edition/dp/0072226943/ref=pd_bxgy_b_text_y
I would also recommend getting a book on windows server:
http://www.amazon.com/Mastering-Microsoft-Windows-Server-2008/dp/0470532866
After going over those you should have a fundamental understanding of Unix/Linux
Then I would recommend this if you need to brush up on your basic networking knowlege:
http://www.amazon.com/CompTIA-Network-Deluxe-Recommended-Courseware/dp/111813754X/ref=sr_1_1?s=books&ie=UTF8&qid=1369292584&sr=1-1&keywords=network+%2B+delux+guide
Some security theory wouldn't hurt: I'd recommend these in no particular order:
http://www.amazon.com/The-Basics-Information-Security-Understanding/dp/1597496537/ref=pd_rhf_se_s_cp_7_FHWA
http://www.amazon.com/gp/product/1597496154/ref=s9_simh_se_p14_d0_i6?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=auto-no-results-center-1&pf_rd_r=6289C56ED33B4C108B60&pf_rd_t=301&pf_rd_p=1263465782&pf_rd_i=itia2300
And now we actually start getting into penetration testing:
http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_rhf_se_s_cp_3_FHWA
http://www.amazon.com/The-Basics-Digital-Forensics-Getting/dp/1597496618/ref=pd_rhf_se_s_cp_6_FHWA
http://www.amazon.com/Advanced-Penetration-Testing-Highly-Secured-Environments/dp/1849517746/ref=pd_rhf_se_s_cp_8_FHWA
http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=pd_rhf_se_s_cp_10_FHWA
Full disclosure: I have used all these books in my studies. I am not affiliated in any way with these authors, this also isn't something you can just "master" in 24 hours; you may however learn a few cool tricks early. My advice would be to keep at it, not only read these books, but setup Virtual environments to test these concepts in.
Those books I listed should give you a fundamental understanding of: Linux, Windows server, Networking, Information security theory, computer forensics, and basic penetration testing.
I would also recommend you take up a scripting language, Python is pretty simple to learn if you haven't already, and insanely powerful in the right hands.
Oh, one thing I forgot. NEVER EVER EVER run Kali linux as your primary distribution, setup a duel-boot and use something like Debian as your "casual" computer, and then souly use Kali or backtrack as your "Network security distro"
Ninja edited by myself