Time
48 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
And now it's time for a Q and A. So we have some questions that will cover that have come through from the group. So let me take a look here. I'm gonna pull up some questions
00:12
if I can.
00:14
Are you guys gonna send me some questions here?
00:18
Okay.
00:20
I'm talking into role.
00:23
Okay.
00:25
Excellent.
00:26
So here's some questions. What books do you recommend?
00:30
So, Mark, you mentioned the book earlier, and I wrote down the name Ghost in the waters. Correct? Yep. Yeah, I posted a link on their Andi. I'm sure I don't know. Joe's on the line here, but he can recommend something some as well. Georgia Wide Maintenance book on pen testing. It is an amazing when done by no starts for us.
00:49
You have the Peter Kim book, the Hatter playbook three, which just came out,
00:54
which I have, Which is really good. I also just picked up the brainy version of Grey Hat hacking, which, you know, all of those degree great books. I can put the links all together and sent them to Eugene, and then we can send it out to everybody.
01:07
Wonderful. Thank you very much. Yeah. Um, a couple of other things. Well, this will will be possible to get this presentation afterwards. Yes, it'll actually published within the next few weeks. So we want to take a look at
01:22
having that out on the site through the insider pro program. You can take a look at that, and it will also be on the website
01:27
as well.
01:30
Hey, can you guys hear me right now?
01:33
Yes.
01:33
Yeah, it's Joe Perry. I don't have a quick interjection on the book thing. I very strongly recommend there's a gray hat. Taipan. It's not really It's kind of a Python book, but mostly it's about the process of hatching in reverse engineering and learning how to understand under the hood what that is. So that's why
01:51
Justin Sites and that is my number one recommendation ready
01:53
breaking into this field.
01:57
Great. Thank you, Joe. Thank you so much for jumping in and mentioning that. Here's a tech question that we want to cover. What impact to technologies like machine learning
02:07
will have on the future of pen testing. So, Shane, can I ask you that question? What do you think about
02:13
machine learning
02:15
and how it might impact contesting? Yeah, I mean, uh, again. It's an ever changing field. And there's always gonna be, uh, Newark, newer technologies and newer things like, uh, a machine learning and a I in the field that is just gonna further adapt. What? What is what takes place in, ah,
02:35
an actual penetration test and
02:37
new things to learn and new vulnerabilities and exploits to discover based around that. So, of course, that's definitely gonna definitely change the field moving forward,
02:45
um, as faras an actual penetration test itself.
02:49
No, it's it's important just to make sure to go through the
02:53
the general penetration testing phases. That air there were outlined previously, and it'll make sure to, you know, just all those points. But, um, from the changing perspective, you know, it kind of goes back to the point of making sure you're looking into, uh, resource is to stay at the date on,
03:12
you know, new new technologies, new
03:14
new security issues, new vulnerabilities and exploits, et cetera. Just so you stay up to date on all those things that are coming about,
03:23
they're good. Thank you. Shame.
03:24
Very nice. So a couple more questions we're rounding the bend here on our 45 minute time, but we could do a few more questions. I think we've got some good things coming in here.
03:35
So here's a tech question. So, Joe, are you still with us on the call?
03:38
Yes, ma'am. Okay. Would you consider a threat modeling an important skill for pen testing? And if so, any resource is you would recommend,
03:46
I would absolutely consider it to be a useful skill. So I mean, just in general, the concept of threat modeling and really having an idea of the threat environment is essential.
03:59
As for specific resource is I'm racking my brain right now trying to think,
04:03
Uh oh, watch. If you're not familiar with Owen, it's a really great resource for that is an open source. Web applications. Your clandestine group have a really great threat Modeling platform. That's probably my recommendation off the top of my head.
04:18
Fantastic.
04:19
Another quick question is, I'm currently working in the sock. And how would you suggest I move into the pen testing career path?
04:29
So, Markko, throw that out to you,
04:32
so I mean, if you're if you're currently working in a sock, then you kind of understand the defense of the pen testing. So you could You're going to co word here. You could eliminate some of the courses and things that you already know. But you know, when you when you go when you go into contesting it, it's one of those, especially if you have the drive to do it.
04:50
You've already got the technical skills. You've got a good lay out. So just kind of transition. This goes you built in the sock analyst career and moving an independent testing. That's something that that shouldn't be too difficult. Especially that's kind of the career that you want to go down.
05:05
Um,
05:06
I don't know, Joe. If you have anything Thio ad on it, I don't want to
05:12
get to two into, but I mean, I think it's already a stock analyst. You kind of understand that the results of what a pen testing do you understand the vulnerabilities of honorably management? You understand exploits and in some cases even reverse engineering. So you probably have a good enough background and
05:27
networking and understanding how systems work. And so I think it's applying that as a time tester would be something that would be fairly easy.
05:33
So also, you definitely have the dollars skills, probably already. But the advice I give any person who is attempting to make
05:42
a career change, be prepared to work extra hours
05:45
that may be at your office trying to get some. If you have already happened. Testers, they're trying to work with them and get a sense of what they're doing in kind of your off time. It may be one of the things that I really recommend. They're less small businesses, especially if you live in a big city that are like credit unions or just small mom and pop shops. They're dealing with credit cards they have,
06:04
at least in America. I can't speak for other countries familiar there wasa. They have federal obligations for security,
06:10
but they don't really have a huge budget. The higher, you know, major, very experienced investors, and they tend to be a really great place. If you're willing to volunteer a little bit of time to go through their stuff, sort of step by step in a rudimentary way, Um, and really get your hands in a system that it's live.
06:26
It's a real world application. It's one of the best ways to break into the field.
06:30
You're not gonna make a lot of money doing it right away. A lot of time, you're just pulling during your time to do it.
06:34
But it's a really, really good way to get your people
06:39
fantastic. Thank you. So let's do two more questions. Let's take a look here at some things that are coming up.
06:46
So one question that I wanted to look at Waas
06:50
and I apologize. I'm just kind of going through here.
06:55
Okay.
06:57
Uh,
07:00
actually, let's wrap up here. Now. One more question. Sorry, I don't mean to be wishy washy, but this last question
07:09
what is your setup or rig when Penn tested. And, Joe, I'll ask you this question. Any specific OS or software preferences?
07:17
Uh, so if you don't already know about the glorious wonder that is Callie Lenox, definitely dig into that. It is your best friend for pen testing.
07:26
Beyond that, one of the things that I like to do if I could get away with it when I'm doing a test,
07:30
is to reach out to their i t. This is when you're operating sort of a collaborative routine, more than ready,
07:35
but reach out to their ikey staff and trying at, uh, whatever image they're giving their people to you.
07:42
So you can kind of have that on your laptop or whatever. Is there a window shop you're gonna wanna work from Windows that there are limits shot? You're gonna wanna work for Lennox,
07:48
But just in general, if you want one No. Es. That's gonna work. Most of the time. It would definitely be Carly.
07:56
Fantastic. Great.

Launching Your Penetration Tester Career

In this course on “Launching Your Penetration Tester Career” presented by Cybrary’s own Gina Palladino, you will hear directly from the experts on what it takes to boost your career to the next level. From interview prep to resume writing, expect a thorough overview on how to achieve one of the industries most prestigious titles in cybersecurity.

Instructed By

Instructor Profile Image
Gina Palladino
Adjunct Instructor at Carroll Community College
Instructor