Like the 100k a year plumbers for networking

doublehelix2

doublehelix2

doublehelix2

Associate
Joined
5 Jun 2007
Posts
299
I found this article online, and it reminded me of the 100k a year plumber stories that some newspapers published. I'm not sure if it is a blurb to make you sign up to their course. Anyone want to weigh in?

Link
 
Our uni (Abertay Dundee) just started this course, they having a nightmare trying to up there security with out fully isolating the user group. Will be interesting watching them teach people to find faults and get round security while trying to keep theirs safe and working.
 
This is the job I am starting in September.. Its called a penetration tester... Basically hacking into systems and networks, finding vulnerabilities in software/systems and then writing it all up so the company can improve their security.

For what its worth... if you think staring at thousands and thousands of deadlisted assembly language and trying to figure out what is what, raw packet captures or core/crash dumps is glamorous then you are sadly mistaken.

Course wise it's pointless, there is no way you can learn what you need in the 3 years of a uni course... You are better off studying CS at a good uni and lots and lots of reading/coding/hacking in your own time.

Money wise - Yeah 100k is doable with 3-5 years professional experience but your looking at around 26-28k realistically as a graduate in the south.
 
band wagon anyone.....

I really don't think pen testing is a great area for people to be doing low level vocational style training courses if they're serious about it - like someone mentioned above a good CS degree & lots of experience is more realistic. A post grad/masters course is more suitable for it AFAIK.
 
It can also get really boring, IMO anyway. I did it for 2.5 years and got tired of running the same tools and finding the same holes. Sure every so often you get something a little more interesting, but not often enough.
I prefer being on the other side, Incident Management, dealing with the situations where someone has been hacked, working out how and when it happened. Hell sometimes it's ongoing and you have to mitigate the situation so the systems can stay up without the attacker causing more damage. It also ties in well with the forensics work I do, similar mindset required.
 
bam0 said:
It can also get really boring, IMO anyway. I did it for 2.5 years and got tired of running the same tools and finding the same holes. Sure every so often you get something a little more interesting, but not often enough.
I prefer being on the other side, Incident Management, dealing with the situations where someone has been hacked, working out how and when it happened. Hell sometimes it's ongoing and you have to mitigate the situation so the systems can stay up without the attacker causing more damage. It also ties in well with the forensics work I do, similar mindset required.
Click to expand...

I get the feeling a lot of pen test houses are just using canned software though, nessus/core impact/canvas etc and really don't do any vuln/exploit development.. That's where the interesting part is in my opinion.. finding new vulnerabilities and working out how to exploit them. I can see why you could find it repetitive if you worked for one like that. Looking at the people who were doing presentations at defcon/blackhat etc swayed the choice for me.. Finding XSS/sql injection in every web app you hit for example would be dull as hell :-)

Incident Management sounds pretty interesting though.. I definitely didn't want to do a defence roll though (IDS/sensors etc..). The forensics side could be quite cool.
 
Last edited:
I'll be doing a security/firewall/virus orientated module at uni next year, I'll have to keep this career route in mind, cheers :)
 
Well £100K is possible but most don't earn that much, and it's contractors rather than us permies that earn the serious amounts.

For what it's worth, the CISSP is looked upon much more favourably in industry than this certificate.
 
doublehelix2 said:
How much programming knowledge/experience is needed? Or is it just purely networking knowledge you would need?
Click to expand...

I started coding when I was around 14.. seriously at about 16. I'm 22 now so I got about 8 years experience + a comp science degree. I feel seriously outclassed by some of the guys I know though. This is pretty much entry level and I feel like I still got a lot to learn :p
 
Una said:
I started coding when I was around 14.. seriously at about 16. I'm 22 now so I got about 8 years experience + a comp science degree. I feel seriously outclassed by some of the guys I know though. This is pretty much entry level and I feel like I still got a lot to learn :p
Click to expand...

Jeez, times have changed, I was chasing skirt and sneaking into pubs at 16 not programming. ;)
 
TheBrooder said:
Jeez, times have changed, I was chasing skirt and sneaking into pubs at 16 not programming. ;)
Click to expand...

One does not preclude the other though. Can code all day and party all night :p Have more than made up for lack of social life while at uni...
 
Una said:
I started coding when I was around 14.. seriously at about 16. I'm 22 now so I got about 8 years experience + a comp science degree. I feel seriously outclassed by some of the guys I know though. This is pretty much entry level and I feel like I still got a lot to learn :p
Click to expand...

:( I hate coding.

On another note, the guy who runs the hacking course, if he could make so much money then why is he in it training? Sounds strange...
 
doublehelix2 said:
:( I hate coding.

On another note, the guy who runs the hacking course, if he could make so much money then why is he in it training? Sounds strange...
Click to expand...

I doubt he is getting paid poorly for the training...

The MSc in Information security from Royal Holloway or the UCL is where it's at with educational postgrad qualifications.. (Most people tend to do this after a CS/CSE degree though).

Apart from that the best (technical) training courses are the ones held at the hacker conf's. Blackhat (http://www.blackhat.com/html/bh-europe-08/train-bh-eu-08-index.html) or Recon2008 (http://recon.cx/2008/training.html) etc..

As Gareth mentioned above the CISSP is worth doing as well (I can't currently because you need 3-4 years professional experience, but plan on doing it in future).
 
Last edited:
I know a chap who earns well over £100K working for a large international IT company, not entirely sure what he does as he tried to dodge questions but he is incredibly intelligent and creative. I've never seen anyone pick up programming languages as fast as he does so it wouldn't surprise me if it's a security/hacking style role.

Amusingly he has no qualifications other than a few O'grades (GCSE level).
 
You must log in or register to reply here.
Back
Top Bottom