Yesterday was my last of the SANS 560 Network Penetration Testing and Ethnical Hacking class. The class was absolutely great. The class was very useful in many ways. For one, sharing ideas, experiences, and goals with like-minded people was priceless. My classmates for the six days included students from the UK, Canada, Denver, Houston, South Carolina, etc. Many worked within the Intelligence community, banks, and consultants for federal agencies. Secondly, the class helped me narrow my focus. Information security at time seems to have no boundaries.
With a wave of private and commercial industries being compromised by malicious hackers daily, the need for ethical penetration hackers are in much demand.
From a skill set perspective, the following is what I concluded as being needed in order to be successful in the IT security, more so as an Ethical hackers:
1. Knowledge of the enterprise network design
2. Familiar with penetration tools, namely Backtrack. Also, have the knowledge of exploitation with frameworks such as Metasploit or BeFf.
3. Familiar with wireless protocols and configurations.
4. Scripting language like python, Perl, javascript.
5. Communication skills in order to properly convey over to a client discoveries and formulating a business case to fix any discovered vulnerabilities.
6. Report writing skills are imperative to document what was found during the test, methodologies used step by step, and remediation suggestions.