I've started lookinh into what I want to do for a living, and, honestly, Penetration Testing sounds like something I'd like to do.
Problem is, I have absolutely no experience in networking or in anything security, just simple stuff like setting up routers and stuff for family. Do you guys and girls know any good ideas or resources on how to understand Penetration Testing?
Also, if any of you guys do pentesting for a living, what's the job like for you?
I should start by saying I have no experience in this subject, and very little interest but. The first thing to come to mind is that youtube channel Hak5? or HakTip? I forget which. They do some windows tutorials for metasploit. I think they do other stuff aswell?
Hak 5 has some good videos on a bunch of stuff ( https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ ). The playlists "Metaspliot Minute" and "HakTip with Shannon Morse" are good for metasploit and wireshark, two really common penetration testing tools. Other than that downloading kali (a linux based pentesting distro https://www.kali.org/ ) and messing around with everything is a good start. You can learn a lot just buy googleing and reading and trying stuff out on computers on your home network. Just make sure you have permission to pen test and keeping the traffic local is always a good idea.
Defcon is the pen testing Mecca but honestly its really hard to be in just pen testing. Most of those in the field are professional contractors and it's just another thing on their resume along with other IT services like Networking and Server design/implementation. Try the Comp TIA courses on Security and Networking to get started then try to focus on a brand of router or networking protocol for instance SQL injections thru a Cisco ASA Router. Then try to get on with an IT group that seems very security minded (not hard to find anymore).
If you really want to only do Pen Testing thats like a noob saying "I want to do computers" in their first job interview. The harsh truth is anymore that you have to have multiple tools in your basket not just to compete in the job market for those Pen Testing/IT jobs but Pen Testing is very indepth. Most of the time you have to have a very funamental knowledge of the TCP/IP/UDP/etc. protocol(s) along with detailed knowledge of potential targets. Pen testing is social engineering as much as it is CLI manipulation.
What I would do is make Pen Testing a long term goal for your main job duty but get on with a larger IT group and start learning more about enterprise networks; how they work, who the vendors are, what type of securities really are industry standard for your industry.
TL;DR You have to be more than a Pen Tester you have to be the I.T. Man.