Internet/Network Security/Pen Testing
Hello John I am a college student who wants to learn pen test skills but also continue my BS in CS. I am doing as much graduate work undergrad as I am permitted and just bored. Hoping early Phd will spice things up. I love uni and want to continue but so bored here. Any good hands on certs. I did Cisco Certified Internetwork Expert R&S had fun doing it. Giac Security Expert looks fun but expensive.
Be sure to take something that requires Assembler. Without it, you'll never be as good at it as you think you are. Every vector known today is the same as those from 30 years ago. 30 years ago engineers learned Assembler; the MIS/CIS programs I knew of didn't include it. Learning assembler will teach you that there's no excuse for a buffer overflow. None.
CISSP teaches vocabulary and how to represent "security" as risk. The Risk Management can be used to make decisions.
If you're at a school, there must be machines not in use. Get a Damned Vulnerable Linux build and set it up. Check out OWASP's tools and use them. *Don't* use them to check the school's network unless you've got written permission. Doing so may be legal but doing so doesn't mean you'll win friends.
Using live builds are a great way to start doing this. OWASP.org has excellent info. Look at the National Vulnerability Database and see if there isn't something you can do to write rules to scan a network looking for them. (Python seems popular for this sort of work. Ruby is gaining.)
If you'd like to test your diplomacy skills and do good at the same time, look into making contact with a volunteer organization. Offer to do some Pen testing for them. Be sure to look at examples of what you might include in a contract.
Finally, look into joining the Information Systems Security Association. There's no "bigger bang for the buck".
Hope this helps.