This is something of a dream job of mine. As a college student - does anyone have suggestions of what steps to take to be able to do something like this for a living? I have a small amount of experience with hacking (pen testing my own sites for fun and learning) and I have a decent understanding of a wide range of network security and vulnerabilities. But I don't have very much knowledge on the physical side of pentesting. How would I gain this knowledge, or is it something that you're expected to learn simply from experiences in the field?
Caving is very technical and can involve a lot of rigging ropes for abseil and prusiking (going up). It's not really a career, though, and you need to have access to an area with the right geology for caves. Yorkshire is excellent.
Judging from the "professional" section of the Petzl website, being a steeplejack, rescue crew or arborist (tree surgeon?) is the best way to get to use this equipment and get paid for it.
I just got done with a three year "mini career" in industrial rope access, where I got to work on-rope on wind turbine blades, in oil refineries, on the sides of high-rise buildings, and even one job up in the rafters above a professional football (American football) stadium. I'm now working towards a first job in IT or app dev, so this article is right up my alley. Nice work ;)
If you're interested in a job working on-rope, and, uh, learning the ropes, I suggest you take a look at rope access. It's a small niche industry, but pay is very good, technicians are treated well, and many companies offer an "alternative" work schedule/lifestyle where weeks of travel work are interspersed with weeks of total off-time - and good technicians can sometimes choose how much they want to work (or not work).
If anyone's interested, run a Google search for SPRAT and IRATA (those are our professional certifying bodies), and look on those sites for companies in your country. You'll have to take a week-long course (it's hard) and pass an exam before you're allowed on a job site, but if you have the stuff you'll pass, and most companies are hiring.
Interesting; I wish I'd known about this a few years back. Might have been a better option than moving companies and gas stations.
But really, my friends and I used to do a lot of building climbing for kicks when I was younger (probably four to five stories usually) and there was a long period where that kind of job would have been way better while I learned to code than the random crap jobs I ended up doing.
Looks really interesting though. Probably going to do some research into this.
Is the course integral to the job or is it the kind of thing where you pay for the course/licensing/certification then go look for a job? Seems like it might be interesting to look into just for the certification.
Of course... I have no idea what all this is like, so I might research for five seconds and realize that's lal stupid to ask
There are a lot of companies that claim to do industrial rope access outside the scope of the certification programs, but be skeptical of them at first. (That doesn't include companies in other rope disciplines that are different from rope access, like tree climbing and entertainment rigging. Those are different trades. RA takes most of its methods from caving, and some from rock climbing.) If you want to learn to do it right and have a good experience on the job, "go legit." But that means you'll have to get certified. Unless you have specific, in-demand skills (electrician, fiberglass technician, weld inspector), few companies will pay for your first course - you'll just have to pony up $1000+ on your own. However, once you get a job, they'll pay for your re-certifications, as well as follow-up courses that you take as you get more experience and climb up through the certification ranks.
Ohhh, yeah. Sorry. I reread what I said and realized I expressed myself really poorly.
I'm interested in taking the course without getting a job doing it, not the other way around. I was wondering how much it was to take it on my own dime.
I should have said something like "I'm interested in the course; can you take it and not get a job using it, or do you have to be on a job-track through a company to even take the course?"
I used to be a pretty avid rock climber and I'd be really interested in learning the techniques and types of equipment they use.
Reading my post, the climbing buildings part probably didn't reduce the perception that I was trying to do something risky, either
Well, yeah, you can just pony up the cash and take the class. Your experience would be something like this: https://www.youtube.com/watch?v=xUDob3m6rds - it's really technical, and really challenging. If you have the cash to waste, and a week, it could be fun.
Yeah, I'll have to look into it. I assumed you could take the course, but I didn't know if you'd need to be sponsored by a company or anything like that.
I don't know that I'd see it as a waste of money. I just like using my vacation time and money to experience something completely different and new, while learning new skills. Even if I'm not out doing something more interesting and engaged, I'd just end up hiking around finding a place to hang a hammock and read a book on coding or a technical paper.
My wife says my vacations aren't vacations because I never look like I'm relaxing in the classic sense. I'm not kicking back on a beach with a pulpy novel, usually (not that there's anything wrong with that). For me, a vacation is a time to psychologically recharge, and I get that by engaging myself, but on my own terms. Along with that, depending on how long the certification lasts, it's not that bad to have a backup skill/cert in the wings.
I've also found that it's really valuable to get insight into what other people do to make the world go round. Gives me a better respect and understanding of things in general.
Thanks for the response - but I think you misunderstood - sorry if I wasn't clear. I'll update my first comment to reflect this. What I mean is, how to I get into pentesting in a way that combines both digital and physical attacks. Though thanks for the tips.
I did. I interpreted the parent as saying he was interested in doing technical rope stuff, which was a reasonable interpretation, given the content of the article. I don't think most penetration testing guys have those skills, which is why I discussed fields where you can acquire/use them. Any clearer?
Lock your doors, try to get into your house, fix the security issues, try to get in again.
Buy a safe, try to unlock it without the key, buy a better safe, try to get in.
If you're especially lazy, put an ad on craigslist looking to hire janitors, take the resumes, put your name on it, and apply for real janitorial jobs.
Thanks for the suggestions. I've already dabbled into lockpicking as a hobby. I honestly have no idea what you are talking about with the last sentence though. Are you making a joke about the likeliness of making a career in pentesting? Or is this a way of describing how to infiltrate a building by running a long-con as one of their janitorial staff...
That last route threw me off at first as well. But it does provide excellent cover and who would suspect a simple janitor of anything. An added benefit is you get a key to almost anywhere.
