https://github.com/BinaryDefense/artillery - The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
https://github.com/trustedsec/social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec
It's amusing to me because I often see people wanting to be hackers, applying for IT-security classes or ethical hacking classes thinking there's a magic education they can take to become a hacker.
When in reality they need the same skills as any good linux sysadmin, understanding protocols, understanding services, and being able to google well in english.
It requires much more. The most important being an intrinsic desire to break things. Persistence is another. Understanding of underlying tech and stuff follows.
You need a character that does not give up and enjoys breaking things apart.
Specifically what's bothered me for many years is people who apply to classes to become hackers, thinking there's a type of certification that will allow them to call themselves hackers. It's become much more popular and romantic lately.
How do you think most of us learned sysadmin ?
Its the Pluralsight / Lynda.com but for Computer Security.
For example, this course  looked great, but I found that it wasn't quite right for me. (Assumed I knew things I didn't, focus was sometimes off-topic, etc.) Any better recommendations?
https://lab.pentestit.ru and https://www.reddit.com/r/securityCTF and
Idk if this is what you are looking for.
Here's an example of a write up for one of the labs https://lab.pentestit.ru/docs/TL8_WU_en.pdf
As for the focus being off-topic, I guess that depends in part on where your focus lies. As an embedded developer, everything that's web (XSS, phishing, etc) isn't all that interesting to me, personally. But it is to other people.
Another interesting course is FSU's offensive computer security : https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/le...
Also, this looks like a ripoff of http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/14942955....
Definitely the possibility for brand confusion on security software tools. Something to consider before you go live.
But, those sets of tools don't focus on "pentesting", so much as they do on analysis, and exploitation.
It is a sector suited to freelance roles and contracting, or working for a consulting firm in a fulltime capacity.
Build up an online profile on your own website. It can take the form of a blog or just a simple web page with a bio and some published articles/papers.
Mention on your website that you're available for hire, where you are and what type of work you do.
Write some blog posts (anywhere from 2-3 a month or even 2-3 a year if they're a bit longer form), establish specialities that you are good at, produce conference talks and pitch them at CFP's and go and speak at conferences, submit your posts and websites on reddit, here on HN etc.
You'll start getting cold approaches (I average around 3 after every blog post) and you'll have somewhere to point the companies you approach to.
You'll meet people at conferences who want to hire you.
To find companies to approach, find vulnerabilities and send them a note or participate in bug bounty programs. You can also approach companies who have recently been in the news with security issues, or those you find on Twitter where users or other infosec ppl are reporting issues on social networks .
A lot of companies hit a wall when they experience a security incident and they're not sure what to do, who to call or who to hire - so they're very open to hiring contractors to organize that or bringing in their first fulltime infosec hire.
To get the top-end research roles at the big co's you really need to produce good research and you'll be headhunted.
Try to be specific in terms of both specialities and sectors you deal with. If you decide on freelancing, use your first couple of clients as references for potential new clients and ask associated, customers, etc. to refer you other work.
the cheat sheet should mention where to find exploit.c
Also, I always preferred "make exploit" for that. It's just very ... to the point.