It’s the year 2018 at the beginning, of Summer. I found myself browsing Udemy and for some reason a course titled Learn Ethical Hacking From Scratch caught my eye. I was fascinated by Ethical Hacking for a while and I thought it might be a fun course. I decided to buy it and play around.
After a while I moved onto Web Pentesting. I have a degree in Web Development, so I was excited to learn how to I could use my existing knowledge to gain a better understanding on how to secure and hack web applications.
Cross-Site Scripting and SQL Injection became my favorite exploits to perform. I remember using DVWA and OWASP Mutillidae Virtual Machines to practice and play around with various difficulty settings to see how good I could get. I also tried IDORS, Command Injection, and File Uploads. I was having a blast.
At the time I was working as a Web Developer and System Admin for a small college. I had been in the IT field for roughly ten years and the majority of my career was at this college. I started off really enjoying myself there, but as time moved on and leadership changes happened, I found myself really depressed. I did not agree with management on a lot of things. Long story short I ended up disliking my job and I wanted a change.
During the summer of 2020 I signed up for a service called TryHackMe. I don’t remember how I came across it, but when I saw it something in me decided to sign up and start completing rooms. I worked through rooms on Web Pentesting and even earned the Webbed badge a few days after signing up. I soon decided this was the path I wanted to take my career. I wanted to become a penetration tester.
I started off doing tons of TryHackMe rooms and learning everything I could. It is hard to remember the exact path I took, but I remember going for badges and being obsessed with them. I was always obsessed with the Xbox 360 achievements and this gave me the same sort of rush.
At this point I came across the various different certifications and knew that if I wanted to break into the cybersecurity field I should obtain some security certifications.
I started my journey to get Security+. This exam honestly really scared me more than any exam I have ever taken. I believe it is because I felt if I failed this exam, it meant I did not belong in this field. This felt like a gateway exam.
I stayed up for hours reading my Security+ book and listening to Professor Messer’s YouTube courses and Jason Dion’s Udemy course and taking practice exams. No matter how well I did on these practice exams, I felt so scared to take this exam.
When the day came I was really nervous. I had to take a number of deep breaths, but I found myself in a good grove during the exam.
When it came to the end I finished answering everything I went through and double checked my answers then hit submit… and the last thing that popped up was those stupid survey questions. I hated these because I just wanted to know the results.
After that the results came in and I passed… My first attempt. I was so relieved and happy. I had finally done it. I knew I could make it in this field.
It was at this point I decided to create this site and blog about my journey.
So as I took notes for CTFs I would try and make them into write-ups for this site and share them on my GitHub as well. I wanted to provide resources to the community and show employers I cared about my craft and helping others.
Next began my quest to take the Pentest+. I used Jason Dion’s courses and practice exams again and read from the Sybex book.
While studying and learning about all the Pentest+ I kept reading on Twitter about this super fun and entry level hands on exam called the eJPT. This caught my eye as I was intrigued about the idea of a hands on exam and not just memorizing flags for various pentesting tools.
I signed up for INE and began going over the study materials and all the labs. After a few weeks of studying and doing the labs I took a weekend off and took the exam. I felt comfortable with this exam and the labs because I was working on TryHackMe and Hack the Box a lot. I was working on the TryHackMe 365 day badge, so doing a hacking lab or CTF a day made me really comfortable with the material.
After about six hours in I was able to answer the questions and passed the exam! This was a huge confidence boost for me. I loved this exam and the cost for the exam and course. The exam voucher was $200 and the course was free. I will always recommend this as the starting exam for anyone that wants to be a penetration tester. It is inexpensive and beginner friendly.
After this I went back to study for the Pentest+.
My confidence was a lot higher after having the eJPT and Security+ under my belt. I put in a few weeks of studying and using Jason Dion’s courses and practice exams again and read from the Sybex book.
On my first attempt I was successful in passing the Pentest+!
My advice for both the Security+ and Pentest+ is to go down each objective they give for the exam and if you feel comfortable being able to explain each one to a child and have them understand it, then you should be ready for the exam.
At this point my job was really going down hill. I don’t want to stress on it too much, but I started looking for a new job.
I updated my resume and listed the basic stuff: education, certifications, experience, references, etc. I also added my TryHackMe profile, Hack the Box profile, Blog, and GitHub. I wanted to stand out as much as I could.
I ended up with multiple interviews for various IT positions, but I was still holding on hope for the pentester position.
With some good fortune, though I was able to land an interview to be a pentester. I did a few interviews with the company and later ended up doing a technical assessment along with a pentesting simulation to test various skills and my mindset as a pentester.
After waiting two weeks I was called by the lead pentester and offered a job. It will go down as one of the best moments of my life. All of my hard work paid off and I absolutely love my job.
I am incredibly proud of myself for putting in the time to study and learn as much as I could to become a pentester. The path here was incredibly hard and even though I am a pentester now, I am still studying and prepping for more certifications to hit that next level.
I recently passed the eWPT (which you can read about here) and I am close to taking the eCPPT and later this year I will start studying for the OSCP.
The field is growing and the demand is high for cyber security. If this is a path you want to go down, you can do it!
- I recommend the eJPT and secuirty+ as good starting points.
- TryHackMe is more beginner friendly than HTB.
- I don’t recommend the Pentest+. I feel eJPT was a better use of my time and money. I prefer hands on to memorizing flags and picking “the most correct answer”.
- Create a blog and GitHub and contribute to the community in some way.
- Be vocal on social media and network.
- Make your resume stand out. Add HTB, TryHackMe, GitHub, Blogs, Videos, etc to demonstrate you love this field.
- The OSCP is not required nor is a degree in cyber security required to land a job. I know tons of senior pentesters that do not have the OSCP.
- Understanding basic networking.
- Learn how to make a pentest report.
If you have any questions, feel free to send me a message on Twitter!