If you found your way to this blog post, you are interested in penetration testing and want to know how to begin your career in the field. Whether you are a college student, already in the IT space, or work in an entirely different field, the first and best piece of advice is to just hit the ground running. There is a lot to learn but there are also so many great resources to guide you in your journey in becoming a penetration tester and with any luck, this blog post will be among those outstanding resources.
Where To Begin
With the vastness of penetration testing, it can be overwhelming to determine the most logical starting point. Should you get a course on penetration testing and try it? Should you download Kali Linux and just start poking around your home network?
I would recommend by tackling the easiest task: begin by researching what penetration testing is and the various types of tests performed (examples including web application testing, network penetration testing, mobile, wireless, cloud, physical). Try to research as much as possible on each of these tests and how they differ from one another. With this information, you can better determine which type of testing you would like to begin to develop a better understanding of. This also helps in establishing a baseline understanding of how much there truly is to learn.
Another wonderful place to start finding what you will need to learn are from job listings. Consider searching on LinkedIn for entry level penetration testing positions. In reviewing job listings, you can better understand what qualifications that companies are looking for when hiring penetration testers. However, try not to be discouraged when you find entry level positions requiring 5+ years of experience, as this is the case with many job listings.
Additionally, having some knowledge of computer science is helpful. You do not need to go out and learn an excessive amount of programming languages or anything like that. Rather, focus on the basics in understanding how computers communicate to others, how they process information, how they produce errors codes, etc. This is beneficial in developing a basic knowledge of how computers function; how can you hack a computer if you do not know how a computer works?
One of the best things about this line of work is that the community is incredibly friendly and helpful. Despite the growth in the field, it continues to feel like a very-tight knit community. I have not met a single tester who is not happy to help someone learn more and not excited to do so. Even individuals with seniority at their given companies are happy to share their knowledge and help newcomers out. Do not be afraid to reach out to people in the industry for some pointers or even ask if they know of any opportunities. I guarantee you will find more than you need and if you reach out to someone who cannot help you, they will point you to someone who can. All the while you are making connections on LinkedIn and putting your name out there into the community. This helps in establishing a presence within the field and in your local testing community.
LinkedIn is also great resource to see what cyber security leaders are posting and to consistently updated with what is happening in cyber security. Additionally, there are other forms of keeping up to date with cyber security information, such as following webpages like thehackernews.com, infosecurity-magazine.com, itsecurityguru.com, etc. Reddit is also an outstanding resource where you can use the boards (subreddits) to ask questions to the general community and get answers back. Finally, look at our War Room blog posts, as there is quite a bit that can be learned from here too! We have an in-depth series of posts titled Back to Basics which break down basic attack pathways commonly identified in network penetration tests.
Another fun way to learn more while getting your name out into the community is to also go to cyber security conventions/events such as DEF CON. These events feature some of the best cyber security and penetration testing experts and grants you the opportunity to meet them. Also, recruiters for penetration testing are often present at these events and are looking for people who are excited to learn and actively doing things in cyber security. Additionally, you can add these attended events to your resume. Finally, these events typically have learning sessions where someone will come and speak about a topic in cyber security/penetration testing.
Resources for Learning
You may think that you need to attend a technical college, buy thousand-dollar bundles of courses for certificates, or worse, become an unethical hacker to learn how to hack. This is not the case whatsoever. There is an abundance of free (or cheap) learning. Places such as TryHackMe.com, HackTheBox, VulnHub, and more offer free subscriptions for hands on learning. For example, tryhackme.com offers a subscription where you can learn everything it has to offer for free, as well as pathways like the “Complete Beginner” path to assist navigating beginners on where to begin. This pathway even goes into basic networking and computing and will teach everything from the ground up while also offering users their own machine to hack from for free. Also, because you sign up for these resources, they typically have profiles that can keep track of your progress which you can include on your resume as well.
Another free learning resource is one that a lot of people are familiar with: YouTube. YouTube features many leading penetration testers that consistently post content, including some which offer full courses for free. Also, some universities even post some of their old cyber security lectures for free.
Although you must pay for courses, you can find a valuable learning experience for cheap. Courses are always great some offer a lecture/hands on experience, and some will even offer one on one training with an instructor. It all depends on what you can afford and what you need. There are also quite a few sales that go up for courses in cyber security/penetration testing, you just need keep an eye out for them. Courses are also good for resumes because you get a certificate of completion which you can include to give some credibility on your knowledge.
Capture the Flag (CTF) events are events held by an organization where a network infrastructure or machines are set up to be hacked. People join the event and are provided with the information they need to attempt to take over the network or machines. Usually on these networks/machines there are files with a unique line of characters, called flags. If you find a flag and submit it, you get points. Sometimes a prize is involved with placing high on the leaderboard.
By joining a CTF you can determine what your skill level is and possibly work with other people and learn from them. You can learn techniques, tools, and methodologies from others competing to sharpen your skills. You can include CTF events in your resume to show that you are actively practicing, challenging yourself, and are part of the penetration testing community.
Once you are ready and feel comfortable you can try going for certifications. Most certifications offer bundles that include an exam voucher and some courses to assist you in passing. Certifications are what will make you more credible to a recruiter. There are certifications for all levels and even for specific areas of penetration testing. Do research on what certifications are best suited for you and your level of penetration testing. Some certifications are even free, I will provide a link to some of them below. Keep in mind as well, some companies will pay for certifications and trainings you wish to complete, so go for the beginner and affordable ones first and later go for the more advanced and pricey options. Certifications are great but not necessary to get into a career of penetration testing, although they certainly do help.
Go out there put these things I have shared to use. Begin at a pace that is healthy for what circumstances you are in. My final piece of advice is to never lose the excitement to learn new things. As penetration testers, we are constantly learning. My coworkers and I included are constantly either doing certifications, extra work on TryHackMe and other sites, researching cyber security topics, learning new tools, and of course, finding ways to do what we do better. You will find that starting is the hardest part and then one day, you will find yourself not being able to stop wanting to learn more!
Links to Resources
Hands on Learning:
Fortinet – Cyber Security – First 3 are free!
Other useful links:
This article was written by Noah Godfrey, an RSM Cyber Testing Consultant with four years of experience.