Penetration Tester Certificates

Ethical Hacking

Company: Ethical Hacking Home Lab
Project URL: https://github.com/ericktafel1/Ethical-Hacking/tree/main/hackthebox-htb

Roadmap to Penetration Testing

As I began my journey, I was unsure where or how to start. I was intimidated by others in the field. I was told cybersecurity is a field one enters after years of experience in Network or System Administration. With an Accounting degree and a couple of years of experience at an Accounting firm, I was deflated. But I was still hungry for my career.

I made some amazing connections in my community, individuals who were once in the same boat and some who were quite experienced. I cannot thank them enough for inspiring me and passing on the tips they had. If you are reading, you all know who you are, and thank you!

From these discussions, further research, and engagement in discord communities, it was revealed to me that it is possible to get into the field. It will take dedication and discipline, but it is possible.

Develop the Fundamentals

It is worth noting that all paths into Cybersecurity are different, mine should be a good example of this. Reading further, take my path with a grain of salt. You may want to study more in one area or skip certain certificates if you have the experience.

To begin, I thought it would be best to learn programming. Understanding how important it is to secure a website, I learned HTML, CSS, and JavaScript first. You can view my websites made in codepen here and their source code here. I then learned Linux from hands-on practice and the LinuxFoundationX Introduction to Linux course.

It was at this point I was starting to realize that I needed more structure. I found a useful roadmap online and decided to tackle the CompTIA trifecta. Studying using free online resources and cheap practice exams, I was able to pass CompTIA A+, Network+, and Security+ exams, and a couple of months later I passed the CompTIA CASP+ exam.

Realization and Pivoting

At this point, I felt ready to apply for entry-level positions. Looking for Junior job postings for Cybersecurity Analyst, SOC Analyst, Penetration Tester, System Administrator, and Network Administrator. I chose these since that is what CompTIA states the certificates can prepare you for.

With little luck, I became worried. One morning, I came across the Google Cybersecurity Professional course. It was highly advertised to me and for a cheap monthly subscription, I could learn the contents, build a portfolio, and obtain a certificate.

I pivoted, and I was feeling hopeful again as the portfolio I built was strong. I learned how to handle Security Incidents, conduct Security Audits, use SQL queries, write Python Algorithms, conduct Vulnerability Assessments, and more. However, I was still not landing any interviews.

You can view my portfolio here, my python code here, and my collection of scripts I have obtained, and some of which I have written, here.

Talking more with the connections I developed in the discord communities and in person, I became more aware of the TryHackMe and HackTheBox platforms. So, I began with TryHackMe as it is more beginner-friendly. I completed rooms and their Christmas events, Advent of Cyber.

I then moved on to HackTheBox, my most recent pursuit of knowledge. I completed, through HackTheBox Academy, the HTB Information Security Foundation skill path.

Current Objectives

In relation to certificates, my goal now is to complete the Penetration Tester job path, which includes challenges, and active and retired machines. Once completed, I will pass the Certified Penetration Testing Specialist (CPTS) exam offered by HackTheBox. From my connections and what I have read online, it appears that the CPTS is better than the "HR filter certificate", OSCP. CPTS is reported as being more realistic and thus more difficult than the OSCP. However, the OSCP being a 24-hour exam seems to me it may be harder.

Regardless, I am determined to pass the CPTS in preparation for the OSCP. From there I will consider further penetration testing certificates (most likely OSCP), or if my employer requires a specific certificate, I will shift gears and tackle them.

Something I was told and often comforts me when I am stuck or feeling inexperienced is this:

"Be comfortable with being uncomfortable. The imposter syndrome will never go away."