Breaking Into Penetration Testing

Introduction

This blog is for those looking to get started in offensive security. As the newest penetration tester at SynerComm, I recently broke into the field myself, and I’d like to share some tips and resources that helped me along the way.

The Basics

At the beginning of your journey, it's crucial to build a strong foundation. You may start as simple as learning the basic components of a computer, the different ports and protocols, or routing and switching. There are several resources out there but I began by earning CompTIA’s Network+ certification, setting up virtual machines, and configuring devices in Packet Tracer. Certifications, whether it's A+, Network+, or other entry-level options, are a great starting point because they provide a structured path for learning. While you still need to put in the effort to understand the material, certifications eliminate the uncertainty of "what should I learn next?" Plus, they make a great addition to your resume.

Another foundational skill is the ability to learn independently. It may sound obvious, but actively seeking knowledge on your own is crucial in this field. Instead of immediately asking someone for an answer, take the time to research and troubleshoot on your own. Developing this habit early on will benefit you tremendously. Of course, if you truly need assistance, asking questions is fine, but always try to resolve issues or find answers yourself first.

Additionally, as you embark on this journey, remember that being a penetration tester requires more than just technical expertise. Soft skills are equally important. You will often interact with clients and must be able to communicate effectively. The ability to explain findings clearly, provide actionable recommendations, and collaborate with others is a critical part of the job.

Starting to Hack

Once you have built a solid foundation and are ready to dive deeper, I recommend starting with the TryHackMe (THM) platform. It offers several beginner-friendly challenges that teach the basics of hacking, gradually increasing in difficulty as you progress. This is where I began learning to hack, and I found it to be incredibly valuable.

Once you feel comfortable with THM and are looking for a greater challenge, HackTheBox (HTB) is an excellent platform to sharpen your skills. The machines on HTB are often much more difficult but also highly rewarding to complete.

A good platform to learn more about web application security testing is PortSwigger Academy. It provides excellent content that includes hands-on labs. The topics will teach you about various web application vulnerabilities as well as how to exploit them. The knowledge gained from this platform translates well when performing external penetration tests.

For those interested in a Capture The Flag (CTF) style learning experience, pwn.college is a great resource for both beginners and experienced individuals. It was created by Arizona State University (ASU), it covers Linux, web application hacking, reverse engineering, and binary exploitation. The platform even includes ASU lecture content. I have been using it recently, but if I could go back, I would have spent more time here earlier in my career.

In addition to these platforms, there are several great content creators who make hacking-related videos. These can be useful for supplemental learning when exploring a specific topic or even just for entertainment. Some of the creators that helped me when I was getting started include John Hammond, IppSec, and NetworkChuck.

Capture The Flag

Once I had developed some skills, I became interested in CTFs. I came across a post on Reddit from a CTF team looking for new members and decided to join. Participating in CTFs with a team was a great learning experience, as each member had different strengths, and we were able to learn from each other.

If you're interested in getting started with CTFs, picoCTF is a great introduction that you can do solo. Their "picogym" is available year-round and offers challenges for all experience levels. CTFs are a fun way to learn new skills while also developing critical thinking. Overall, they are a great learning tool.

If you enjoy CTFs and can join or start a team, I highly recommend it. Being part of a team helps you build collaboration skills and allows you to learn from your peers.

For previous CTF challenge write-ups, team creation/joining, and a list of upcoming events, check out CTFTime.

Gaining Experience

For some, this point may come earlier or later, but after earning a few certifications and gaining self-taught experience, I began searching for jobs. My first roles were in IT support and systems administration. While I wasn't working as a penetration tester, I still gained valuable knowledge that continues to benefit me in my career.

In my previous roles because I had some background in cybersecurity and the organizations were smaller, I was given the opportunity to perform vulnerability assessments, configure cloud-based security controls, and work on other security-related tasks. These experiences aligned with my long-term goals and helped me build relevant skills.

It's important to remember that you may not start in your ideal role right away, but the skills and knowledge you gain along the way will ultimately help you get there and will remain valuable throughout your career.

Obtaining The OSCP

After three years of studying cybersecurity and gaining some workforce experience, I began preparing for the OSCP. The OSCP is a way to validate your offensive security skills to potential employers. It consists of a 24-hour hands-on penetration testing exam, followed by a written report detailing your findings. Most penetration testing jobs require or strongly prefer this certification, making it a significant milestone in your career.

To prepare, I primarily used HTB and Offensive Security's labs. I frequently referenced TJ Null's list for machines similar to those in the exam environment. If you're preparing for the OSCP, you’ve likely completed several HTB machines and have developed a basic methodology. Since that was the case for me, I focused on pivoting between networks and learning Active Directory exploitation.

Unfortunately, I failed my first attempt. However, I didn’t let that discourage me. I treated it as a learning experience, studied even harder, and refined my approach. By the time I attempted the exam again, I was much more confident and better prepared. This time, I successfully completed all the machines and passed the OSCP.

Landing Your First Role

At this point, it’s only a matter of time before you land your first role. If you have a well-structured resume that clearly outlines your skills and experience, start applying for Junior Penetration Tester positions. The site NinjaJobs is a great place to find cybersecurity job listings.

Once you secure an interview, the best advice I can give is to be yourself and be honest about your experience and skill set. If you are truly passionate about this field, you will eventually land a role. It may take time, but if you continue striving for improvement, it will happen.

A year after obtaining my OSCP, I joined the team at SynerComm as a Junior Penetration Tester. While achieving this goal was a major milestone, I still have many more I want to accomplish. Keep pushing forward, stay curious, and trust that with dedication, you will end up where you need to be. 😁