This year, I gave a talk at GenCyber at the Alexandria Technical College in northern Minnesota. As an all-week camp hosted for middle and high schoolers, it was a great opportunity to meet our next generation of potential cybersecurity professionals. I had a great set of questions this year about getting started with my particular career, so I wanted to compile some of those answers and learning resources together for those students and anyone looking to get into cybersecurity with a focus on offensive security.
Let it be noted here, that we have a bunch of interviews with our experienced, well-rounded, interesting, and exciting penetration testing team. Each one has its own story with great advice, so take a look at those too!
How To Become A Penetration Tester
When breaking into a new cybersecurity career, it might be difficult to understand where to start. If you have the drive to learn a bit more, take a stab at learning and really diving into the community. This list is not meant to be exhaustive, but these resources are a great starting point for anyone:
- TryHackMe – A training platform for getting started on a wide variety of offensive cybersecurity topics.
- Hack the Box Academy – Another training platform for getting started on a wide variety of offensive cybersecurity topics. Pick the platform that works best for you!
- Portswigger Academy – An awesome free site that teaches specific web application vulnerabilities with practice labs. It also levels up your skills by downloading Burp Suite, one of the most commonly used web application pentest tools. We have more Burp Suite blogs here.
- Search out some great blog and social media presences – Krebs on Security, watching Tib3rius on Twitch, and our own White Oak Security blog are just the beginning of the resources you can follow. Jump into some popular cybersecurity Discord servers that match up with your interests.
Penetration Testing Career Path Suggestions
The core function of cybersecurity in the workplace is to protect business operations and ensure that people and computer systems are protected! When finding your first jobs (either in high school or in college), I just recommend you find any IT job or internship! I got started cleaning and imaging computers in my high school and my career has just expanded from there. It is important to work with other people in the industry and understand how security plugs into all IT operations. You never know when the right mentor or personal networking connection may come along to give you the right nudge into cybersecurity.
Cybersecurity Opportunities In High School, College, & Community
If the opportunities are available in high school, take any IT-related course where possible. I was lucky enough to take Cisco networking classes that transferred directly to my college education.
When you’re ready for college, take the time to research multiple locations! Colleges have expanded their cybersecurity programs in recent years. I would personally find a college that covers a wide range of IT topics in addition to cybersecurity. Programming skills are not necessary but they are a great addition to your skills. You may not know where your specific career path will take you, but having a wide range of classes and theories will help your chances as you grow.
Collegiate Cyber Defense Competition (CCDC) – This competition is based on the concepts of ‘blue teams’ versus ‘red teams’. As a college student competitor, your blue team learns about an unknown business’ IT network, need to defend it, and keep up normal business operations like updating a website or creating user accounts. You gain points by being successful in these tasks and compete against other college teams performing the same task. In the meantime, a red team attacks your network like real attackers breaking your websites, stealing information, and causing general mayhem. This was one of my favorite events for learning about cybersecurity and the CCDC experience has proved to be helpful in my career multiple times.
If your college also has any other IT or cybersecurity opportunities outside of the classroom, try to pick those up as well! In many community colleges, the Business Professionals of America (BPA) offer IT-based competitions and networking opportunities to meet other like-minded students and professors.
Speaking of networking, attend a local hacking or cybersecurity group! For those in the Twin Cities, check out DC612. Sometimes local cybersecurity conferences like Secure360 have student discounts or scholarships to make it easier to attend.
Penetration Testing Certifications
Obtaining a certification shows that you have a specific set of skills in one specific area or multiple areas. Depending on any future jobs you apply for, they may look for different certifications. Here are a couple of basic certifications to help you get started:
- CompTIA Security+ – This is a baseline certification that covers a wide range of basic security roles and is a great introduction to entry-level cybersecurity jobs.
- OffSec Certified Professional (OSCP) – This certification course includes a lab that teaches the basics of pentesting methodologies and is a great way to show you can handle offensive testing roles
- Burp Suite Certified Practitioner – This is a newer certification, but it shows that you are proficient in complex web application pentesting using Burp Suite.
Becoming A Pentester
This was not meant to be an exhaustive list, but I hope this information was helpful for those looking to get their first start in the cybersecurity field! We have multiple blogs on advice for starting or advancing your pentesting skills, as well as interviews with our experienced pentesters here at White Oak Security.
MORE FROM WHITE OAK SECURITY
White Oak Security provides deep-dive offensive security testing. We are a highly skilled and knowledgeable cyber security and penetration testing company that works hard to help organizations strengthen their security posture by getting into the minds of opponents to try to protect those we serve from malicious threats through expertise, integrity, and passion.
Our unique industry experience allows us to offer a wide range of services to help analyze and test information security controls and provide guidance to prioritize and remediate vulnerabilities.