Hello all,
I currently hold two CompTIA certifications: Security+ and CASP. I am looking to get more into the offensive side of cybersecurity. I will be leaving the military shortly and am currently job searching. Does anyone have any advice on what certifications would be best for a beginner penetration tester? I have been looking into EC Council but the price is outrageous for C|EH. Are the HTB certifications respected by employers? I want to gain knowledge and not just hold a certification that I studied a month for and will data dump all of the information shortly after. What are some good ways to get your foot in the door for a penetration tester job? Would I be better off getting an analyst job in the meantime? If anyone on here is currently working in the cybersecurity field, some advice would be greatly appreciated.
I do not think there are well-respected begginer-friendly certs. It also does take time to learn for those more respected ones. On https://www.kali.org/ you can see courses with certs that you can get if you complete them sucessfully.
On Htb labs you can see job positions that companies post with requirements on certein level or rank if you will, of your acc. To get higher ranks you need to complete the boxes or challenges and many more stuff you have on labs to rank higher. I will remind you that this does take time even if you had all the knowledge that htb academy can give, if you start from zero you will need weeks if not months to get to really respectfull ranks that can get you well paid and secure jobs.
I have an interview for a penetration testing gig next week. Any advice? I have zero offensive certs and the company wants an interview still. Don’t really know what to expect and what questions they’ll ask.
If you have comptia security and casp certs I assume you know all terminology needed to understand what happens behind the screen. Here is a cheet sheat for pentesters GitHub - ivan-sincek/penetration-testing-cheat-sheet: Work in progress..., I mean that is pretty much it, like I said if you want to get little more prepared you can start a penetration tester job role path in Htb academy. All in all just start learning whatever you can it can’t be a waste.
I don’t recommend spending time on CEH. It’s a multiple choice test that doesn’t really translate to real skills. I have several friends who got junior pentesting positions with only INE’s eJPT cert. You could also look at TCM’s new PJPT certification. Its their junior certification, a precursor to PNPT.
IMO, the biggest thing to get the job is proving you have the skills. Being be able to talk through the topics and explain your process will impress interviewers.
Appreciate all of the advice. I’m only trying to get CEH for two reasons. 1. Companies are asking for it. 2. It’s expensive and that’s another cert the military will pay for before I get out. Besides that, I really like the HTB Academy and what their very consists of. I’m planning on also completing the pen tester roll just for the knowledge, but get the CEH for show if that makes sense. I’m all about gaining knowledge and since getting casp, learning a lot of cybersecurity terminology in the process, HTB has painted me a picture to go along with all or the things learned during my casp journey. Crazy how much you learn in two months of HTB. I’ve been studying the pen tester toolbox and practicing with alot of the tools on HTB and even metasploitable. Interview is on Friday, so I am trying to mentally prepare myself for it. My resume is tailored to an ISSM position due to my current experience in the military. Just curious as to why they selected me for an interview without having an ounce of pen testing experience on my resume. Once again, thanks for all of the advice. It’s greatly appreciated. If I land this job I’ll be back on here. Sorry for the long post….