I’m aiming this more at experienced pen testers including those that are involved in the recruitment processes for their respective companies in industry.
I have some questions I’m hoping I can get some thoughts on regarding career paths which I’d like to discuss (this isn’t a job hunt).
I’m UK based and am considering transferring from the public to private sector, but my interest is red teaming. I’m just not sure if my current skill set and experience would allow me to get a job as a pen tester.
For the last 7 years I’ve worked on the blue side, focusing predominately around CTI & Threat Hunting. I hold GCIH and GDAT and love spending time on HTB. I get so much more enjoyment out of it. Blue has been boring me for some time now.
I’m aware my current abilities lie well within the junior-mid level pen tester and can accept this would almost certainly come with a pay cut to begin with.
My concern is that I never bothered getting my degree. I’m now considering it, but the degree doesn’t really have any relation to pen testing other than a couple of modules on ethical hacking (which I’m reliably informed are at a really low level). So other than allowing me to apply for jobs that require a degree I can’t see a great benefit. My question really is; would I be better off doing OSCP & OSWE for example, to add to my current qualifications. As well as being relevant, it would also be a shorter timeline at say 6-9 months rather than 18-24 months for my BSc. Would employers look more favourably on OSCP etc than a degree for junior pen testing jobs.
I’d appreciate thoughts on this with significantly more experience.