Hi there,
I am a student of software engineering just cleared my 4th semester. I’m not interested at all in app/web development, rather hacking & pen testing fascinates me a lot. So far I’ve studied C++ , python & sql. These days I’m learning EH from a youtube page. Seniors, what else should I do to become a good EH?
@YanTayga well, here in SE we usually look forward to app/web development. Will it help?
I only have ~1 year experience in infosec, finished a CS/SE university and got Security+ certification, but I’ve been promoted to a Junior Penetration Tester role. In my opinion, the easiest way to get into pentesting is by having a background in security.
This can be easiest to accomplish by having a job in cybersecurity, best of which would be Level 1 Security Analyst. It would also give you high chances if you hold a certification like OSCP, which can assure the employer that you have some practical skills besides the theory.
For beginning what I would recommend is to study CCNA1 or Network+ and get certified as CCENT / Network+. Then, study for Security+, get certified as that. Now you should have the basis in networking and security. This is the first step.
If you’re not currently working, try finding a job in cyber security. Even if it is “just” support or beta testing. When you finish university, you then already have experience in cyber security. Plus, working in the sector forces you to adopt a security-related mindset.
Get as much experience as you can.
Read or otherwise “obtain” books on security- Web Application Hackers Handbook, McNab’s “Know Your Network”, Hacking Exposed books, etc. Alot of the No Starchpress security books are amazing imo and they usually end up going on sale on Humble Bundle.
Test your skills on vulnerable machines. There are literally hundreds of vulnerable machines out there you can mess around with, everything from commercial solutions like Hack The Box, AttackDefence, PentesterLab, etc to Vulnhub OS’s and Vulnerable By Design application (OWASP juiceBox, WebGoat, DVWA, DIVA (apk), ■■■■ Vulnerable iOS app (ios), Google Gruyere…)… the list of areas for you to hone your skills are enormous.
If you have the money to and you are close to locations where security conferences are run, they’re a great place to network or find prospective companies willing to take on “noobies” and train them up. Plus you can usually find people there willing to share knowledge.
And don’t forget to appreciate how much you do know and give yourself credit. Impostor syndrome in this industry is crazy.
~4 years experience in the industry and still learning
Type your comment> @abrewer said:
Get as much experience as you can.
Read or otherwise “obtain” books on security- Web Application Hackers Handbook, McNab’s “Know Your Network”, Hacking Exposed books, etc. Alot of the No Starchpress security books are amazing imo and they usually end up going on sale on Humble Bundle.
Test your skills on vulnerable machines. There are literally hundreds of vulnerable machines out there you can mess around with, everything from commercial solutions like Hack The Box, AttackDefence, PentesterLab, etc to Vulnhub OS’s and Vulnerable By Design application (OWASP juiceBox, WebGoat, DVWA, DIVA (apk), ■■■■ Vulnerable iOS app (ios), Google Gruyere…)… the list of areas for you to hone your skills are enormous.
If you have the money to and you are close to locations where security conferences are run, they’re a great place to network or find prospective companies willing to take on “noobies” and train them up. Plus you can usually find people there willing to share knowledge.
And don’t forget to appreciate how much you do know and give yourself credit. Impostor syndrome in this industry is crazy.
~4 years experience in the industry and still learning
Thanks a lot bro. I got it
Do not worry. You can learn Ethical Hacking Course online. Go visit