My First 6 Months as a Penetration Tester
HTML-код
- Опубликовано: 29 сен 2024
- My experience during my first 6 months of being an penetration tester/ethical hacker. What it is like being in the industry, study plans, how to deal with burnout, OSCP vs real pentests.
![Tee Grizzley - Blow for Blow (feat. J. Cole) [Official Video]](http://i.ytimg.com/vi/wNLN5xsx5dc/mqdefault.jpg)
Nice one mate, starting my first pentesting job in Feb.
As you mentioned I have 0 experience but I did get OSCP, had 2 job offers from 2 interviews. It can be done guys
Very nice, well done!
@Rick James.... OSCP w/o any experience!!!??? That's crazy lol! Any study material advice would be greatly appreciated
💯
Can you tell us more details?
This is great content. Slow and steady wins the race I’ve been slowly learning from free resources for the past 5 years. After graduating college and getting an entry level Cert (PNPT) I landed my first junior role. People need to realize that you need to put in the hours on the keyboard. On the onset your growth will be slow just like anything new. But if you continue doing it for years, you get faster and more knowledgeable. Everything you do starts to compound and grow exponentially the more consistently you work. Great video! I’m only just now starting to see the results from the fruits of my labor
Well said, congrats on your first role and great job keeping it consistent over 5 years. I'm glad it finally paid off for you
Did you get PNPT before or after collage ?
@@mogr488 After
Would you say that the PNPT is a better entry level cert (I'm going for a junior pentester position) than the eJCPT? I ask because I am deciding which is more profitable as a base cert to go after. Thanks.
@@b.m.robertson5959 This is a hard one given the climate of debate for certain entry level "pentesting exams". In my opinion, best bang for your buck is PNPT. But you need to supplement heavily with personal research/projects. PNPT has opened a lot of doors for me. Even at my current job.
Hi Andy, happy new year! Thanks for sharing your experience and thoughts, it's great for someone like me at the begining of pentester journey. Keep up the good work bro. Sub and liked.
Thanks! Glad it helped
I'm a fresh grad with 0 exp in pentest and tech. But after clearing my oscp will I get junior PT job with minimum salary as per market ? (Got the answer, watched the video to end)
Yes it is possible, practice some interview skills too
Great stuff Andy, very motivating. I agree with you in having a physical hobby to balance the time in the office. I'm not a pentester, but I have eJPT and I'm going for eCPPT currently. I hope to do OSCP afterwards, but as you pointed out the burnout can be a real drag. Thanks for the great content, I love your channel.
Thanks, good luck on your studies
It was fun watching this and other videos on what is it like to be pentester and what you do on actual pentest..
Btw its late but congrats on passing OSCP and best of luck on CRTO.
cheers, CRTO exam next week!
I love your content
Dear from Morocco. Continue bro!
Cheers!
I have started my career in cyber security 2 months ago .This week, I have watched almost all your videos especially OSCP .
Please, put the links to your twitter and linked in account so I can follow you.
Great videos
thanks, I have links in the about section on my channel
Hey bro, I'm new to this can you suggest how to start?
TryHackMe.com
@@andyli is it free?
Yes
randomly I found your channel such a great explanation of real-world scenarios I just want to get into cyber as a pentester can you please help mp for that how can I apply from Pakistan. in Australia for the pentester onsite job and the company will give me visa residence for work
I am not sure how to go about getting sponsorship. Some people study here first, transition into a work visa, then to a sponsorship visa
Hey Andy, I appreciate your work and it has helped me a lot in my journey. It would be super awesome and helpful if you made a video where you explained how you got your first pentesting job without OSCP. Cheers!
I put on my CV the prep I have done for the OSCP and was ready to take it right away
@@andyli
Hey Andy,
Good job on your progress and well done on the OSCP pass!
I’m also preparing for the OSCP and I feel like I have a pretty decent knowledge and able to do some easy level CTFs but I’m struggling writing my CV properly.
Is there a chance I could have your pre OSCP CV for comparison?
Yeah I can do a CV video, it is on my to-do list
It will be very helpful if u make a dedicated video on how u manage work hobbies and cybersec studies through ur system.
pretty much go at things at your own pace, slow and consistent over the long term is the way to go
Hey dude! your just like me hahah.
- get obesessed with things 1-2 yers
- train bjj
- currently studying for BSCP
Enjoy your career in cyber dude
Haha nice
Appreciated😁 for your sharing, it is always good to hear form you that situtaiton you facing when you being a newbie pen tester. i guess everyone who works hard for OSCP would worry about their situation with no experience for a pentester job, worry on if they've learned sufficient knowledge to be cope with career needs. And wonder, generally if a pentestor would possibly busier than a software engineer(means OT)?
OSCP translates surprisingly well to a job, even with no prior experience.
I am not sure about how busy pentester vs software dev. My current role feels pretty normal 9-5, not particularly busy overall.
@@andyli good to hear, thx
hi sir i am nitesh kumar from india plz tell me about what package we can get as a entry level penetration tester
and how much it can go after 2 to 3 years of experience
plz tell me
I could be wrong but, entry level maybe 60-80k, after 2-3 years it is probably double that
Have you taken the CEH yet? And what is the highest cert u plan to attain?
Am new in cybersecurity
nice
I start my very first junior pentesting role next week, super excited and super nervious. Thanks for your videos
Cool, I am sure you will enjoy it!
How goes the new job!?
Regarding OSCP exam, which parts very tough & made you think for while before attempting..
The exploits for the exam were not hard, it was a matter of finding them and time management.
I made a video of my OSCP journey if you want to know more.
Ha I have started doing bjj for six months now as well and happy new year to you Andy .
nice one, happy new year!
me.. I force myself to go to the gym twice a day to avoid DVT's lol CARDIO at 6am and gym again with my wife at 5
nice
Thankyou for sharing your experience with us. Keep it up :-)
Cheers
Andy how do you go about on choosing your salary average amount or higher or do some research then be ready to make a decision?
Definitely do some research around market rates online.
Another good way to find out about salaries is to speak to a recruiter in the field you are looking to get into. Generally they will tell you the exact salaries
Try cloud later on in your career…way broader. There’s so much to experience plus it’s the future so it’s innovation is endless.
good suggestion
can the pen tester work as a freelancer?
Hello sir!!! This video was so helpful for me!!! Thank you very much…
But still i can’t understand how to start learning this cyber security based job…
Could you please tell me where i should start it and what are the basics of this career?
And what kind of knowledge i should have?
So could you please briefly give me a description how should i figure out the roadmap for this job
Sir an another thing…i’m still learning in grade 11 in my school
tryhackme.com
Great to hear about your story I am starting in this feild with non IT background I am from Australia can you suggest any tips ? Where I can Start I have started with Hack The Box at the moment done my basics of linux and python I come from NON IT background so it is a bit difficult in times for me Thanks much appreciated mate !
TryHackMe is probably easier to start with. I went from tryhackme > hackthebox > OSCP, then landed a pentester job.
@@andyli What Path would you suggest with THM (Try Hack Me) and Hack the Box
@@powerstock9464 I didn't really follow a specific path, just went from easy rooms to medium difficulty and so on
Great video Andy. Thanks for all the information.
👍
Sir I have a question which programming language should we learn? The language we love or the language industry needs.. Example:Industry needs python but I love Go.
Go is a good language, I wouldn't be too stressed at which one to learn, programming skills are transferable
Are expected to work 24hrs to 48 hrs non stop as the precedent is set by OSCP exams. How many pentesters do you see with life style related diseases ?
You are definitely not expected to work for 24 hours straight on an actual job, it is just like a normal 9-5 job.
It is only for CTFs and Exams, it seems pretty standard to have a 24 hour challenge.
Hi Andy, Awesome video very well done, and informative. I am starting my very first junior pen test role in four weeks time, so super excited! Do you have any advice for the first couple of months in the role? What should I focus on in that time to succeed, and to contribute to the company?
Congrats on the role! Just keep doing what you have been doing to land this role.
You will learn a lot during the first few months. Take notes and focus on areas you are weak on, learn the general methodology that other people use and try not to get overwhelmed with the amount info.
Hey thank you for sharing your experiences :) can you give me some pointers on where to start? I know you mentioned tryhackme which I'm doing now but did you get any other courses? Like INE, cbt nuggets or tcm courses? Or any good comprehensive course while I'm doing tryhackme just to learn better and faster. I'm pretty new but I do have fundamental knowledge of py and ccna and basic Linux commands but 0 when it comes to bash.... Pls give me some advice on where to go or what to study after or besides tryhackme. Thank you
I would recommend TCM if you want more structured courses. Go through his free videos on RUclips first.
@@andyli getting TCM courses now! lol thanks Andy oh and please if you do come up with some ideas about good resources to study and stuff please do make some videos :)
What helped you more THM or HTB?
Both, THM is good for getting started, HTB for more exposure to the types of exploits that are possible
@@andyli did you do proving grounds as well?
Yes, check out the OSCP study guide video for a full list of resources
Is degree important for cybersecurity/ Ethical hacker?, i am persuing a non-tech degree. So earning certifications will be enough or should i switch degree i am really confused.
Self learning and experience count for more than a degree.
@@andyli so my degree dosen't matter until i have experience?
It is hard to get a job with a degree by itself. You should supplement it with practical skills such as doing CTFs or practical certifications
@@andyli okay ok i got it now can you make which certification should a beginner prepare for and then after more certification/diploma can make a list this would be really hellp ful. "sorry for bad english"
1.5x highly recommended but seems normal 🤣
lol good call
@@andyli just for fun 😇🤗 and i'm a noob in ethical hacking 😁
Can you get remote job or it’s always onsite?
There are plenty of remote jobs available
Hello Andy great to hear about your experience with pen testing. I do have a question. I’m looking at starting a career in this field and looking at doing the ejpt certification first. Is there anything else you recommend to get started down this path?
I have not done the ejpt, but to learn pentesting in general I would recommend start practicing on tryhackme.com. For information about ejpt specifically, there are a lot of videos on youtube where people talk about how they passed the exam.
Hello Andy,watched your video was very informative, am really interested diving into this career but don't know how to go about it. Am an undergraduate student studying computer science in 3rd year
CompSci is a good background for cyber. Take a cybersecurity course if there is one and do some practical exercises on tryhackme.com
Hey, Andy. Was a great video to watch because of you sharing your overall honest experience as a pen tester. I'm curious to know the name of the company that you work for. Subscribed to your channel for future videos just like this.
Good day mate.
Thanks, I was working at CyberCX
Happy to learn from u ❤️
🤗
Can you point out the pricing structure of the pentests?
Sorry, can't say. It is expensive 😬
Thank you for sharing Andy!
:)
Why dont you go for OSWE?
That is on the to-do list, maybe late 2022
Did you programming with some language before?
yeah Java/python
What were the extra things you had to learn for your pen test job
More certifications, doing CTFs and homelab new exploits
What is the salary of an eJPT certified pentester?
salaries are different for each country, have a look at entry lv pentester salaries in your country
So epic and superb :) I love it :)
:)
How much you are earning per day or per month?
I made another video on pentester salaries
@@andyli link plz
Currently working a (not so great) gig as an associate security consultant, but pentesting has been what I've wanted to do for years. Do you think there are particular skills that will really open that particular door? I have heard that AD is a big one, so I've worked pretty hard learning how to break that, but I would love to hear your thoughts.
You can get into pentesting by studying AD or AppSec (bug bounty), these would be the two big areas you could focus on. You could also just get the OSCP, very likely you will be able land a job after that since you already have security experience