Since graduating from college and embarking on my career as a penetration tester, I've learned quite a bit about the world of penetration testing and offensive security. While I'm certainly no expert - I feel that I've learned some valuable lessons thus far that have helped me succeed as an offensive security professional.
In this article, I'll be sharing some of my top advice for success if you are aspiring to be a penetration tester or aspire to work in the offensive cybersecurity space. This won't be a technical piece - but an outline of broader tips for success. Let's get started!
You don't need to know everything (and you won't)
Cybersecurity in general is a vast sphere of knowledge that encompasses everything from general IT skills (helpdesk and tech support) to advanced threat emulation and exploitation skills (red teaming and malware development). It can be so easy to feel overwhelmed, lost, and frustrated. It's easy to get down on yourself in this field when you find yourself surrounded by people who know all the ins and outs of all the crazy technologies we work with every day. New exploits are constantly being exposed, new technologies are constantly popping up and being implemented. It can often feel like you are fighting a losing battle trying to keep up when everyone around you seems like they are firing on all cylinders. I know I felt this way (and still do from time to time).
The reality here is that you simply don't need to be an expert at everything - and you very likely won't (and that's ok!). Find your groove, study the material YOU need/want to learn and don't worry about looking to the left and right of you.
Learning in this field is a long-distance race, some people can run it fast, and some will run it slow. Some can run fast without breaking a sweat, and some run slower with all they've got. All that matters is that you run at your own pace!
Stay Patient with Yourself
I often found myself frustrated and angry with myself because I didn't know something and felt I wasn't able to hang with some of my more technical peers. This frustration severely hurt my ability to simply just....learn. I was constantly trying to chase the knowledge that someone else possessed instead of simply pursuing the skills and techniques I needed to succeed. After some time I realized I just needed to have a little patience with myself in my studies and my growth, one day at a time.
No matter your skill level or experience level in this field I feel it's crucial to have patience with yourself. Instead of comparing yourself to folks who have worked very hard to get to their level - focus on the things you need to be doing to be where you want to be.
Stay patient with yourself and stay consistent in your work and study. Small amounts of consistent work and study will pay dividends over the longer race.
Find a Group/Network
This one is super important, and luckily for you - it's likely the easiest! The proliferation of social media such as Reddit, discord and Twitter makes this super easy!
Finding a network or a group of friends is CRUCIAL for success in this field. Especially in a world that is largely remote - being able to casually chat, ask questions and learn from others in this field is the BEST way to learn. Here's how to get started:
Find 1 or 2 primary discord servers and call them "home".
Become a "regular", check in, say 'hi' and share resources!
Be a sponge! Ask questions and let others know what you are working on.
Committing to an online community allows you to soak up new knowledge and resources and also opens a door for you to give back and spark some great connections.
Practice Practice Practice
Dedication to practice is what makes elite athlete's the best in their sport! It's the same with penetration testing.
Consistent practice is a non-negotiable when it comes to this field. Admittedly it can be exhausting, draining and frustrating at times, but getting yourself in a terminal, tackling a certification or messing around in a lab is the absolute best way to advance your skills. The hardest part is simply getting started.
Some of my favorite platforms to practice on include:
TryHackMe - https://tryhackme.com/
HackTheBox - https://www.hackthebox.com/
TCM Security - https://tcm-sec.com/
TCM Security's PNPT certification is a fantastic introduction to the skills needed for a penetration testing role - when you are ready to dive into certifications, check them out!
As you navigate the various online learning platforms and communities you will slowly find yourself moving quicker in a terminal, troubleshooting issues quicker, asking better questions and holding valuable conversations with community members. This is a tell-tale sign you are on the right path!
Commit Yourself to the "Craft"
This may sound silly but to be successful in this field you must commit yourself to the craft and take on the persona of an eternal learner. Going back to my first point - you will never know everything, and as such, you will always be learning. The quicker you find comfort in constantly being challenged, the quicker you will be able to progress and grow and tackle more complex problems.
As you begin or progress thru your journey to a career in penetration testing know this:
There will be long nights.
There will be long hours.
There will be times you are tired and confused.
There will be things you do not know.
There will be times you just need to step away from the terminal for a weekend (or longer)
While this might not sound super appealing, it's the feeling you get when you do start getting it and you do start firing on all cylinders and pwning real networks that really makes it all worth it.
While I am no expert in this field - I wanted to reflect on my current journey and provide some key pieces of advice that I found crucial to my success thus far.
If you are aspiring to be a professional in this field I hope you found this advice helpful to some degree. Feel free to connect with me and reach out if you'd like to talk about what you can do to push yourself into a career in Offensive Security!