In this video, Marc Menninger explores an example career path for a woman wanting to become a penetration tester. Explore the steps Eve takes as she progresses from IT hobbiest to help desk technician and finally penetration tester. Discover the process she follows to prepare for and pass the OSCP certification exam.
- [Instructor] There are many paths someone could take to become a penetration tester. Let's take a look at one example career path from IT hobbyist to penetration tester for a woman I'll call Eve. Eve always had a strong interest in computers and security. She had a computer as a kid and instead of using it to play games, she would tinker with it to find out how it worked. She taught herself how to use the Windows command prompt and experimented with various commands. She would dismantle her computer and ask her dad what all the parts inside were.
In high school she joined the computer club and started building her own computers. Soon she had a small home network with a server and workstation which she would configure to be as secure as possible. After high school, Eve landed a job as an entry level IT help desk technician. During the day she solved problems for end users and at night she would study computer networking. Her favorite part of the job was learning how to use tools like Nmap and Wireshark from the network engineers.
Sometimes she would help the networking team troubleshoot issues. Eve heard about a job as a penetration tester and it sounds like a dream job to her. It would be a way she could have fun with her computer networking and security skills, and get paid for it. Eve researched penetration testing jobs and found that many would require the OSCP certification. She saved her money and took the online Penetration Testing with Kali Linux training course which is required before taking the OSCP exam. The course was 90 days of working in an online lab, hacking servers.
Eve learned how to use privilege escalation, cross site scripting, SQL injection and other tactics to comprise servers. She found the course challenging and educational. After 90 days she took the OSCP exam. It was a 24 hour marathon to hack as many servers as possible in a lab environment. She hacked the servers for 24 hours straight and sent her results back to offensive security, not knowing if she had passed. She was elated to find out a few days later that she had.
With her years of hands-on computer networking and security experience, plus her OSCP certification, Eve was hired as a junior penetration tester for a large security firm. All that's left now to decide, is if she wants to stay a penetration tester or pick another role on the career path such as consultant, engineer, or architect.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- Understanding the job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself