First off, if this is in the wrong place or something, sorry, and do what you must :b
So, I have a question for people here who are currently, or have ever been working as a Penetration Tester, in any capacity, or anyone in the know I guess. I want to move into this area, but am a little lost as to which route I should take. My background is:
- I recently graduated from a CS degree.
- I have no previous relevant work experience.
- I have been mucking around with hacking on sites like HTB and such for years, but only in the last year have I done so with real focus(not just for fun), making a concerted effort to get better.
- I have used Linux for many years and know my way around quite well I would say.
- I have a good working knowledge of programming in general, particularly Python and Java.
- Currently studying for Network+ cert
- Going to go for the OSCP in the near future… well ASAP really.
- Just to round this off, I will say I’m going through various privesc and other pentesting related courses too at the moment, as well as delving into web pentesting. Really trying to up my game in general.
I know there are so many routes a person can take getting into pentesting/security in general. But I see before me, two probable courses. Either the IT route, starting on helpdesk, moving, hopefully before long, to a Network Admin type role, and perhaps Network Engineer, then pivot to pentesting. The other route, would be to get into a SOC as an analyst, and work my way from there. I would very much appreciate any thoughts on this. For instance, perhaps you think one would be better? Perhaps you would suggest something else entirely? Maybe you’d share your journey? Anything at all. Thanks for reading!
It seems blue team type jobs may be more numerous these days, and I definitely don’t want to discount that as a path. However, I imagine these require many of the same skills/knowledge/experience, and I think for someone at my level (level 0? experience-wise) that the routes into this may be the same right now.