Introduction and Planning

My Journey to Penetration Testing: Week 0

In about two years' time, I want to become a penetration tester. That means going through the necessary training, experience and certifications to call myself a (junior) penetration tester. This project is going to supplement my day-job as a Cybersecurity Consultant at EY and I will do this on my free time.

Why a journey?

I want to document my journey into penetration testing. The path is long and difficult and looking back to where one came from is often a motivation booster when you feel like you're plateauing.

I also want to feel accoutable to you guys somehow. If I have to document every week my progress and my failures, I feel kind of obligated to follow through, yet another good reason to talk about it.

Lastly, I think that in my network there's a lot of seasoned and acclaimed pentesters and having the opportunity to have some advice along the way is just amazing… but they have to read my stuff first!

Why Pentesting?

Could have chosen anything. Cybersecurity Analyst, Forensics, Cryptography, Secure Software Engineering, Network Security Engineer, etc. I chose Pentesting for two reasons:

1. On the side, I like to complement my day-job with an opportunity to just build and break things. Kind of a inner child feeling. I thought the path that looked the most thrilling (and
2. I will browse through most of Information Security during my training, be it Application Security, Network Security, Programming, Scripting, Social Engineering, etc. That is a great overview of Information Security while learning Information Insecurity.
3. I like when the path to expertise is more or less set. I know what to watch, what to read and what to practice on. That is a game changer for me because in the day of information overload we often lack the direction and the guiding needed to achieve our goals the most efficient way.

Week 0?

This week is just to get started on the path and introduce my journey, serious stuff is starting next week.

The Plan:

• In 3 months: Complete The Complete Beginner Network Penetration Testing Course for 2019 by The Cyber Mentor
• In 6 months: Complete the Web Application Pentesting Course as well as the walkthroughs for the boxes in the Pentesting for n00bs series by The Cyber Mentor once again.
• In 9 months: Take the Penetration Testing Student Course by eLearnSecurity and pass the eJPT (Junior Penetration Tester) certification.
• In a year: Take the OSCP course and certification by Offensive Security.
• This looks pretty good already, will update later with the second year milestones, I don't even know where all of this is going to lead me!

A lot of work. I will include my readings, the videos I watched and the material I used which was outside the scope of this grand plan. Hope to be able to allocate at least 15 hours a week to this endeavor, this might be fluctuating from week to week but that's the goal nonetheless. This amounts to about 800 hours a year and 1600 hours in two years. Not bad IMHO to build proficiency in a skill.

I will try to divide my time between 1/3 learning and 2/3 applying and testing. Deliberate practice is the only fail-proof way to mastery and I will use this to increase the command I have over the material.

Coming next

Will start my journey with the first lesson. On the program: Using a virtual machine and some introductory Linux. See you next week :)