How to get into pen testing?

Hello all,

I currently work in IT support but my career goal is to get into IT security especially pen testing.

What skills are required to become an ethnical hacker? What certification path should I take?

Many thanks.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

TheFORCE

Study, study, study everything and anything. One of the big certifications is the below. If you want to be a pen tester, you should look at the below site. Learn Kali and Linux.
https://www.offensive-security.com/

Danielm7

More specifically the OSCP on the link above. There are other certs, and other ways of doing it but that's a completely hands on cert that is respected by people who know what it is. What's your network knowledge look like? You do realize you might spend a LOT of time writing reports?

nebula105

Nisseki wrote: »

Hello all,

I currently work in IT support but my career goal is to get into IT security especially pen testing.

What skills are required to become an ethnical hacker? What certification path should I take?

Many thanks.

Hi Nisseki,

Look at your country's job portals and their requirements.

For example, pen-testing in the UK might require that you obtain certifications from CREST.

Work towards that, and learn as much as you can via other means.

Whether it be studying certifications, setting up your own lab, obtaining approval from your management to perform pen-testing internally or boning up on different Red Team and Blue Team books.

And most importantly, never lose sight of that goal.

Mike7

Agree with Nebula15, since you are in UK, you may want to look at CESG CHECK of which CREST is one of the approved certifications. They are bringing CREST certifications to Singapore and possibly making it a mandatory requirement for companies doing pen testing for banks. Which means you may get to enjoy a stint in sunny Singapore with your CREST certification.

UnixGuy

As others have said, certifications and OSCP is king. Lab and learn constantly. Consider adding a web-based certs like eWAPT from eLearnsecurity to complement OSCP

Nisseki

Thanks for the advice.

Now I know what certifications to go for. What skill set is required for a pen tester?

I know strong networking knowledge is one of them. Any programming languages?

Many thanks.

Mike-Mike

I would think getting into Vulnerability Management would lead into Pentesting

Dr. Fluxx

I also have a strong networking background but I have been (programming wise) working with Python. Pretty strong in nmap usage which is also fun. Im also preparing for the OSCP.