How to get into pen testing?

NissekiNisseki Member Posts: 160
in Other Security Certifications
Hello all,

I currently work in IT support but my career goal is to get into IT security especially pen testing.

What skills are required to become an ethnical hacker? What certification path should I take?

Many thanks.
· Share on FacebookShare on Twitter

Comments

  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Study, study, study everything and anything. One of the big certifications is the below. If you want to be a pen tester, you should look at the below site. Learn Kali and Linux.
    https://www.offensive-security.com/
    · Share on FacebookShare on Twitter
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    More specifically the OSCP on the link above. There are other certs, and other ways of doing it but that's a completely hands on cert that is respected by people who know what it is. What's your network knowledge look like? You do realize you might spend a LOT of time writing reports?
    · Share on FacebookShare on Twitter
  • nebula105nebula105 Member Posts: 60 ■■■□□□□□□□
    Nisseki wrote: »
    Hello all,

    I currently work in IT support but my career goal is to get into IT security especially pen testing.

    What skills are required to become an ethnical hacker? What certification path should I take?

    Many thanks.

    Hi Nisseki,

    Look at your country's job portals and their requirements.

    For example, pen-testing in the UK might require that you obtain certifications from CREST.

    Work towards that, and learn as much as you can via other means.

    Whether it be studying certifications, setting up your own lab, obtaining approval from your management to perform pen-testing internally or boning up on different Red Team and Blue Team books.



    And most importantly, never lose sight of that goal.
    · Share on FacebookShare on Twitter
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Agree with Nebula15, since you are in UK, you may want to look at CESG CHECK of which CREST is one of the approved certifications. They are bringing CREST certifications to Singapore and possibly making it a mandatory requirement for companies doing pen testing for banks. Which means you may get to enjoy a stint in sunny Singapore with your CREST certification. :)
    · Share on FacebookShare on Twitter
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    As others have said, certifications and OSCP is king. Lab and learn constantly. Consider adding a web-based certs like eWAPT from eLearnsecurity to complement OSCP
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

    · Share on FacebookShare on Twitter
  • NissekiNisseki Member Posts: 160
    Thanks for the advice.

    Now I know what certifications to go for. What skill set is required for a pen tester?

    I know strong networking knowledge is one of them. Any programming languages?

    Many thanks.
    · Share on FacebookShare on Twitter
  • Mike-MikeMike-Mike Member Posts: 1,860
    I would think getting into Vulnerability Management would lead into Pentesting
    Currently Working On

    CWTS, then WireShark
    · Share on FacebookShare on Twitter
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    I also have a strong networking background but I have been (programming wise) working with Python. Pretty strong in nmap usage which is also fun. Im also preparing for the OSCP.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.