Road to becoming a Penetration tester (Red team)
[Deleted User]
Senior MemberPosts: 0 ■■□□□□□□□□
in Off-Topic
So almost 3 years have gone by since I graduated from college and boy did I learn a lot about myself and where I want to take my IT career. I first started off wanting to become a network engineer and getting my CCIE. After working, my gears shifted to becoming a penetration tester/Red team. When I first started this journey, I didn't know anything about penetration testing. Heck, it took me 3 hours to learn how to use Metasploit at a basic level with ms08-067 (I know scary stuff). My journey first started with obtaining the CEH certification after paying 2k for a bootcamp. This got me started in learning more about penetration testing. From here, I started practicing with Vulnhub and reading magazines from Hakin9 and signed up for the OSCP back in September 2016. I did fail the OSCP recently. However, I had enough for 50 points out of the necessary 70. During this time since graduating, I spent everyday after work and my weekends studying and challenging myself to get new certifications and gain more knowledge. Since graduating college (coming on 3 years in June) I obtained multiple certifications with some of my prized certifications being GPEN,GCIH and the LPT. My new job has even gotten me to the point where I have compromised systems with shell access. Hard to believe that 3 years ago I didn't know how to use Metasploit or what a reverse/bind shell were and now have 3 well known industry certifications demonstrating my knowledge in this field. Even wrote my own MSF auxiliary module. Since all this studying, I quit my old position in SOC and obtained a new job as a Security Analyst/Specialist with my next goal becoming on the Red team. To anyone who thinks it is impossible to reach your goals/dreams, YOU CAN DO IT!!! I still have a journey ahead of me to get on Red team and obtain the official title of Penetration Tester but all in due time. It has gotten to the point where I am training the others on my team how to do penetration testing. Hard work and dedication will always win and shine! When you take a shortcut, you are only cheating yourself and your potential!! This place has been a great inspiration for me to keep studying and reach my dreams! Live long and prosper!! Enjoy the upcoming holidays and set your goals for next year and finish this year strong. Now back to studying for ECSA before years end!
Comments
-
Mike7 Member Posts: 1,114 ■■■■■□□□□□Very inspiring. I am sure you will pass ECSA and nail OSCP the next time round.
-
[Deleted User] Senior Member Posts: 0 ■■□□□□□□□□Thanks Mike7 for the kind words! Yeah finished the ECSA practical and started reading for ECSA written. It's crazy how far I have come within 3 years. OSCP I think will be next year or the year after. The only limit is what someone sets for themselves!
-
higherho Member Posts: 882Good post! You will pass the ECSA, it is much easier than the OSCP. It is all about learning and how to use that knowledge and turn it into something practical. I do pen testing at my job and here is my advice; people have to realize it is not only about the theory, tools, and being narrow. It is about being able to think out of the box and putting yourself out there. Granted I started off in a cyber systems engineering role before pen testing but everyone has a different way to coming into this field. Enjoy and have fun!!!
-
[Deleted User] Senior Member Posts: 0 ■■□□□□□□□□Thanks everyone! Yeah I do pen testing on my job. It's just not the Red team real world threat simulation side where we have actual engagements. But my title technically per HR is security analyst. Some say that Red team and pen testing are 2 different things and some say they are the same. I'm just hoping to get the title of Penetration tester / red team member.
-
NuclearBeavis Member Posts: 79 ■■□□□□□□□□What got you interested in the ECSA? You already have LPT, which according to EC Council, is a more advanced cert.
-
McxRisley Member Posts: 494 ■■■■■□□□□□A Red Team is really a DoD only thing. While many companies have what they call red teams, they are not actually real red teams unless they are certified and accredited by the NSA. As someone who is a former red team member, I give you this advice. STAY FAR AWAY FROM DOD PENTESTING ALTOGETHER. Stick to the private sector and you will be much happier in that job field.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
-
katawia Member Posts: 27 ■□□□□□□□□□Yep, same here...I checked the ec council website and the sequence is: ceh->ecsa->lpt
So, how come you want to do ecsa when you already have lpt?
Are we missing or misinterpreting your statements? -
NuclearBeavis Member Posts: 79 ■■□□□□□□□□So, how come you want to do ecsa when you already have lpt?
-
MrAgent Member Posts: 1,310 ■■■■■■■■□□As someone who is currently on a DoD red team, I will say that red teaming and penetration testing are definitely not the same thing.
-
McxRisley Member Posts: 494 ■■■■■□□□□□As someone who is currently on a DoD red team, I will say that red teaming and penetration testing are definitely not the same thing.
A very valid and important point, just realized I referenced it as pentesting because most do but they are definitely different.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.