Pivot from Fullstack Dev to Infosec targeting OSCP as first step
dcc
Registered Users Posts: 1 ■□□□□□□□□□
Hey guys,
I'm a fullstack dev looking for a change . I'm kinda of sick of the startup world and decided to enter the info sec realm since I have been interested in this area for quite a while. I figured the most logical step right now is trying to get a job as a web application security pen tester and from there I will see what kind of opportunities will emerge.
So generally my goal is to pass OSCP in order to have a good foundation to build upon. My plan is to brush up all the knowledge I haven't used for quite a while (especially all things TCP/IP) and also acquire some pentest knowledge before starting with the PWK course. So, basically I'm planning to work through some books to cover the basics before starting even starting with the course.
After some research I figured following books should provide a good foundation.
1. TCP/IP: TCP/IP Illustrated, Volume 1: The Protocols 2. The Web Application Hacker's Handbook
3. Penetration Testing: A Hands-On Introduction to Hacking
4. Metasploit Unleashed
Along the way I will also read up all the important stuff about the tools that are used in the course of the books (e.g. nmap).
After that, I guess I'm ready to tackle the PWK course.
In the meantime I'm also planning to look around for web application security junior positions. I'm fine with taking a financial hit at the beginning since I'm lacking expertise in the infosec area. I think worth it considering my dissatisfaction in the world as a developer.
What do you guys think about my preparation plan? Anything you would add or change?
Thanks for your input!
Cheers
I'm a fullstack dev looking for a change . I'm kinda of sick of the startup world and decided to enter the info sec realm since I have been interested in this area for quite a while. I figured the most logical step right now is trying to get a job as a web application security pen tester and from there I will see what kind of opportunities will emerge.
So generally my goal is to pass OSCP in order to have a good foundation to build upon. My plan is to brush up all the knowledge I haven't used for quite a while (especially all things TCP/IP) and also acquire some pentest knowledge before starting with the PWK course. So, basically I'm planning to work through some books to cover the basics before starting even starting with the course.
After some research I figured following books should provide a good foundation.
1. TCP/IP: TCP/IP Illustrated, Volume 1: The Protocols 2. The Web Application Hacker's Handbook
3. Penetration Testing: A Hands-On Introduction to Hacking
4. Metasploit Unleashed
Along the way I will also read up all the important stuff about the tools that are used in the course of the books (e.g. nmap).
After that, I guess I'm ready to tackle the PWK course.
In the meantime I'm also planning to look around for web application security junior positions. I'm fine with taking a financial hit at the beginning since I'm lacking expertise in the infosec area. I think worth it considering my dissatisfaction in the world as a developer.
What do you guys think about my preparation plan? Anything you would add or change?
Thanks for your input!
Cheers