Jr Pentest interview next week

I received a call back today for a Jr Pentesting gig, there's a quick 20 minute phone interview sometime early next week. I know a senior pentester at the company, so that definitely helped me getting in an interview..now it's up to me to close the deal..

This weekend I plan to ( I have the next 5 days off, so I can get a good amount of studying done)

* download metasplotable and find vulnerabilities...then write small reports about my findings
* Possibly buy the eCPPT course because it takes over a week to get signed up for OSCP
* go over BASH and possibly python

I'm not getting my hopes up but it's still cool to be given the chance for an interview.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Iristheangel

Fingers crossed for you! Good luck!

jamesleecoleman

Good luck!!!!!

N2IT

That's what you want that's going to be sweet!

Good luck!

YuckTheFankees

Thanks everyone, I'm definitely nervous but I'm hoping my drive/motivation and personality will make up for the lack of experience.

jamesleecoleman

I hope you don't mind me asking but what is your experience?

YuckTheFankees

1 year of Linux/Networking + 3-4 months of Computer Forensic + 4 years of Finance

Do you recommend the eCPPT course?

docrice

Enthusiasm and motivation is a big part in the hiring factor for an infosec position, on my opinion. You need applicable skills as well, of course, but if you can show that you have sufficient drive, it might get you in the door permanently.

jamesleecoleman

I cannot recommend the eCPPT course because I haven't completed the course or read through all the material. But I think that this course has been good so far. You might need to find some extra resources to help you study.

I'm not trying to be difficult or anything but I feel that any course can help someone with a future job. I don't want to tell you that I think you should take the course and then you be disappointed in it. I would honestly feel bad because I felt like I helped you wasted your money.

YuckTheFankees

Understandable but thank you for your input thus far.

jamesleecoleman

Its no problem.

YuckTheFankees

So I just bought the eCPPT course..this will definitely help prepare for the interview. The labs are pretty cool

the_hutch

Awesome. Let us know when you hear something back. Hope you land it

onesaint

Awesome to hear. I really hope it goes well and kudos on the preparation.

jamesleecoleman

YuckTheFankees wrote: »

So I just bought the eCPPT course..this will definitely help prepare for the interview. The labs are pretty cool .

Awesome! Maybe we can help each other out. Did you get the 30 day or 30 hour Hera lab?
I haven't done any lab time yet.

YuckTheFankees

Sounds good. I bought the 30 day lab for Hera and Coliseum. I'm going through the network and web application security 1st, then I'll move to the C++/ASM modules.

jamesleecoleman

I wanted to get the Coliseum but I didn't have money for it. I think that you have a good plan there, especially since you have the job interview soon.

YuckTheFankees

That's what I'm thinking. The job description mentioned "knowledge of web application security", and I've heard eCPPT best material is in the web application section...so it was an easy choice for me. I have probably spent about 8 hours in the course and I'm getting pretty comfortable with Burp Suite.

rogue2shadow

I'm actually running through it myself in that order (net/web/sys) as additional preparation for the OSCP exam (my web skills are weak to be honest). Thus far, the material and videos are proving to be top notch.

I would also recommend these books if this job is purely a web application pentest job or to further fortify your web skills:
Amazon.com: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (9781118026472): Dafydd Stuttard, Marcus Pinto: Books
Amazon.com: HACKING EXPOSED WEB APPLICATIONS, 3rd Edition (9780071740647): Joel Scambray, Vincent Liu, Caleb Sima: Books (somewhat dated but will keep you in the flow of things)

Good luck on the interview!!

jamesleecoleman

Good looking out rouge2shadow!

YucktheFankees
I like the burpsuite but I found it a little difficult to get around at first. Do you feel that the material is overwhelming?

YuckTheFankees

@rogue2shadow,

I'm sorry I was a little confused, are you taking the eCPPT course right now or OSCP? I'm a little weak in the web app department so your book recommendations do help

. Thank you.

@JLC,

I'm not finding the material overwhelming yet but I'm definitely using other sources..googling a lot for additional material and looking for youtube/security tube videos on subjects I can't grasp fully. I definitely need to learn HTML/Javascript/PHP, or at least be able to interpret the language better.

rogue2shadow

@YuckTheFankees

Anytime! I already ran through some lab time with offsec but I quickly realized I needed to beef up my web/advanced systems skills in order to do well in the final exam. I will make an attempt later this year but for now I'm going through eCPPT Pro with Collesium (went through Hera last month).

YuckTheFankees

I'm definitely planning on OSCP after eCPPT. How does the OSCP compare to eCPPT in your opinion?

ipchain

Best of luck, YuckTheFankees!

docrice

Regardless of whether you pass / fail the interview, it would be enlightening to all of us to hear what the experience was like, minus any revealing details about the specifics of the organization you're interviewing with, of course. Your other experience with the forensics internship would also be very valuable to hear about.

YuckTheFankees

I have already started writing my review for the internship, but that's on the back-burners until after the interviews. I will also provide my thoughts on the interview process, it should be interesting.

jasong318

Sounds like an awesome opportunity, good luck!

veritas_libertas

Exciting. I hope you are able to nab that job. Let us know how it goes

nicklauscombs

good luck! keeping my fingers crossed for you.

the_Grinch

Congrats on the interview. If it truly is a Junior Pentesting job, I wouldn't worry too much you'll do just fine. I interviewed for a similar spot and was offered the job. It consisted of two phone interviews, the first being a panel where they just went over my resume and ask me to describe various things on it. The second was a phone interview with the CTO where he asked various IT related questions (ports, acronyms, you get my meaning). Also, gave me some general IT scenarios to see if I could think on my feet. Finally, I was flown out to their offices to meet with the team I would work with. They allowed me to sit with one team member for an hour and just ask questions about what the job was like. Also, I then set with the CFO and another panel to get into the personality stuff. This was a traveling position, but for at least the first 90 days I would be in the office sitting with different team members and learning the ropes. I often find that with positions like these you get two types, ones who just say junior level, but actually want you to know everything. On the flip side, you get the ones who want the IT experience and the customer support experience in turn they will train you up on their tools along with how they like things done. Given your drive and you're posts, I suspect you will do just fine and will get the job if you want it.

contentpros

Burp can be confusing when you first start with it but hang in there once you get comfortable it is an amazing tool. If you haven't already checked out "The Web Application Hackers Handbook" (2nd or 3rd edition) I highly recommend picking it up. The author is the creator of Burp and there are some great burp specific examples in the books. You can probably find them used for pretty cheap and they are worth every penny. It is required reading for all of our staff and developers!

HTH

~CP