Jr Pentest interview next week

YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
I received a call back today for a Jr Pentesting gig, there's a quick 20 minute phone interview sometime early next week. I know a senior pentester at the company, so that definitely helped me getting in an interview..now it's up to me to close the deal..

This weekend I plan to ( I have the next 5 days off, so I can get a good amount of studying done)

* download metasplotable and find vulnerabilities...then write small reports about my findings
* Possibly buy the eCPPT course because it takes over a week to get signed up for OSCP
* go over BASH and possibly python

I'm not getting my hopes up but it's still cool to be given the chance for an interview.
«1

Comments

  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    Fingers crossed for you! Good luck!
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Good luck!!!!!
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • N2ITN2IT Inactive Imported Users Posts: 7,483
    That's what you want that's going to be sweet!

    Good luck!
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Thanks everyone, I'm definitely nervous but I'm hoping my drive/motivation and personality will make up for the lack of experience.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I hope you don't mind me asking but what is your experience?
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    1 year of Linux/Networking + 3-4 months of Computer Forensic + 4 years of Finance

    Do you recommend the eCPPT course?
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Enthusiasm and motivation is a big part in the hiring factor for an infosec position, on my opinion. You need applicable skills as well, of course, but if you can show that you have sufficient drive, it might get you in the door permanently.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I cannot recommend the eCPPT course because I haven't completed the course or read through all the material. But I think that this course has been good so far. You might need to find some extra resources to help you study.

    I'm not trying to be difficult or anything but I feel that any course can help someone with a future job. I don't want to tell you that I think you should take the course and then you be disappointed in it. I would honestly feel bad because I felt like I helped you wasted your money.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Understandable but thank you for your input thus far.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Its no problem.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    So I just bought the eCPPT course..this will definitely help prepare for the interview. The labs are pretty cool icon_cool.gif.
  • the_hutchthe_hutch Banned Posts: 827
    Awesome. Let us know when you hear something back. Hope you land it
  • onesaintonesaint Member Posts: 801
    Awesome to hear. I really hope it goes well and kudos on the preparation.
    Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
    Next up: eventually the RHCE and to start blogging again.

    Control Protocol; my blog of exam notes and IT randomness
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    So I just bought the eCPPT course..this will definitely help prepare for the interview. The labs are pretty cool icon_cool.gif.

    Awesome! Maybe we can help each other out. Did you get the 30 day or 30 hour Hera lab?
    I haven't done any lab time yet.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Sounds good. I bought the 30 day lab for Hera and Coliseum. I'm going through the network and web application security 1st, then I'll move to the C++/ASM modules.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I wanted to get the Coliseum but I didn't have money for it. I think that you have a good plan there, especially since you have the job interview soon.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    That's what I'm thinking. The job description mentioned "knowledge of web application security", and I've heard eCPPT best material is in the web application section...so it was an easy choice for me. I have probably spent about 8 hours in the course and I'm getting pretty comfortable with Burp Suite.
  • rogue2shadowrogue2shadow CISSP, GXPN, OSCE, OSCP, OSWP, eMAPT, CEH, CNDA, A+, Network+, Security+ Member Posts: 1,501 ■■■■■■■■□□
    I'm actually running through it myself in that order (net/web/sys) as additional preparation for the OSCP exam (my web skills are weak to be honest). Thus far, the material and videos are proving to be top notch.

    I would also recommend these books if this job is purely a web application pentest job or to further fortify your web skills:
    Amazon.com: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (9781118026472): Dafydd Stuttard, Marcus Pinto: Books
    Amazon.com: HACKING EXPOSED WEB APPLICATIONS, 3rd Edition (9780071740647): Joel Scambray, Vincent Liu, Caleb Sima: Books (somewhat dated but will keep you in the flow of things)

    Good luck on the interview!!

  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Good looking out rouge2shadow!


    YucktheFankees
    I like the burpsuite but I found it a little difficult to get around at first. Do you feel that the material is overwhelming?
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    @rogue2shadow,

    I'm sorry I was a little confused, are you taking the eCPPT course right now or OSCP? I'm a little weak in the web app department so your book recommendations do help icon_thumright.gif. Thank you.

    @JLC,

    I'm not finding the material overwhelming yet but I'm definitely using other sources..googling a lot for additional material and looking for youtube/security tube videos on subjects I can't grasp fully. I definitely need to learn HTML/Javascript/PHP, or at least be able to interpret the language better.
  • rogue2shadowrogue2shadow CISSP, GXPN, OSCE, OSCP, OSWP, eMAPT, CEH, CNDA, A+, Network+, Security+ Member Posts: 1,501 ■■■■■■■■□□
    @YuckTheFankees

    Anytime! I already ran through some lab time with offsec but I quickly realized I needed to beef up my web/advanced systems skills in order to do well in the final exam. I will make an attempt later this year but for now I'm going through eCPPT Pro with Collesium (went through Hera last month).

  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    I'm definitely planning on OSCP after eCPPT. How does the OSCP compare to eCPPT in your opinion?
  • ipchainipchain Member Posts: 297
    Best of luck, YuckTheFankees!
    Every day hurts, the last one kills.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Regardless of whether you pass / fail the interview, it would be enlightening to all of us to hear what the experience was like, minus any revealing details about the specifics of the organization you're interviewing with, of course. Your other experience with the forensics internship would also be very valuable to hear about.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    I have already started writing my review for the internship, but that's on the back-burners until after the interviews. I will also provide my thoughts on the interview process, it should be interesting.
  • jasong318jasong318 Member Posts: 102
    Sounds like an awesome opportunity, good luck!
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
    Exciting. I hope you are able to nab that job. Let us know how it goes :)
    Currently working on: Linux and Python
  • nicklauscombsnicklauscombs Member Posts: 885
    good luck! keeping my fingers crossed for you.
    WIP: IPS exam
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Congrats on the interview. If it truly is a Junior Pentesting job, I wouldn't worry too much you'll do just fine. I interviewed for a similar spot and was offered the job. It consisted of two phone interviews, the first being a panel where they just went over my resume and ask me to describe various things on it. The second was a phone interview with the CTO where he asked various IT related questions (ports, acronyms, you get my meaning). Also, gave me some general IT scenarios to see if I could think on my feet. Finally, I was flown out to their offices to meet with the team I would work with. They allowed me to sit with one team member for an hour and just ask questions about what the job was like. Also, I then set with the CFO and another panel to get into the personality stuff. This was a traveling position, but for at least the first 90 days I would be in the office sitting with different team members and learning the ropes. I often find that with positions like these you get two types, ones who just say junior level, but actually want you to know everything. On the flip side, you get the ones who want the IT experience and the customer support experience in turn they will train you up on their tools along with how they like things done. Given your drive and you're posts, I suspect you will do just fine and will get the job if you want it.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • contentproscontentpros Member Posts: 115 ■■■■□□□□□□
    Burp can be confusing when you first start with it but hang in there once you get comfortable it is an amazing tool. If you haven't already checked out "The Web Application Hackers Handbook" (2nd or 3rd edition) I highly recommend picking it up. The author is the creator of Burp and there are some great burp specific examples in the books. You can probably find them used for pretty cheap and they are worth every penny. It is required reading for all of our staff and developers!

    HTH

    ~CP
Sign In or Register to comment.