top of page
abdelsyfane

Making the Jump into Penetration Testing from a Non Cyber Job



The End:

I am a true Wonder Woman. Finally becoming a Penetration Tester. I am a Winner. What have I won? My own life.

The Beginning:

I have always felt the pull to spend time with a computer, enjoyed the Hackers, War Games, and the Matrix. In high school, I wanted to become a Hacker and study Computer Science, but the Society made me believe that as a girl that is not so great at math I didn't belong there. I studied Economics and got a stable job for the local government. I was young and believed what my elders told me, that I can achieve something in life working hard. I was a very shy and introverted, and I didn’t have faith in myself. Never felt I belonged, knew I was not living my own life, that I should be somewhere else, doing something different, but did not know what that was. You get the picture. So, I worked hard. I had a workload of 3 people and still volunteered for additional tasks and duties. No one ever saw my effort, and I was mobbed at work by my Manager.


Feeling more and more hopeless and trapped every day - just because I was loyal. I felt burned out, and in an urgent need of a break. So I took that feeling of despair, used it to my advantage getting a year of unpaid leave. I decided to travel abroad to Bristol UK for 6 months, and the other 6 months to in Amsterdam The Netherlands. This is when my life changed forever. When I walked out of the Central Station in Amsterdam and saw the flocks of cyclists, rushing to get somewhere I felt I belong HERE, for the first time in my life. So I started to troubleshoot how to stay here, who I am, what do I love, want brings me joy - and this is how I found Software Testing.

I had to come back from my leave, but I had also finally enrolled into Computer science studies, and passed the ISTQB® Certified Tester Foundation Level certification and felt ready to take the giant leap into the unknown and start sending my CVs. I landed my first job as a manual Software Tester, but because I always plan 3 steps ahead I knew I wanted to learn to write code for Automated Tests with Selenium. In order to do that I had to change my employer once again. My experiences have taught me that the only person I need to be loyal to is myself. I also stopped believing that Programming is as impossible as learning Chinese, because I tried to learn Chinese and it was not difficult at all, only needed persistence and day-by-day practice, it made me conclude anything is possible if you put your mind to it. After acquiring two years of experience as a Software Tester I made the decision to return to the Netherlands. The tv show called Mr. Robot was still airing then and as a reminder of the dream I once had and kept following me through life just like a “magnificent skyline - out of my reach, but always in my eye line”.

As a woman in Cybersecurity, can you suggest any affinity or other groups others should join to create a supportive network?

After securing a Test Engineer job, I have exposed myself to Cybersecurity related topics, by attending meetups like WICCA (Women in Cybersecurity Community Association) and Hack The Box: the Netherlands. At first I did not understand what was happening, so I kept taking notes and doing research. This is how two years have passed and I was still only listening on the sidelines. So life decided to force me to make a decision and slapped me in the face with a challenge. I was diagnosed with cancer at the end of 2020. I had to take a look at my life again and see myself for who I really am - a fighter. I’ve changed my life so much so far, carved myself anew: I was no longer shy, or letting others tell me how to live my life. I was no longer scared of heights or paralyzed by fear because a few years back I jumped with a parachute out of a plane to conquer that limitation. I became fearless. I knew that all of the barriers or chains limiting me from reaching my full potential are mostly in my head, and I just need to bravely and pro-actively reach out of my comfort zone and manage them. I knew then I will fight, that this will not break or define me. I am more than this, and this experience is just a phase I need to endure. I still had that one dream I did not get a chance to fulfil. There was a hunger, a fire of sorts in me - I wanted to learn and experience more. I will absolutely survive this and come out of this stronger. And so I did.

Do you have advice on finding a job in Cybersecurity?

In 2021 I knew that it was time to take action. I really wanted to be a Penetration Tester. That was the Holy Grail of Software Testing for me at this moment, always somewhere at the end of the book I was reading, always out of my grasp. Well then, I will make it within my grasp. I knew changing my field is absolutely possible if I want it hard enough. This was my way of not lying in bed waiting to get worse, but fighting for my life and that dream. I knew to change the field I am in I needed the knowledge and skills necessary in the one I was looking into. I started reading job descriptions and making notes of the requirements needed for a certain job type I had in mind already. I had a lot of time on my hands when I should be getting better, so during my treatments, I started following IT & Cybersecurity themed courses like the CISSP, and then CompTIA A+, Network+, and Security+ for the knowledge itself. I used ITProTV, from ACI Learning , but you can also find very high-quality courses for free on the Professor Messer YT channel. I have decided to pro-actively look for free or affordable learning resources myself, than overpaying for a Bootcamp. I have also enjoyed the content available on the AttackIQ Academy page, because the subjects were challenging, but also explained in an easy-to-understand way. At the same time, I was going through the TryHackMe platform that consists of gamified VMs - aka Boxes you can learn the basics of Ethical Hacking or Networking. I discovered PentesterLab and with the easy explanations and numerous topics, I purchased a subscription. I also followed the Practical Ethical Hacking Course created by the TCM Security Academy. Overall all of their courses are very high quality and explained in an easy-to-grasp way. Also books, courses and webinars gathered on the O'Reilly Media helped me a lot when I needed help and could not find my answers elsewhere.

As I was gathering daily hands-on experiences, I wanted to supplement that with a challenge to complete the PortSwigger’s Web Security Academy. It is possibly the best Web-Pentesting course out there, and it’s free!

I listed those courses in my CV and not long after I was invited to my first interview which I totally bombed. So get this: I was super stressed, because it was my first interview, and there I was sitting in front of two men looking at me, and asking questions in a way that made me feel really small, and asking “what are you doing here?” questions in my head. They clearly wanted someone more experienced than me. But I decided that I will use this interview to my advantage and will not let it break me or my pursuit of my dream job - so was writing down every question they asked me (to research those topics later), and asked questions like: “I see my interview is not going very well, what advice do you have for me that would help me being better on the next one? That somehow shifted the vibe of the conversation from “you are wasting out time”, to them sharing useful tips that I also wrote down and followed after the interview. Next time I will come prepared.

I knew I needed to network to meet people in the industry that I could ask for guidance, so I continued going to the Cybersecurity related meetups and joined few Discord channels like Cyber Mentor Dojo. And on the next WICCA meetup, my current employer gave a presentation on OT Security, and I asked a question, but I was so terribly tired while undergoing my treatments I left my private Email address with a request if someone could please answer it there. To my surprise, the next day I found a long answer in my inbox. I already knew that company, as I have worked with their consultants before, and because work culture is very important to me, and they were all nice people I wrote back asking if they hire people without any experience. A few days later I had my first “get to know you” call with an employee. It seemed I was at the right place, at the right time, it felt like serendipity. I’ve decided to apply and got my first job as a Security Delivery Analyst, and on top of that was diagnosed cancer-free a few weeks later. Things started to look up for me.

How have your experiences affected how you approach cybersecurity, and what advice for your younger self do you have about the challenges that you have experienced, and how you handled / wish they had handled these situations?

I had the job, but that was far from over. I knew I needed to get the knowledge and skills too. I also wanted to make it easier for others and so I have started sharing my experiences, knowledge and motivation on LinkedIn. I felt the industry is very guarded, and it’s hard to get in as a newbie, and as a female. Discovered TryHackMe and reached God level after 160 days of day-by-day learning. Passed the CompTIA Security+ certification and scheduled the PenTest+ exam, planning to pursue the Offensive Security Certified Professional (OSCP) certification after that. But more importantly, I am starting my Holy Grail of a job in May - I will finally be a Penetration Tester. My whole effort and persistence in the study made it happen for me. I’ve made it happen for me.

My experience has taught me not to give up and pursue my dreams with dedication, and a positive attitude. I was looking at my dream reviewing it every day and telling myself it’s not over until I win. This is why I am so active on LinkedIn. I am trying to cheer on people, tell them to follow their dreams, carve their own path in life, and stop listening to others - letting them direct your life. This is your life and you are the one experiencing the consequences of your decisions. I have experienced burnout, because if you follow the path someone else creates for you - you will be unhappy and frustrated. You will feel trapped in your own life, and that is the worse thing that could happen to anyone. So make a plan you will follow and create big goals and also short term ones. Read some books, articles, ask specialists in that field how did they manage to get to where they are now? Go after your dream in a very pro-active way, because life is what you make it.

Do you have any advice on how to seek allies at work?

I am a self-sufficient person that knows how to research topics on my own and where to look for knowledge of who to ask. It is important to remember that the search engine called Google - is your friend, so I would start with building my competence first, so I am viewed as a specialist that knows things. When I start working in a new company, I focus on networking and inviting people in my team and teams I will work with for a “virtual coffee” call on Teams or Zoom to know them better and potentially find out their interests or topics they are specialized in. The next thing would be volunteering to help with project work, being pro-active, helpful, nice to others, and accessible - not arrogant and vain. But that does not mean you have to say YES to everything, have your own boundaries and know where you should say no, and always prioritize your well-being because burnout is not a joke, and you cannot let others use you just because you are a kind person.

Anything is possible if you really want it. You just need to sit and work for it, put the effort in, study and practice. I often tell other people not to give up because I didn’t - if I did, I would never be where I am now. I feel on top of the world because I have everything I need: my life, my health, my positive attitude, my kind heart, my hard-working hands, and my newly found bravery. I showed up every day for the last year to study, I was very persistent in what I did, driven. Carving my own knowledge and skills day by day. Watching myself go from zero to hero. I am a Wonder Woman. I am unstoppable. You are too, I truly believe it. What I am trying to say is: Go and claim your dream!


About the Author: Dorota Kowzloska is a skilled Penetration Tester, One-Woman-Army, doer, and a self-starter with a growth mindset - often takes initiative on things and leads the rest of the group. Previously experienced in QA, Test Automation and Project Management with personal passion for CTFs (Capture The Flag), and Red Teaming and degrees in: Economics, Management and Marketing, and Computer science. Dorota has made a few career switches from being a local government official into QA, Test Engineering, and Security Analyst to Penetration Testing - her dream job. She is continuously building her knowledge base and displays lots of grit, adaptability, fast learning capabilities, and personal strength.

188 views0 comments

Recent Posts

See All

Comments


bottom of page