My Learning Path to Becoming a Penetration Tester
Author Dorota Kozlowska
Are you entering Cybersecurity and do not know where to start?
I have followed the CompTIA A+ and CompTIA Network+ and CompTIA Security+ courses on ITProTV. You can find many high-quality training videos for free on Professor Messer‘s YouTube channel. I have also enjoyed the content available on the AttackIQ Academy page, because the subjects were challenging, but also explained in an easy-to-understand way. At the same time I was going through the TryHackMe platform that consists of gamified VMs - aka Boxes you can learn the basics of Ethical Hacking or Networking. I have discovered PentesterLab and with the easy explanations and numerous topics I wanted to learn I have purchased the subscription to that one too. I also followed the Practical Ethical Hacking Course created by the TCM Security Security Academy. Overall, all their courses are of a remarkably high quality and explained in an easy to grasp way. There is one honorable mention that I just cannot miss here - and this is O'Reilly Media. With a yearly subscription, you get all the IT (Information Technology) books published and many courses and webinars. It’s just amazing and helped me a lot when I needed help and could not find my answers elsewhere. As I am gathering hands-on experience every day I wanted to supplement that with a challenge to complete the PortSwigger’s Web Security Academy. It is possibly the best Web-Pentesting course out there, and it is free! Because as an Offensive Security security specialist I really want to pass the Pen-200. To do so I need not only the hands-on skills, but also the mindset required to be a successful penetration tester. This requires a lot of practice and note-taking. For that reason, I have recently moved to HackTheBox - it consists of training points like Academy-themed learning paths, over 200 machines to hack into, Challenges, Battlegrounds, and Pro Labs: a real-world hacking lab simulation scenarios. It is such a amazing platform! What is also a great way to practice? VulnHub - a catalog of virtual machines that are legally 'breakable, hackable & exploitable' allowing to learn in a safe environment and practice. And I think the most important labs on my path to passing the OSCP exam are Offensive Security Proving Grounds (PG) - which from what I have heard are the most comparable to the real exam. Anything is possible if you really want it. You just need to sit in front of your laptop and do the work, put the time and effort in, study and practice. I often tell other people not to give up, because I didn’t - if I did, I would never be where I am now. I showed up every day for the last year to study and I was very persistent in what I did. Carving my own skills and knowledge day by day. Watching myself go from zero to hero. You can too - I truly believe it. What I am trying to say is: Go and claim your dream!
About the Author: Dorota Kowzloska is a skilled Penetration Tester, One-Woman-Army, doer, and a self-starter with a growth mindset - often takes initiative on things and leads the rest of the group. Previously experienced in QA, Test Automation and Project Management with personal passion for CTFs (Capture The Flag), and Red Teaming and degrees in: Economics, Management and Marketing, and Computer science. Dorota has made a few career switches from being a local government official into QA, Test Engineering, and Security Analyst to Penetration Testing - her dream job. She is continuously building her knowledge base and displays lots of grit, adaptability, fast learning capabilities, and personal strength.