Getting Started in Pentesting | Guide & Certifications | Mentorship 2019


Do you want to become a Penetration
Tester? I’m Joe McCay. Founder of infosecaddicts.com, and in this video I’m gonna walk you through all the things that you need
to know so that you can get a career as a penetration tester and yeah don’t
worry everything that I’m going to show you is free completely free completely
free there’s no sales pitch let’s get started You want to become a penetration
tester let me see if I can do my best to help you get started there’s gonna be a
couple of things you’re gonna need to focus on the first thing is gonna be
your basic skills so your basic skills are gonna be command-line Linux and
command-line windows now because it’s on a whiteboard it’s gonna be a little bit
difficult to see some of this so you’re gonna see that we’re gonna have little
call-outs like this one so that you can kind of see what I’m pointing at okay
alright so let’s jump back into like I’m saying we’ve got command-line Linux and
command-line windows about the skill level of a CompTIA Linux plus about the
skill level of a Microsoft MCSA it’s about the kind of skill level that
you’re looking for so I’ve got a YouTube video series I’m gonna give you the link
to here’s the link okay and if you look down on the description below we’ll give
you that link there as well so I would go through the entire YouTube video
series it’s two of them one for Linux one for Windows ok then I would go
through the entire video series for a packet analysis tool called Wireshark ok
and here’s the video for that lastly I would go through a video series on the
basics of Python here’s the video for that now
once you’ve gone through all of these videos now don’t just watch them
actually do them open up a Windows machine or Linux machine and follow
along actually do them that’ll give you your basics your foundation then after
that what I would say is that you really want to start working on a hacking tool
called Metasploit Metasploit is a tool that pulls together
lots and lots of hacking tools and exploits from all over the web
once you pull all those tools together we have a framework that integrates them
all together called Metasploit now there’s a video series that I’m gonna
give you for Metasploit it’s actually two so I’ll give you both of those now
down in the description below you’ll have the video for that another tool is
a web intercepting proxy tool called burp suite and I’m gonna give you a
video series for that okay again these are all people they’re not my video
series but there’s video series on the web’s of people who’ve done really good
jobs for these now again your first step is going to be to get the skills now you
could get through all of these videos in a few days I mean a couple weeks tops
but in a few days you could get through all of these video series right once
you’re done with all of those video series then I would say okay now that
we’ve got some basic skills it’s time to move on and try to see if we can
actually get some real experience one of the things that’s really tough when you
try to get into the job market is it’s one of those things where it’s like well
hey I don’t know the skill since I don’t have any experience won’t give me the
job and you won’t give me the job since I don’t have any experience so it’s kind
of a chicken before the egg thing how am I gonna get experience so I can get a
job how am I gonna get a job so I can get experience my recommendation is join
an open-source project if you join an open-source project the first thing that
people are gonna say is I don’t know how to program I’m gonna tell you this in our world
people hate to write documentation if you go to a website like github.com and
when you’re on github search for some of these hacking tools search for port
scanners sniffers tools like Metasploit in map and all the different competing
tools in that space and join a project that looks interesting to you offer to
write their documentation if you offer to write their documentation you’ll very
quickly find that people are gonna love you they’re gonna give you jobs like
crazy you’ll immediately get started working that’s gonna be a great way for
you to get experience SourceForge it’s dying it’s sakes I love SourceForge
github is really kind of taking over all right next thing I would say to do is
join some capture-the-flag competitions online capture-the-flag competitions are
really really really important I would say definitely Google to find them
you’re gonna see capture the flag our competitions though at security
conferences there at universities you can find them online obviously by
searching and you can go to github search for CTF capture the flag in
github.com and you can find the answers to older capture the flag hacking
competitions great way to get started you want to do that for a couple of
months you do that for a few months get some experience play around get in there
have some fun like seriously have fun with it you’re gonna meet people great
way for networking both being on open source projects participating in capture
the flag great way for networking and that’s gonna be a great way for you to
actually find out about jobs that you can apply for finally now it’s time to
go and get this money man time to get paid how do we search for jobs so the
first thing I’m gonna tell you was one you’ve got some job tips on Monster,
Indeed, computerjobs.com you know pick your favorite job search website
there’s tons of them out there first thing for security jobs is no geo what
that means is don’t search for a geographic region
you know try your best not to search for like Washington DC or San Diego
California keep it so that it’s you know nationwide the reason I’m telling you to
keep it nationwide is because a lot of pentesting jobs are remote or require a
fair amount of travel second thing that you want to do is you want to search for
different certifications certifications like certified ethical hacker (CEH) GPEN
from Sands OSCP I definitely be searching for these certifications
regardless of whether you have them or not you’re gonna find that a lot of the
computer security certifications are recommended not necessarily required but
it’s a great way for you to find the jobs and then finally the most important
job search tip that I can give you search for the tools I would say go to a
website like sectolls.org here’s the link sectools.org and then for all
these lists of tools they’re, NMAP NIKTO, and all these different tools like
that search for those if you keyword search for jobs using the tool names
you’ll find jobs that have a penetration testing component, you might be, a
security analyst, you might be a security researcher, you might be a security
validator, you might be a computer network analyst, computer network
technician, right, security technician, you know, all types of jobs have a
penetration testing component and they’re generally not necessarily called
Ethical Hacker, or Penetration Tester or Security Evaluator, in the job title
you’re gonna find in our world a clearance is something that people talk
about a lot am I going to need a security clearance and the simple answer
is maybe it’s… questions are; 1) are you a citizen, 2) Do you have a clean record and good credit those are gonna be the couple of things
that are the initial hurdles to be getting a Security Clearance. A Security
Clearance, if you’re gonna work from somewhere that’s .gov or .mil, right, so if you’re gonna work for a three-letter agency CIA FBI NSA Secret
Service you know you’re gonna work for NRO I’m gonna work for any of these
types of places or you’re gonna work for the US military right Department of
Defense you’re probably going to require some sort of security clearance and it
goes in levels at the end of the day the easiest thing to do is get your skills
if you have the skill set you have the experience then you may want to consider
some certifications you may want to consider certifications like the Offensive Security, OSCP, you may want to consider certifications like anything
for DoD 8570 you may want to consider those okay so if you knock out a few of
those certifications which after you have this experience should be pretty
easy then you can start going for these cleared jobs and I think you’ll have a
pretty good shot at get in them okay I’m so glad you made it to the end of the
video thanks a lot for putting up with me I hope you found the information
helpful I really didn’t cover a lot of stuff on
certifications I really tried to focus on skills experience and how to get paid
we’ll probably do another video on certifications out of later date but I
hope you found this helpful and if you want to get this information and more
as a nice downloadable PDF why don’t you go ahead and click this link below
again it’s not a sales pitch relax I’m not selling you anything but if you want
to have this stuff summarized with a little bit more information than what I
was able to cover today then click this link below that’ll take you to a little
website you fill out a form give me your email address all right and also don’t
forget to subscribe to this channel I really want to get people to start using
the channel, start hanging out on InfoSecAddicts.com, and
hang out on the InfoSecAddicts YouTube Channel thanks so much see again in our
next video

59 Replies to “Getting Started in Pentesting | Guide & Certifications | Mentorship 2019

  1. I've been a soc analyst for a year and just passed me eJPT. Curious as to whether you would recommend going for my oscp or ecppt first?

  2. I like the idea of logical progression in steps. "Do this, then do this, then do this…" I recently completed my Security+ cert and am looking for the next steps after that. I'll be watching your channel. Thank you for producing this content!

  3. The easiest way to describe what is all about cyber security. I've been start looking for change my career, but I haven't got any IT experience. I keen for learn. That was really helpful.

  4. OK but i know basic networking and basic C language ? how i can learn Burp suit ? i think i need to learn first HTML and CSS first JavaScript ?

  5. Omg man I love you. I wish I would have found this video earlier. I鈥檝e been throwing dice on what I want to do as a career. Bless you.

  6. Finally someone gives a positive outlook and realistic way to start in IT security, thank you @InfoSecAddicts !!

  7. Basics
    ——–

    – Linux: https://www.youtube.com/playlist?list=PL6gx4Cwl9DGCkg2uj3PxUWhMDuTw3VKjM

    – Windows: https://www.youtube.com/playlist?list=PL6gx4Cwl9DGDV6SnbINlVUd0o2xT4JbMu

    – Python: https://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA

    Intermediate
    ————-

    – Metasploit

    https://www.youtube.com/playlist?list=PL6gx4Cwl9DGBmwvjJoWhM4Lg5MceSbsja

    https://www.youtube.com/playlist?list=PLF23494E2820B442B

    Burp Suite: https://www.youtube.com/playlist?list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

  8. Hey, Loved your video and looking forward to pursue pentesting as my career. However, I was not able to fill out the registration form on your website. Can you please help me as I'm looking forward for the pdf mentioned in the video for more information. Loved your content and waiting for more ! Thank you !!

  9. Thanks for this roundup, very helpful collection of information and well organized as logical consecutive steps. For the CTF portion, I was surprised that you didn鈥檛 mention either www.hackthebox.eu or www.vulnhub.com

    They are both free and very active communities with plenty of available CTF style challenges that are available anytime on demand. I do think that attending or participating in live challenges online is very helpful too, but these sites give a huge range of scenarios to practice in without any time crunch. They range from very low entry level challenge to very demanding. Many people post walkthrough style solutions after they complete them so if you get stuck you can always take a look at how someone else completed the challenge to at least get you past your sticking point.

    Thanks again and keep up the great work

  10. I appreciate the video; one thing I would add from "the cyber mentor" is that basic Networking skills is a necessity as well. Comptia network+.

  11. Love the step by step guidelines you gave. I've been looking into this career path and have been so overwhelmed with information, it's hard to know where to begin. Really do appreciate it.

  12. This was a good video. Like the break down, and steps you have to take. I remember when infoSecAddicts started I was one of the few helping build the material, and testing out the write up paper. Wish I would of continued but got busy with work, and family. Glad the site grew to what it is now. Keep up the great work.

  13. Stupid question: What do you think about the Azure Developer AZ-203 certification? I was thinking of starting with that so I can go in either the security direction or the .NET developer direction (which I am leaning a bit more towards). Love your videos!!!!!!!!!

  14. Thanks for the video, I'll make sure to share this with my friends, your content is awesome, I'll definitely see your videos because this one already helped me a lot with my area transitioning decision, don't give up, you'll get what you deserve 馃懆鈥嶐煉火煈

  15. Hi, first of all as the rest of the people I want to say great job an listing the steps which is very useful. I have e question. The timeline you show is doable in a year and I was a bit sceptical about being able to find a job as penetration tester after only a year of practise.

  16. Some guy told me this is the path of certifications you should get (from beginner to advanced) in order to really secure a job in ethical hacking:

    1. compTIA linux+
    2. CompTIA security+
    3. CCNA 2020 or compTIA network+
    4. EC Council CEH
    5. Could do CompTIA pentest+ (this is entry level)
    6. EC council LPT (advanced) or OSCP

  17. what are some certifications I should have under my belt? I know you mention some but a list would be nice. Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *