Is Pentration testing worth pursuing as a complete Beginner?

Career Advice
#1

Hey Everyone !

I come from Mechanical background and have had 2 years of experience working as design engineer for a private company. After much thought I decided to become an ethical hacker as the very title always fascinated me but I only had C++ knowledge and some basic knowledge of Ubuntu (only app installation commands) at the time (with C++ almost forgotten) .

What I wanted to know from you all is - Is it really possible to get a job as a pentester if you learn all the required skills or should I focus my time on learning JavaScript, python and move into developer side as there are much more opportunities.

Suggestions and references to any resources are most welcome :sweat_smile:

#2

Hey there,

nice to meet you! :wave:

How do you think actual pentesters got their jobs?

#3

Hi miku nice to meet you too !

Well yeah I agree that the master has failed more than the student has ever tried but I keep reading all these posts regarding HR gatekeepers and how even if you have the skills end up not getting the job because of few middlemen.

Now that I look at my question I feel like a stupid :rofl: :rofl:

#4

I don’t know anything specific on this, but if I do a google search for “how to become a penetration tester”, I see some courses available. If I look for the same on youtube, I see a lot of videos. If I search on the FCC site for “penetration testing” I see some materials too.

I think you’ll find a wider variety of answers if you go down that path.

#5

For web security, you need to know what web developers know, plus what they don’t know. Or what they choose to ignore or not care enough about.

If you want to do security broadly you have to learn about OS, networking, hardware, physical security, psychology (i.e. social engineering), programming, disassembly, debugging, etc., the list goes on.

I think most pick the things they are really interested in and get specialized. It’s pretty hard to become an expert in all the possible avenues. Creating an exploit for a CPU (specter/meltdown) is not the same as knowing how to get someone to click a link they shouldn’t click (spear phishing with premade exploits).

1 Like
#6

Yep currently training from various online resources.

#7

Hey lasjorg,

The list you shared is pretty useful and helped a lot. Thanks a ton !!! :partying_face: :clap: :+1: