I've been an active duty client systems technician (system administrator) in the U.S. Air Force for the past 5.5 years. As my time in the military draws to a close, I'm thrilled to embark on a new chapter as I've just begun my DoD SkillBridge internship as a penetration tester. SkillBridge equips transitioning service members with hands-on civilian work experience. Over the next four months, this role will be my bridge as I shift from military service to the civilian workforce.
In this article, I'll unveil the path that led me here, sharing insights and strategies that helped me transition from SysAdmin to Penetration Tester. If you're contemplating a career shift or simply curious about my journey, read on!
Here is a short video related to this article:
Who is this article for?
Anyone interested in my story.
Individuals aspiring to become penetration testers.
Transitioning service members looking to craft their own SkillBridge opportunities.
Current system administrators and information technology (IT) professionals considering a career shift into cybersecurity.
Cybersecurity enthusiasts.
Career counselors & transitioning coordinators.
Summary
I participated in the DoD's SkillBridge program, aiding the shift from military to civilian life.
After earning my Security+ certification with the Air Force, I began my B.S. in Cybersecurity at UMGC. It was during my initial classes that I decided to delve into ethical hacking.
I thoroughly learned Linux through targeted training and secured several key certifications, including CCNA and Network+.
I honed my skills in Python for cybersecurity by completing the "100 Days of Code" challenge.
I deeply engaged with TryHackMe, and I can't recommend it enough for its hands-on experience.
I achieved pivotal certifications like CEH, CISSP, Cloud+, PenTest+, CySA+, and eJPT.
I joined Hack The Box, enhancing my skills and enjoying collaborative hacking opportunities.
I successfully passed the OSCP certification on my first try, a testament to my dedication.
I finished my B.S. in Cybersecurity Management and Policy.
Based on my journey, I've designed a comprehensive guide for those aiming to become Penetration Testers (toward the end of this article).
I initiated and pioneered my own penetration testing internship opportunity.
I'm currently undergoing my internship and am passionate about my upcoming learning journey.
Keep an eye out for a future article detailing my experiences as a penetration testing intern.
The SkillBridge Program Overview
The SkillBridge program, initiated by the Department of Defense (DoD), aims to assist service members transitioning out of the military. This program facilitates partnerships with public sector organizations, enabling participants to gain practical civilian work experience through training, internships, or apprenticeships in their last months of service. Throughout these opportunities, participants receive their military benefits and compensation, ensuring a seamless transition into the civilian workforce.
Step 1 of my path to becoming a penetration tester: Security+
After earning my CompTIA Security+ certification, a requirement for many cyber defense Airmen before they move to their first duty station, I knew I wanted to dive deeper into cybersecurity.
Though the U.S. Air Force classifies us as "Cyber Defense Operations," many of us align more with enterprise IT roles, making a transition to cybersecurity roles post-service a challenge.
Subsequently, I pursued a B.S. in Cybersecurity Management and Policy from the University of Maryland GlobalCampus (UMGC). During my initial courses, I pinpointed my interest: penetration testing or "ethical hacking." A process vital in identifying and fixing vulnerabilities before they're exploited.
Initially, I doubted my ability to become an ethical hacker, thinking I should focus on basic cyber defense. However, by the end of 2019, I committed to the challenging journey of becoming a penetration tester.
Step 2 of my path to becoming a penetration tester: Linux+
After discovering Kali Linux was a top choice for criminal and ethical hackers, I delved into the "Kali Linux Revealed" course, available at https://kali.training/. However, despite its claim to be beginner-friendly, I found myself lost within the first few chapters. The website recommended an introductory Linux course for those struggling with its content, so I followed suit.
The recommended course, unfortunately, was disengaging and nearly sapped my motivation to pursue a career in hacking. But recalling my positive experience with the Security+ exam and the CBTNuggets course, I redirected my focus towards the Linux+ certification by CompTIA using CBTNuggets as my primary video training course. This new material rekindled my interest and enthusiasm for Linux.
Though I eventually completed the "Kali Linux Revealed" physical book, it still felt unfulfilling. With that being said, it looks like the free Kali Linux Revealed course (KLR/PEN-103) has been updated, so my opinion on this is irrelevant, and PEN-103 is probably worth checking out. I thoroughly enjoyed the PEN-200 course for OSCP, and I'm currently in progress with the PEN-300 course, which I'm also enjoying. So, I'm confident that the updated PEN-103 is much better than when I went through it.
Important Lesson #1: If training isn't resonating with you, switch it up! Not every instructor or resource will align with your learning style. When faced with such challenges, seek alternative training, but never give up.
Step 3 of my path to becoming a penetration tester: CCNA
The three core skills for hacking are Linux, networking, and Python. With Linux mastered, I moved to networking. I aimed for the gold standard in networking certifications: the Cisco Certified Network Associate (CCNA).
My approach to the CCNA mirrored my strategies for Security+ and Linux+. However, due to Cisco's more challenging grading and a slight overconfidence from past successes, I failed my first attempt.
Important Lesson #2: Never assume mastery in a new area based on past proficiency. Treat every new topic as unfamiliar terrain. Complacency, stemming from prior victories, can be a downfall.
Determined, I redoubled my efforts for the second CCNA exam attempt. Halfway in, I felt assured of my success, and indeed, I secured my CCNA. With this in hand, I tackled the Network+ exam without extra preparation since CCNA delves deeper than Network+.
In summary, Network+ is excellent for general IT roles, while CCNA is ideal for those focused on networking. While CCNA may be overkill for penetration tester roles, I'm proud to have it.
Step 4 of my path to becoming a penetration tester: Python
I've completed my 100 Days of Code challenge, aiming to hone my Python skills for hacking and cybersecurity. The detailed journey can be explored in this blog article.
The summary:
Dedicated 240 hours to Python.
Completed five large and 176 small projects.
Read 2.2 books: "Python Crash Course," "Automate the Boring Stuff with Python," and part of "Black Hat Python."
Finished 4 video courses, including "Complete Python Bootcamp" and "Python 101 for Hackers".
Conquered 2 TryHackMe Rooms: "Python Basics" and "Python for Pentesters."
Key takeaways:
I've learned to automate repetitive tasks.
I can modify hacking exploits for my use, moving beyond being a script kiddie.
While I can read and understand most codes, I need more time to be ready to build advanced cybersecurity tools from scratch.
I'm not aiming to be an application developer.
Consistent practice is essential to retain my skills, and I'll tackle weekly challenges.
I'm open to learning more programming languages but will prioritize other skill sets for now.
Check out my completed projects and the daily logs. The first half of this journey is detailed here.
Step 5 of my path to becoming a penetration tester: TryHackMe
Between days 70-80 of my 100 days of code, I dove into TryHackMe (THM). I dedicated over 70 consecutive days to it, snapped my streak, and later achieved the 365-day streak badge with an average commitment of an hour daily.
Complete these offensive security-based learning paths:
Pre-Security
Introduction to Cyber Security
Web Fundamentals
Complete Beginner
CompTIA Pentest+
Jr Penetration Tester
Offensive Pentesting
Red Teaming
I recommend tackling them in this order. Since my completion, THM has enriched these paths with more content, enhancing their value. You can also complete the defensive security-related learning paths, but they are not critical to your success in landing a penetration tester role.
Remember, alongside other steps, I continually used THM to hone my hands-on skills. It's my foundational hacking platform, suitable for anyone at any stage. If you're already certified, you might find familiar topics. Still, revisiting the basics is always beneficial.
Step 6 of my path to becoming a penetration tester: CEH
The EC-Council's Certified Ethical Hacker (CEH) often faces criticism from seasoned hackers, mainly because it's purely multiple-choice without hands-on components. Unlike CompTIA's practical questions, CEH remains completely theoretical.
I pursued CEH for two reasons:
While CEH offers solid theoretical knowledge and is quite challenging, its $1200 price tag makes it hard to recommend. Instead, consider investing in Security+, CySA+, and PenTest+, which together cost the same as the CEH by itself.
Step 6.5 of my path to becoming a penetration tester: CISSP
The Certified Information Systems Security Professional (CISSP), offered by (ISC2), is a top-tier cybersecurity certification. While highly regarded, its relevance to penetration testers is debatable.
The CISSP is comprehensive and leans more towards theory and cybersecurity risk management rather than technical expertise, making it less essential for aspiring penetration testers. However, its depth can help penetration testers articulate cybersecurity risks with actionable mitigation strategies to stakeholders effectively.
Initially, I intended to pursue CISSP after landing my penetration tester role. However, a class in my cybersecurity program which used the CISSP study guide as a textbook, changed my trajectory. Having already spent two months with the guide, I dedicated an additional month and cleared the exam on my first attempt. Considering its complexity and the extensive 1300-page study guide, I'd suggest getting it after you've settled into a penetration testing role.
For those eyeing other cybersecurity roles, aim for the CISSP around your fourth year in IT. With the blend of IT and cybersecurity nowadays, you can likely meet the experience requirements for the CISSP, which is usually five years across two of its eight domains. However, those with certain certifications can waive one year of experience for this requirement. Details on the requirements can be found here: https://www.isc2.org/certifications/cissp/cissp-experience-requirements
For a deeper dive into the CISSP journey, check out my guide, How
Step 6.75 of my path to becoming a penetration tester: Cloud+
Cloud+ is a valuable certification that deepened my understanding of cloud computing, although it isn't essential for a penetration tester role. The insights I gained enabled me to provide solutions for various cloud-based challenges, from initial cloud adoption to transitioning between cloud platforms or reverting to on-premises (on-prem) setups. Earning Cloud+ took me a month at this stage in my career. While not mandatory, I recommend Cloud+ for IT professionals, especially as cloud computing gains prominence. It's a beneficial detour for any IT career journey.
Step 7 of my path to becoming a penetration tester: PenTest+
PenTest+ offers a foundational understanding of penetration testing. While it won't enable you to conduct a full-fledged penetration test post-certification, it introduces vital concepts.
Notably, PenTest+ stands out in teaching the ethics of "ethical hacking," surpassing certifications like CEH. It also emphasizes the importance of reporting and communication in the field. While it may not delve deep into technical skills, it covers essential areas like theory and ethics, which are often missed by other certifications.
For defenders, PenTest+ offers valuable insights into a hacker's mindset, helping you appreciate their approach without becoming one yourself.
Step 7.5 of my path to becoming a penetration tester: CySA+
I took another detour on my path to becoming a Penetration Tester with the CompTIA Cybersecurity Analyst (CySA+). This certification has much in common with PenTest+. Drawn by a $50 beta exam offer from CompTIA, I took a shot at it. With beta exams, the structure and passing scores are not finalized, and no study materials are available. I reviewed some practice tests from the previous CySA+ exam before attempting it. Despite the wait of about six months for the results, I found out I'd passed and earned the CySA+ certification. Beta exams are a cost-effective way to earn certifications, and I'd recommend them to those who don't mind the wait.
In summary, while CySA+ is not essential for aspiring penetration testers, it's a valuable asset, especially after securing the PenTest+. However, for those leaning towards defense in cybersecurity, CySA+ should be a priority after Security+ and before CISSP.
Step 8 of my path to becoming a penetration tester: eJPT
The INE Security's Junior Penetration Tester (eJPT) certification is a pivotal step between PenTest+ and the OSCP. Thanks to eJPT, I cleared the OSCP in one attempt. To dive deeper into my experiences with eJPT, refer to my article Everything You Want to Know About eJPT. In short, eJPT is invaluable for aspiring penetration testers.
Defenders can gain a hacker's perspective through eJPT, making it a beneficial pursuit for seasoned cybersecurity analysts and engineers.
Step 9 of my path to becoming a penetration tester: Hack The Box
Hack The Box (HTB) introduced competitive hacking seasons open to everyone. While competition initially attracted me, I found more value in team collaboration. HTB is an excellent platform to maintain and enhance hacking skills. I tackle one, sometimes two, machines a week to keep my skills sharp.
Note: HTB prohibits public solutions for active machines but encourages team collaboration. If you're looking for a team, reach out, and I might invite you to mine.
Step 10 of my path to becoming a penetration tester: OSCP
The OffSec Certified Professional (OSCP) is the top certification for penetration testing jobs. It's often considered the gold standard. To boost your chances in the penetration testing field, I recommend aiming for the OSCP after grounding yourself in Linux, networking, and a programming language. Read my blog article about the best programming languages for cybersecurity to know where to focus your programming skills.
Before the OSCP, considering the Security+, PenTest+, and eJPT can be beneficial. I passed the OSCP on my first try, marking it as the most challenging yet most rewarding exam.
While all certifications have their place, the OSCP stands out in job interviews. Although no certification is truly mandatory, the OSCP is as close as it gets. It can open many doors in the penetration testing world. For a deeper dive, see my article, How I passed the OSCP on My First Try.
Step 11 of my path to becoming a penetration tester: College Degree
I began my Bachelor of Science (BS) in Cybersecurity Management and Policy before any other steps in my journey. However, I finished it last due to its four-year duration.
A college degree isn't mandatory for cybersecurity roles, but it can provide a competitive edge in the job market. If affordable, I recommend pursuing one. I was fortunate to use military tuition assistance for mine. If costs are prohibitive, steer clear of hefty student loans. But remember, while a degree gives you an edge, honing specific skills can be just as valuable. For deeper insights, check out my article, Is a Cybersecurity Bachelor's Degree Worth It?
I recommend the book The Education of Millionaires: Everything You Won't Learn in College About How to be Successful by Michael Ellsberg. Whether you have a degree or not, it's enlightening. Its core message is that a degree isn't an automatic passport to success anymore.
While I value my degree, I respect those who thrive without one. Carving out a non-traditional success path has its charm. My take? If college isn't for you, that's okay. For my military readers, given your free education opportunity, it might be wise to capitalize on it, balancing it with your service commitments.
Old Fashioned Hard Work and Sacrifice
While serving as an active duty client systems technician and juggling part-time college, I earned all the certifications for my career path. I committed to an 8-hour workday and dedicated 3-4 hours daily to studying after work. Weekends were for training, education, career research, or enhancing my personal brand, like building this website or crafting the blog post you're reading now.
Many wonder, "How do you manage all that?" It's not about finding time but making it. To prioritize my goals, I eliminated activities like:
Videogames
Caring about politics
Excessive social media and entertainment streaming
Fantasy Football and sports viewing
Casual socializing without purpose
Some might see my choices as dull. Yet, I derive pleasure from honing my skills and advancing in the cybersecurity field. Instead of the video game progression I used to focus on in the past, I now focus on my real-world growth. "Work" often feels fun due to my passion for the field. So minimizing "fun" is a choice, not a sacrifice.
Of course, balance is vital. I get 7-8 hours of sleep to maintain focus and productivity. I occasionally play a video game or watch a movie with my girlfriend during dinner. We travel and explore together, ensuring a fulfilling personal life while pursuing my professional aspirations.
The adage "work hard; play hard" has a different meaning for me. It's "work hard, work harder, then play." My relentless drive and work ethic have been pivotal to my success. Desiring something is one thing; relentlessly pursuing and achieving it is another.
My Recommended Path to Becoming a Penetration Tester
Embarking on a journey to become a penetration tester, I've amassed invaluable insights and experience. Here's a more streamlined guide based on my journey; follow these steps in order:
LinkedIn: Establish and regularly update a LinkedIn profile (connecting with me is encouraged). Engage with content, connect with industry professionals, and share your progress weekly.
TryHackMe (THM): Start dedicating an hour daily to THM. It's especially valuable for beginners. Dive deep into terminology and hands-on exercises.
First IT Job: If you aren't already in IT, secure an initial role. Check out my article How to Get Into Cybersecurity (and Other IT Fields) With No Experience if you need help with this step. You may have to complete this step after steps 4, 5, and 6.
Network+: Earn it
Security+: Earn it
Linux+: Earn it
Python: Undertake the '100 Days of Code' challenge to establish a foundational understanding of Python.
PenTest+: Earn it
eJPT: Earn it
Hack The Box (HTB): Transition from daily THM to working on 1-2 HTB machines weekly.
OSCP: Earn it
Advanced Certification Training: Begin training for other penetration testing certifications like OSEP, PNPT, or HTB CPTS based on your interest while simultaneously applying for jobs.
Job Applications: Craft a compelling IT-centric résumé, drawing insights from NoobVillage.
Interviewing Skills: Refine your interview techniques. Books like "Hack the Cybersecurity Interview" can provide valuable insights.
Feedback Loop: If you're not seeing callbacks, it's time to rework your résumé. If you're struggling with subsequent interviews or job offers, revisit and revise your interview approach.
Navigating the DoD SkillBridge Internship Process
While many cybersecurity SkillBridge opportunities exist, few catered specifically to penetration testing when I searched. Although I found a program geared toward the OSCP certification, I already held that title. My aim was an internship offering real-world penetration testing. Unfortunately, no such programs existed. So, I was forced to convince a company to create a program as an outsider.
My approach was straightforward but challenging. I applied for numerous remote penetration tester roles. During interviews, when queried about my start date, I'd clarify my Active Duty status and the necessity for a DoD SkillBridge position since I couldn’t yet commit full-time. This posed two problems for potential employers:
I couldn't start for four months; this wait was excessive for most.
Many were unfamiliar with the DoD SkillBridge Program. Even highlighting the cost benefits (transitioning service members continue to receive government pay and can't be compensated by their internship firm), many companies hesitated.
However, there's an alternative: 7Eagle Group. This organization connects transitioning service members with companies not directly affiliated with SkillBridge. The essence is that firms get SkillBridge talent without the typical bureaucratic hurdles but pay 7Eagle for the service, which is less than a full-time employee salary.
I suggested this option during interviews, but many companies found it complex. However, TrustFoundry, a leading information security firm focused on penetration testing, saw the potential. They collaborated with 7Eagle, paving the way for my internship. After formalizing a training plan with 7Eagle, I applied through the base education center, requiring approval from my supervisor and unit commander.
For transitioning service members interested in 7Eagle, simply register on their website. While they might not offer penetration tester roles, they have various other cybersecurity positions available. If you're like me and want a penetration tester SkillBridge, you'll most likely have to pave your own path like I did.
Anticipation for the Internship
For my penetration tester internship, I hope to conduct penetration tests and web application assessments for TrustFoundry's clients on production machines/networks. Finally, I hope to soak up new tools, tactics, procedures, wisdom, and knowledge from the skilled penetration testing talent within TrustFoundry.
At the time of writing, I've already completed my first day. I've already been assigned to two tests, and I've already done a peer review of a penetration testing report. So, I'm off to a terrific start, and I can't wait to see what the next four months will bring!
A Teaser for the Next Article
When the SkillBridge internship ends, I will write another article about my time as a penetration testing intern. I hope to share what I've learned with aspiring penetration testers who enter this great field after me. Subscribe to my mailing list to get notified when I create new content. Don't worry, I won't spam you. You only get notified one time every time I create content, and since I'm not a full-time content creator, you only get notified a couple times a week at max.
Conclusion
It took me just over 3.5 years from the time I decided to become a penetration tester to the time I actually landed my internship. My journey serves as a testament to the importance of determination, work ethic, patience, continuous learning, and adaptability in the rapidly evolving world of cybersecurity. The roadmap I've traveled, filled with challenges, sacrifices, and successes, proves that with dedication and the right resources, anyone can navigate the intricacies of this field. As I continue to delve into the complexities of penetration testing, I invite you to join me, learn from my experiences, and, hopefully, chart your unique path in this exciting and crucial profession.
Disclaimer: All links to Hack The Box, Hack The Box Academy, and Amazon in this post are affiliate links. This means that if you make a purchase through these links, I may receive a commission at no additional cost to you. Furthermore, all links to TryHackMe in this post is my referral link. Signing up to TryHackMe through my referral link saves you $5 on your subscription and also saves me $5 on my next subscription. Your support through these purchases helps me continue providing valuable content. Thank you!