Pentesting Experience and How to Get It
For several years even predating me starting my teaching career as an adjunct professor teaching ethical hacking and web app pentesting, I have been sharing resources on pentesting and advice on getting started. 2018 was a pivotal year for my efforts in helping others get started in pentesting. In January 2018, becoming an adjunct professor, in June 208 founded The Pwn School Project, in July 2018 I became one of the first Bugcrowd Ambassadors, and in November 2018 I gave my talk “The Pentester Blueprint” for the first time. My “The Pentester Blueprint” talk was the second conference talk of my career with the first being in 2015. I wanted to speak at conferences on a regular basis and could not figure out what to speak on and when I started speaking about becoming a pentester, it became my mission and eventually, a book titled “The Pentester BluePrint: Starting a Career as an Ethical Hacker”. The advice I share and the content of the book were based on my experience becoming a pentester as well as experience teaching and mentoring others that have become pentesters. I have over 9 years of pentesting experience and more than 17 years of experience in cybersecurity ranging from network security and application security. I gave a talk in April 2021 titled “Pentesting Experience and How to Get It” at Pancakes Con and decided to write an article based on the talk.
Getting Experience
Getting started in pentesting and cybersecurity can be hard but there are ways to get experience. The hands-on experience is the easiest part of the puzzle but what I am referring to here is the practical experience of learning how to hack or pentest. The on the job paid professional experience is more difficult to acquire and of course, luck can be a factor as well. When I got my first pentesting job and a consulting role at that, my background was sysadmin, network security, and application security. I had experience with vulnerability scanners, but that is just a part of the toolset and skills used by pentesters. What helped me get the job was my passion and my passion to learn. I shared with the hiring manager how I had a home lab and the different things I have learned through self-study. In 2012, pentesting was not as a high in-demand job, nor did a lot of people know about pentesting jobs, or that they actually existed. Nowadays, it is more well known, there are a lot more jobs, but there are also a lot more people trying to break into pentesting.
Hands-on Experience
As I mentioned in the previous section of this article, it is easier to get the hands-on learning experience. There are options like TryHackMe, HackTheBox, Offensive Security’s Proving Grounds, Over The Wire Wargames, Under The Wire, and Virtual Hacking Labs. Virtual Hacking Labs is not free, while Over The Wire and Under The Wire are free, and TryHackMe and HackTheBox have free and paid content. These are great places to build your hacking skills. TryHackMe and HackTheBox have education-focused content as well and are good places to start. Capture The Flags (CTFs), and home labs are other good options to get hands-on hacking experience. CFTs are available at a lot of conferences as well as others online. Vulnerable Virtual Machines (VMs) can be found at VulnHub. These options are a great way to gain pentesting skills, and for developing the hacker mindset.
Bug Bounties and Pentest as a Service
Bug bounties and pentest as a service (PTaaS) options are great for getting experience in production environments and you even get the opportunity to make money for finding bugs. Some bug bounty companies like Bugcrowd or HackerOne also offer pentests and you get paid for the pentest plus money for bugs you find. Other popular bug bounty companies include Synack and Integriti. Cobalt.io is a pentest as a service (PTaaS) platform. You get paid for pentests and not bugs. Cobalt.io started out as a bug bounty company but moved to a PTaaS offering. Cobalt.io makes it easier for those without professional experience to get started. During a discussion with a hiring manager for a boutique pentesting firm, my opinion of bug bounties helping people get experience with web app pentesting was confirmed. The manager shared with me that it was easier to find web app pentesters due to people doing bug bounties to gain experience.
Pro Bono Pentesting
Pro bono pentests are another way to get experience in a production environment. Nonprofits sometimes don’t have the budget for pentesting and you could offer your services for free to these organizations. You could even offer lower-cost pentests as well and to small businesses which would not restrict you to nonprofits. This option could be difficult due to needing to create your own report template, statement of work (SOW), and other needed documentation. You are basically starting your own pentesting firm. If you charge for pentests, then it adds complexity.
Internships
Internships typically require that you get them through a college and be a student to get the opportunity, but if you are a student take advantage of this opportunity if you have it. Based on what I have experienced with students and people I mentor, the ones that do internships typically get a job and have an easier time getting one. Internships give you experience and experience is required to get most jobs.
Summary and Closing
I hope that this article was helpful. The experience you gain from doing things like HackTheBox, CTFs, and bug bounties give you experience that you could use during an interview. You will be able to discuss how to use tools and techniques to perform a pentest. Bug bounties and PTaaS give you experience in a production environment and the experience can help you get a pentesting job and the experience is useful during interviews. Networking at meetups, cybersecurity meetings, and conferences is very helpful. I have gotten several jobs due to the people I know in my network and it makes it easier for me to find a job. Also, leverage LinkedIn and Twitter to network and learn.