Penetration Testing Certification: Some Tips to Ace it

Penetration Testing Certification: Some Tips to Ace it

Why should I get a penetration testing certification?

Unlike many other career paths, penetration testing doesn’t require any specific degree. Your level of experience and eagerness to continuously develop your hands-on skills will prevail in the eyes of a recruiter/client.

However, it is easier to transition into a penetration testing role after a couple of years of experience in IT and information security, which is my case.

If you’re starting in the field without a related degree, you might want to validate your skills with a certification. Obtaining a specialized certification is one way to hone your technical skills while demonstrating them to a potential employer.

Penetration testing certification options to know about

You can become a certified penetration tester right away. With a bit of background in either development or sys admin, you have all you need to start training and understand the concepts and methodologies to be certified.

Without such background, it would imply more work to reach the same achievement, but it is perfectly doable.

There are many entry-level certifications out there. I listed some of the most renowned ones below:

Some certifications are theoretical, others are practical. In my case, to become a certified penetration tester, only the practical ones seemed like a good option. OSCP and PNPT for instance, have the candidate practice for hours before taking an exam attempt.

Even if you don’t pass on the first attempt, the practice and skills you will have acquired by going through the process are worth it.

1.     Practice is key

First things first, you must PRACTICE! But the question is: where do I start? Let’s explore multiples answers:

Before thinking about or buying any certification:

If you don’t understand a concept well, research it and read blogs.

2.     Do your research!

Then, when you feel confident enough about your level and methodologies, buy the certification package and start reading the provided materials and go through all the exercises.

Again, take notes and write a report as you will have to do it for each penetration test exercices.

Finally, and if you have time, pwn all the certifications boxes before attempting the exam.

In summary, practice, take notes, and try harder.

Some tips to pass a penetration testing certification

While training for my OSCP certification, I had trouble managing my time. The following pieces of advice helped me:

Meet me, OSCP-certified penetration tester

I am Florian Berger, I have been a developer and a security professional for four years before venturing into cybersecurity. Positive Thinking Company, whose security branch specializes in delivering penetration testing services, offered me the opportunity to take the OSCP certification. I took it. I trained for days and nights before taking the exam and managed to pass on the first attempt. With the right amount of work and motivation, anyone can succeed too!

Good luck! 😊

List of practicing boxes – https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview

Hack The Box – https://www.hackthebox.com/

TryHackMe – https://tryhackme.com/

VulnHub – https://www.vulnhub.com/

RootMe – https://www.root-me.org/

PortSwigger – https://portswigger.net/web-security

Newsletter Subscription