Sign in Subscribe

What I learned after studying ethical hacking for 650+ days

Last updated on 
What I learned after studying ethical hacking for 650+ days
Photo by Mika Baumeister / Unsplash

Introduction

In June 2023 after graduating from Computer Science, I made the decision that I wanted to work professionally in the cybersecurity field, specifically, I wanted to be a penetration tester (Sometimes referred to as an Ethical Hacker).
I started doing tons of research for the best ways to learn pentesting, looking at videos from people that have worked in the field, blogs, books, and more. All that research resulted in a path of certifications that helped me learn (and practice) as much as I could of ethical hacking. Now after finishing the last certification of that path, I want to share my experience, what worked, what I'd change, and things that may help you speed the process of learning ethical hacking.

Before starting, I want to mention that I've been working as a Security Analyst Level 1 and Level 2 for one and a half year. While I haven't worked professionally as a pentester, I've built the skills through intensive hands-on training that are necessary to pass the exams listed below.

Main idea

In 2023 I posted a blog of the path that I built after all the research. I also mentioned that I was going to be posting updates of my progress — I didn't do it, but I wanted to show you the path:

As a general idea, the first certification I wanted to start with was the CompTIA Security+. I chose this as a way to build some foundational/basic skills that would help me not only to get a first job (Before starting I wasn't working on the field), but also to get the basic knowledge necessary for the other certs. After getting the Security+ I started with more ethical hacking related certs. From this point I only took hands-on courses and exams, as it is the best (and only) way to really learn ethical hacking. The PJPT and PNPT from TCM Security at that time were certifications new on the market and they were getting very popular as the exams tried to simulate a real penetration test assessment (Assumed breach scenario and external). The final one was the legendary and well known OSCP certification, I choose this because, well, it is the OSCP and is one of the most recognized (If not the most recognized) ethical hacking certification.

My opinion on each certification

CompTIA Security+
Pros: Good for building foundational knowledge.
Cons: Not great for practical, hands-on experience.
My opinion: I wouldn't take this certification. Don't get me wrong, the certification is not bad, and the content is great; however, most of the things that I studied to pass the exam overlapped with things that I already know from studying Computer Science, and it lacked the practical training that is a must if you want develop real skills.
If you are planning to do this certification I would recommend to first think about where you are in terms of knowledge, listing what things you already know, which ones you need to strengthen, and which ones you need to learn. Then check the skills that certification covers to make the decision if it is worth investing time and money on it.

TCM Security - Practical Junior Penetration Tester
Pros: Great course content, training, and exam.
Cons: TCM Security's certifications are not very recognized outside US.
My opinion: After having two TCM Security certifications, I think that TCM Security has one of the best cybersecurity trainings. This exam simulates an assumed breach assessment in which you have to compromise the Domain Controller (Active Directory environment) with zero flags to capture.
To pass the exam all you have to take is the Practical Ethical hacking course also by TCM Security, there is no need to purchase or pay for additional resources.

TCM Security - Practical Network Penetration Tester
Pros: Again, great courses content, training, and exam.
Cons: Again, TCM Security's certifications are not very recognized outside US.
My opinion: As I said, this is a great certification, and you'll learn everything you need to know to perform an external pentest assesment and much more. The only downside is that, at least in my home country (Mexico) TCM Security certifications are not still that recognized. I'm not sure how the market is in the United States but I haven't seen a job posting asking for candidates that have this certification. Still I really love and recommend TCM Security courses and certifications.
In this case, the exam is and external pentest assessment in which you also need to compromise the Domain Controller. This exam does not try to simulate a CTF challenge, but how a real world penetration test is carried out from start (Rules of Engagement) to finish (Pentest debrief).
When you purchase the exam voucher, courses such as Windows and Linux Privilege Escalation for beginners, Open-Source Intelligence (OSINT) Fundamentals, and External Pentest Playbook are recommended; however, after completing all these courses and passing the exam, in my opinion, taking the PEH course and the External Pentest Playbook should be enough to pass the exam.

OffSec - OffSec Certified Professional (OSCP)
Pros: Great course, training and well-recognized in the industry.
Cons: Price tag.
My opinion: This certification will push you to the limits. I had to really lock in a lot of times to pass the exam. Initially I bought the 90 days bundle, but that wasn't enough. I had to purchase another 2 extra months to really dive into the contents and complete the challenge labs. Additionally, I did the 47 boxes on Proving Grounds Practice from the TJ Null list, for each of these boxes, I also wrote the report using the OffSec template.
In my own opinion, the key to pass this exam is, of course at first, complete or understand the concepts taught on the PEN-200 course, but after that, it is only practice. Creating your own methodology, from enumeration to post-exploitation, and improving it for every box you do (I did it with the TJ Null list and challenge labs) should be enough to ace the exam.
This certification is one of the most recognized for ethical hacking, and it has give me some interviews since I got certified.

Conclusion

Now looking back after finishing the path, if I had to do it all again, I'd skip the Security+, and swap it for another one like the Google Cybersecurity Certificate to start hands-on training earlier. The rest of certifications? solid, I wouldn't change any of them.
Additional training that I used was the Jr Penetration Tester, and Offensive Pentesting paths from TryHackMe, which I really recommend if you are a beginner and want to get to the OSCP skill level.
If you are serious about breaking into ethical hacking, focus on hands-on training that simulates real-world scenarios. That's were you'll become unstoppable.