Nebula
Nebula Blogs

Follow

Nebula Blogs

Follow
My pentesting journey so far ...

Photo by Cookie the Pom on Unsplash

My pentesting journey so far ...

Nebula's photo
Nebula
·Jan 21, 2023·

2 min read

I wanted to share my journey into the cybersecurity industry today to explain why I still work in it (despite writing about the high rate of burnout among cybersecurity professionals).

It roughly started during high school (about 8 years ago) when I saw an interview with a person who dropped out of college and started a company to provide pentesting services.

In those days, cybersecurity wasn't as popular, and no one recommended this as a career option. "Hacking" was considered a crime, and the concept of "ethical hacking" simply did not exist. But I was determined to learn more about this subject, so I contacted that pentester and asked him how he got started. He recommended a book called "The Web Application Hacker's Handbook, 2nd Edition by Dafydd Stuttard and Marcus Pinto."

I started reading it and quickly realized that I didn't have a basic understanding of how websites work, and the book was too difficult to read without it. I realized that I needed to take a step back and start learning basic IT and network skills as I went along.

My first stop was YouTube, where I discovered Professor Messer, who offers free video series on CompTIA A+, Network +, and Security +. This is by far the most valuable resource that anyone can use to get started in IT to date.

Once I had the foundations covered, I started to look for more in-depth resources to get hands-on experience. I discovered two excellent instructors who made many of the more difficult concepts approachable and understandable. They are:

  1. Hackersploit : https://www.youtube.com/@HackerSploit

  2. The Cyber Mentor: https://www.youtube.com/@TCMSecurityAcademy

Practice in live environments is the quickest way to learn pentesting, and sites like Hackthebox make it easy. I've rooted around 80 machines so far. I used to watch Ippsec's walkthrough and copy his methodology when I was struggling with it at first.

While all of this was going on, I managed to get a job as a network engineer and later moved on to a security engineer role that primarily dealt with firewall management.

Today, as a senior security researcher, I get to point out all of the bad things that I find in my company's network.

I intend to pursue other opportunities, such as participating in bug bounty programs, and to improve my skills, particularly in web app pentesting, which is why I started this blog.

I'm currently enrolled in the API Pentesting course, https://university.apisec.ai/apisec-certified-expert, and I believe I'll cover some of its key takeaways in future posts.

 
Share this