In August of this year my career took an unexpected turn. I have been working the last few years to become a penetration tester. I earned my GPEN and OSCP certifications in the pursuit of that goal and I took a job with Sword & Shield so I could do penetration testing full time. My career as a pentester was humming along fine when out of nowhere I was offered a job doing API programming for Tenable Security. My first love has always been programming and throughout my career I have found my greatest satisfaction in programming. So, when this opportunity came along I was ecstatic. Although I was enthusiastic about the opportunity, I was also sad to leave behind penetration testing, which I now know is my second love.
I look forward to the new adventures that await me at Tenable Security but also plan to continue doing some penetration testing on the side to keep my skills. I am also hoping to do some vulnerability research and maybe even develop my first 0-day sometime in the next year. I’m not sure what will happen but tune in here and I will keep you posted.
Who doesn’t like programming more then testing pens?
I know, right? Thanks for reading the blog.
I find myself in a situation that may be similar to yours, let me explain. I’m a well paid sysadmin in the midwest. I have a broad range of experience, SCCM, Active Directory, McAfee Firewall and IDPS appliances, VMWare ESXi, ect… I don’t really do anything well but it is because I have to do all of this. In my free time I tinker, so I am familiar with NexPose, Nessus, Metasploit, ect.. but I can’t really use them in my day to day job. My question is this, do you think that were I to get the certifications you listed that would be enough to transition into a penetration testing career?
Jason,
If you want to become a penetration tester, then yes, the OSCP certification is an excellent starting point. If you just want to move into infosec, then I would try to convince your current company to create a new security role or add more security to your current role. If that won’t/can’t happen then I would look for other companies in your area that are hiring sysadmins with security knowledge. I know penetration testing is sexy, but the real need in infosec is good defenders.
Unfortunately I won’t be able to convince them to do that. I would like defense as well but my limited firewall ids/ips doesn’t seem to be enough. Guess I’ll have to keep trying.
Thanks!