@@moesparc hey two years ago you commented . i am 17 yr old and dont want to have a problem of family too. please can you tell me if you are a pentester now that we get a problem of travelling or not?
Can you make a video on how you personally got to the position you are in now? Like how did you get started? What were your first steps personally? What do you recommend for the upcoming generations?
Jfigueroa43 Hi, I might no be at his level but I do work as a penetration tester as well. What I can say to get started is watch videos on youtube related to hacking. Then if you have money maybe go for OSCP you’ll learn a lot from it. If knowledge is not enough try elearnsecurity first it was good as well highly recommended. Penetration Testing is huge I mean it have many fields as well, although idk if they call it as a field but what I’m trying to say is look for something also where you want to focus first whether it is on web app, sysytem/network, mobile, etc.. For example, focus on webapp pentesting first then you’ll learn to do other stuff along the way. Good luck and never stop learning :)!
@@joverflow1050 Hi i realy like your comment i am student in cyber security winch is a ethical hacking i am bit shy about my course by college did not tech me any coding as u say Ur a hacker or pen tester can you tell me do i need to know coding most for pen testing job thank you it is will be helpful if u reply back kindly.
@@nicolaspope5599 yes, been working as a Pentester for over 2 years now, thanks for commenting this brings back so many memories wow Got my OSCP in 2020
The salaries of this field are insane, they range from the 6 figure range and I have met people making up to 200k pending their knowledge and experience in this field.
I enrolled in College for a Cyber Security degree and I haven’t been sure if it was the degree I’d like to run with but after this, I’m sure that I want to work as a Pen Tester. Thank you so much for this video
I've watched a few videos and you do a great job of defining Purple Teams as Red + Blue teams, but you never define Red or Blue teams. I presume one team attacks the other's network, but it isn't obvious to someone watching to learn about pentesting with absolutely no background because the boss tossed a post it on their desk late Friday that reads, "Hey, we need the new web app pentested. We're going live Monday." Otherwise, very much enjoying the 15 hour course and learning enough to ask better questions, which is fantastic. Thank you for sharing this.
Really enjoying your vids. Its honest and it's to the point. People ask to subscribe before videos but its drawn out and annoying. You are to the point with no over done intros lol. You do it without acting either. You do it like it's done in reality. Well done. Keep it up.
I’ve always been interested in pentesting and cyber-security overall, I’d say it’s my passion and know a little bit of it. I went to college for IT Engineering but I decided to drop it after 3 years since it was not giving me the tools I needed and just felt like I was wasting time I could spend learning new stuff or working and saving money, plus it was outside the US and it was not the level of knowledge I thought it would be. It’s been almost a year, I’m in the US, I’m 24, I have a decent job in Marketing as a PPC Analyst but I still think about it on a daily basis if I should still aim for a job like this. My question is, do you think it’s too late to get in the field? Do I need a degree or can I work in strong certifications to get a good job in it?
It's never too late. Check out my story: veteransec.com/2018/09/11/how-i-landed-my-first-infosec-job-in-a-competitive-market-advice-and-takeaways/. I left accounting at 26 and worked my way into cybersecurity. I make close to triple now in 3 years. If you work hard and stay motivated, nothing can get in your way. A degree doesn't matter if you have the knowledge.
that's pretty awesome! you're not just working in one field you're working in multiple fields. I like that! i'm not always stuck with just one same job.
This was a good video. I think the only thing I'm a little scared of talking to a group of people, plus writing reports. I know that's part of the job of being pentester. Keep up the group videos.
Working on my CCT and CCNA, also an A+ cert then some python and a degree in Network Administration, I really like the idea of trying to crack stuff... what should I do next education wise
I've been a System Administrator for 7 years with the DoD and I was looking on changing over to become a Pentester. It is something I've always had a passion for growing up and was wondering where I should start in regards of getting a job. I have A+, Sec+ and Linux+.
Titles are kind of overrated. It's more about the job description. Typically, no. However, I know people working as security engineers who do pentesting.
Am really enjoying this journey since i started following this channel. God will surely bless Adams in multiple folds. Am just a beginner but looking forward to becoming like him someday. I really admire your career.
Great video with lots of useful info. Quick question from someone who's interested in starting out - can you dive straight into testing web apps, without any previous pen testing experience, or is it better to firstly start off with networks?
Yes. Web apps are their own separate thing. A lot of similar methodology, but the tools and exploits vastly differ. There are people who only know how to do web apps, for example
@@moodz271 Well I finished my bootcamp in November 2021, and I just passed my Sec+ cert this week. Looking at this comment I left months ago made my day from the progress I've made since then lol
Hi. Excellent video and info; Appreciated. I am in a very high paying IT field but want to transition in to CyberSec and create a company to do so (like I have done in the afore-mentioned field). However the bottom line dollar amounts will dictate if it is feasible. - Could you please give us an idea of what the industry average is for the 40hr assignment you mention (what range is feasible to charge the client) - how does one find clients initially?
Great video! Do you have any advice as to how to set up a resume for a starter in this career? I did my masters in Digital Forensics and wrote a sample thesis for WiFi Penetrating Testing. I don’t exactly have to much work experience in this career, but everyone (those who are in this field of work) keeps telling me I am a great candidate for this career.
Great video, If you need a idea maybe focus on making that magical connection from external to internal networks, I understand what you said about credential stuffing and possibly coming over a vpn but if that is not possible what do you do social engineering or physical pentesting? Try and expand on that? I am not sure if I missed the video, I still need to watch all of your training video.
Thanks for the ideas :) I do have a couple of videos discussing credential stuffing and alternative ideas. In most assessments for an external, social engineering is out of scope. That and physical pentesting fall under their own category unfortunately.
@@TCMSecurityAcademy I am in charge of our cybersecuriy and wow everything can be so overwhelming, I am studying evey min I can if I am not busy responding or investigating alerts from our SIEM/AV/Firewall your vids is helping allot.
Hi, I'm an aspiring Pen-tester. I would like to know more about Penetration Testing job. Do you usually work alone or do you have a pentest team. One more question, as a pen-tester do you have to know how to pen-test into everything... lets say, the network, software, system, people (social engineering) or is this divided into the teams?
Hi there! Im currently finishing up my comptia security+, looking to get into entry level security first. I always wanted to be pen tester. Im sure once I get experience in security I will move forward into ethical hacking. Question: my goal is to work on remote access and travel the world. Is that possible or difficult to achieve as security analyst or ethical hacker? Thx in advance.
Bro this is the most relatable comment I've seen in a long time. I'm literally finishing up my security+ exam and planning on taking the test in the next 2-3 weeks. And I'm planning on getting into entry level security and am Interested in pen testing as well. I also have the same dream/plan to work remotely while traveling to different countries. Did you figure out more about this and do you know how it works?
@@Haidderispro I actually got the job in cyber security 13 months ago. So far they don't let me work remotely due to security reasons. At this point I am not sure if it's possible to work remotely in cyber security somewhere else. I think coding is easier to work on remote access.
@@aleksandarrikic9208 Thanks for the response and I was thinking that could be a possibility. I know people who work remotely but don't know if they can work outside the country. Maybe its dependent on the type of company though.
Thanks for the video, i also read your story and found it fascinating how you left accounting to get into IT. Very motivational since i'm in a similar fork in my life, and am about to pull the trigger on switching careers. You said you landed a help desk job by convincing them you're worth training; any tips on what certifications or skills i should acquire in order to land a help desk job? I don't have anything on my resume to show for (construction work for 10 years), but i have a lot of time and dedication.
Thanks. I didn't have any skills or certifications. Just confidence that I could do the work, which I think helped. You have to find someone willing to take a chance on you. If you want a leg up, the A+ will help immensely with your basic computer knowledge and troubleshooting skills. It will also help land an entry level job.
@@TCMSecurityAcademy got it, people were saying the a+ is unnecessary but for someone with no experience i think its better than nothing. And i know every jobs has its hardships, but are you satisfied with choosing cyber security in the IT field, or would you take a different path looking back on it
Ah, I knew I left something out! We call that "bench time". Yes, we still get paid. Perfect time to write a blog, study for a cert, read some news, build a new tool, etc. :)
I threw all your recommended books into an Amazon shopping list. Working on my eJPT and I feel like there's a lot I still just don't know. Just tired of being n00b and I want to be at least decent before my 30th bday... Now my only question is whether I should get all physical copies or should I get a Kindle and put them on there...?
Thanks for the Vid! I have just started programming and currently learning python, I have gone through quite a few tutorials and a lot of people have been suggesting to me that I should start a project asap so that I can try and apply what I have learnt so far into making something practical. I have been thinking for a while now whether I could start a project related to cyber security as this is the field that I am more interested in. What do you think? If you think that it's not half bad of an idea, would you mind suggesting a couple of feasible projects ideas? Thanks Cyber Mentor!
Do you vpn into a shared workspace from home and then do assessments into client networks from there? Or do you use your own tools on your rig and vpn into client's network(for inteneral) and do your assessments?
Hey, what a great course you have on Udemy. With you working remotely what sort of machine spec do you send your client and what sort of software do you have to call home on? Do you work on the remote machine or do you proxy chain your traffic from your machine to the remote machine?
About a year and a half. If you're curious about my journey into infosec: veteransec.com/2018/09/11/how-i-landed-my-first-infosec-job-in-a-competitive-market-advice-and-takeaways/
At the external penetration section you are talking about network pentesting. Does that mean that you are trying to break in or find vulns on wi-fi networks? Or do you mean like a server? Can a server be considered as a network? Btw nice and informative video :)
Hey dude, since you took the WAPT course lemme ask you something! I just started my journey trying to change careers and I'm doing the PTS while also following your series and reading a book here and there. Ideally I'd love to do both PTP and WAPT afterwards, but money and time being an issue, what do you reckon would be the best next step? Web apps pentesting seems a bit more promising money-wise, but being well rounded is also pretty nice. PTP apparently goes into web pentesting as well, but I'm not sure how deep or how the two courses overlap. Maybe taking the PTP and reading The Web Application Hackers Handbook is enough to kickstart a career? Anyway, haha, I'm writing too much already. Would love to hear your ideas! Thanks :)
Howdy. Start with PTP and build a hacking foundation first. The web app can come later. I think doing PTP + WAHH is a great idea. If you're passionate about web apps after that book, give the WAPT a go. It's a fantastic course, but definitely get some general pentesting chops first.
Yeah I agree with TCM, I passed my PTS and then moved straight on to OSCP and just grinded and eventually passed. I'm now doing PTP and find it sooooooo useful! There's so much in PTP that can be put to use in real pentest engagements
I just recently started my course in cyber security, not much fun just all theory. I really like what you do and what would your advice be for starter pen tester?
Can you switch from software testing to penetration testing? What would be the first steps, courses or is there a course that covers the main subjects and includes certification?
I may have missed it but how important is Wireshark or a packet analyzer to your assessments? I couldn't imagine not firing Wireshark up when doing an internal pentest at least
Would you say you enjoy your job? Do you work for a company that contracts you to other businesses? Like do you have to travel to businesses around the area
I work for myself now and I did enjoy my job at the time of the video. Companies pay to do pentest work as a consultant not a contractor (in my work experience). I did not travel much and now only travel if the client wants me there. Usually they dont want to front that bill :)
Thank you for this video. I'm a junior in University majoring in Cyber security. This year I plan on (hopefully) getting an internship. My ultimate goal is to be able to work from home, so hearing that's what you do is reassuring. Do you set your own schedules? I'm more of an early bird so I like to begin my work around 4 a.m or 5.
Hey man i had to drop out in highschool becuase of personal reasons i dont have my grade 8 or amything im supposed to be in grade 10 this year and i want to become a pen tester its always been a goal of mine i bought 2 courses of of udemy and i was wondering am i able to get a job as a pentester without school ... if so i want to do it online cuz i live in south africa and there arent alot of jobs here so could i work overseas from here in sa and where do i look for jobs its alot to ask im just wondering and also do i have to freelance and look for clients or do i work for a company
Is it possible? Sure. It's going to be an uphill battle though. You're going to have to prove you're knowledgeable on the topic and have the drive to stay focused and finish tasks at hand. School is only partly for education. It also shows you're able to finish what you started. I don't know your situation, so just focus on being the best version of you that you can be. Start working on Hack The Box and other cheap resources. If you can get to a really high level, even Omni, you might get taken more seriously through their job boards. That's just one thought path. There are many avenues in, but they all consist of hard work. Remote is also possible with a ton of patience and good skill level. It will be hard to obtain as a first job, but it's possible because I did it :)
A video idea maybe is to show wbat is required to be a pentester what knowledge is required i jave been messing with linix since i was 13 its just a idea if youre interested
With you working from home primarily how do you go about wireless assessment? Do you deploy a machine and network card to the client site and remote into it?
Is it a relaxing job? (Apart from the report writing) Sorry if the questions sounds dumb but while you descibe everything you do in the video, one can't see you doing it and it's still hard to imagine how a day of you/ a pentester actually looks like :/
hey great content in your channel new sub here!...one question im gonna take your zero to hero course but i'm trying to hackthebox do u think i can get it? or i need to study more from some books? ....i'm gonna try to do this as my main job and thanks again!....sorry for my english i'snt my native language saludos from venezuela!
Alright this is definitely not the question I want to ask you but when you mention your Alfa card, you also say GPS dongle ? I just wanted to know the uses of a GPS dongle on an internal/external pentest ? I still have another important question for you , its about my career. Is there an inbox where I can send you a short message ? Its not crazy personal or anything I just do not feel comfortable putting information like that on RU-vid. Thanks
What's your opinion on becoming a pen-tester with automated pen-testing emerging. Companies would want to purchase a.i testing as it's faster, makes less mistakes than humans and is a 1 off cost in some cases. Is the future of pen-testers doomed like factory workers? Software from companies like pcysys/netsparker
What's your favorite password cracker ? I'm definitely no hacker but I here Cain and Abel is great as you can test for a MITM attack, arp poisoning ...etc. Also what DoS [Denial of Service] tool do you prefer most to see if a client has good DoS mitigation ?
im 16 bout to be 17 and i been looking into comp sci,(IT), and networking cause i always liked computers i was just kinda too nervous about them cause i felt i had to be some type of prodigy to know this stuff and now im getting into it...im learning the basics of python rn but i kinda feel like its too late for me to learn all this stuff idky...so can someone tell me is it to let for me to get into this in college...cause ethical hacking sounds very intresting to me and i want to expand my knowledge in IT and computer science just dont know where to start...
I don't understand why everyone seems to dislike making the reports... To me it seems fun and badass to make the assessement of the hacks that you did during your journey and the results, as much fun than doing the actual hacking work lol
Nah. I'm a terrible coder. It helps, certainly. At minimum, you should understand coding concepts and logic, but you don't have to be a full on dev to be successful. Start with Python and go from there
The Cyber Mentor good to know, and yes I’m pretty sure I know most concepts. im thinking about getting an ethical hacker certification from a boot camp. Do you think employers would like to see that on a resume? I’ve hear programmers from boot camps are particularly lucky.
What about like physically pen testing (really any pen testing/cyber security position that doesn't have you sitting at a desk all day).. is there a position that mostly does that?
Yes, but it's really rare. The ones I have done were checklists provided by a client for compliance purposes. You fill out the checklist like an audit. We also sometimes do console assessments where we review security postures (take a firewall for example) or cloud assessments, which also assesses security posture. These are all few and far between, so I dont count them as day to day. Some shops might not do them at all.
@@TCMSecurityAcademy More people should do them. Especially osint risk assessments. Osint is one of the first things I go to for pretty much everything. I want to be a pentester (social engineer) after I get done with school. (I'm doing my AAS in network engineering then hopefully a BAS in Cybersecurity at my school.)
Hey hope you are good. I am 38 and just in the process of retraining from a completely different career into IT. I am working towards cyber security qualifications, am I too old at 38?
I tried computer system technician program and I failed and hated it. And I love technology but that program messed me up. Cybersecurity seems to be something up my alley, do you think I should go for certification or a diploma? Id rather not waste money on diploma and just get a cert