Entry Level Pentesting jobs?Penetration Testing and Ethical Hacking Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Penetration Testing and Ethical Hacking Course Entry Level Pentesting jobs?


This topic contains 17 replies, has 12 voices, and was last updated by  Chambo 5 years ago.

Viewing 18 posts - 1 through 18 (of 18 total)
  • Author
  • #3333

    Jonathan Hubbard

    Ok, so I’m pretty new to this stuff. I’ve been a programmer for 7 years or so collectively, set up my own servers, know databases well… I’ve had a job pay for the ecc bootcamp class… been putting off the certification exam for awhile, mostly because I’ve seen here and there that “paper certs” are no competition for having DONE it… and I’m sure that this field is just like programming… I learned my first week on the job than I did in 4 years at a good college. Except this is the one I REALLY want myself to do. I try and find good how to videos, and I can mimic some stuff, I’m getting pretty comfortable in Kali, but anytime I do a search for a job to get my foot in the door, I see the requirements of “2 years previous experience…” I’m sure that’s why my resume’s, no matter how many keywords I put in them, aren’t even getting read… The closest I came to breaking in was a company that saw something I’d put in my careerbuilder profile, and they got all excited about my passion for the subject… and then I lost out, basically to a guy with more coding experience (an internal hire, as well) than I had… Now, I know milwaukee doesn’t have the biggest tech sector in the world, but there’s got to be SOMEwhere that actually reads like “looking for enthusiastic entry level pentester”… you see it for all the other I.T. fields… am I the only one who doesn’t see any clear way into this field as a profession?



    I see a lot of these jobs on indeed.com , jus keep kicking in doors and something will land.

    Are you a veteran by chance ?


    Also ill have to find the link or admin can chime in, trainace is having a competition in june, and it is comprised of 3 tests , the score you make will be recorded on your profile and there is a virtual job seminar afterwards . You might be able to get picked up there for a pen tester job




    Check that page out, pass there test and possibly get selected for there Tiger Team. That would open endless doors



    Coop: Thanks for helping your fellow member out!



    Hello Jonathan,

    There are some companies that are willing to hire with at least one year of experience or willing to accept bachelors and above level in education in place thereof. In reference to regions in the U.S., the southeast region such as Florida, seems to have a less demand on experience than other regions.

    Check out cybercoders.com

    Your programming background with the passion for cyber security is a combination that many recruiters on the site are looking for! Continue to emphasize the pen testing and training that you have in your resume because somebody will look at it!


    Jonathan Hubbard

    the ec- council cehv8 class was actually the class I took… I’ve been stalling on taking the exam… partly because I’m crazy busy, but I’m also worried that I’ll fail over obscure questions that I wouldn’t have come across not ever having been a network admin…so it’s actually reassuring that I took the right training. I’ve got a month before I take it…

    I actually did just get one call, and I got told my background and enthusiasm were exactly what they wanted, and that if I had the cert, the job Would have been mine… I feel a little dumb now for takings too seriously comments I heard here and there that paper certs weren’t worth the paper they’re printed on… they went as far as to tell me that I should take a couple months, get the cert and maybe learn some bash or python, and if I kept them in the loop, at the end of that time I’d have an offer… I don’t know that I can count on that, but it’s good to hear that they aren’t alone in having those criteria (enthusiasm and developent background) at the top…

    And now I am off to go check out cybercoders. I think I might be closer than I thought… the one thing I just need to find myself still, I think, is an actual white hat who works in the Milwaukee area… I know one consistent piece I see people mention that I lack is some connections. Any suggestions on finding out how to reach out to any that might be around here? And just to be optimistic, let’s say I can pull of the 70% necessary for the cert, what suggestions would any of you have for quick little stuff I could get to know well enough in a month or two to really both show my enthusiasm as well as having something that’ll make my resume stand out next to other entry level applicants?


    Jonathan Hubbard

    Oh, and BTW, thanks for the solid advice and encouragement to all of you… just what I needed to bounce back from the initial let down of thinking that I had just missed the one good fit for a foot in the door… I was almost ready to give up there for a moment…



    Hello Jonathan,

    There are ways that you can definitely show your passion for cyber security. Many employers want to see experience that come from an employer yet you can do a few things to get some things going for your resume. Check out the AFA CyberPatriot Competition. It’s sponsored by Northdrop Grumnan and it’s a great way to show your knowledge of cybersecurity by becoming a mentor and helping the youth in cybersecurity. Also, re-evaluate your programming experience and see if it fits anything that’s related to malware analysis or reverse engineering. There are many cyber security engineer positions that often desire the skill of one that has a programming background so you have an advantage! I would advise you also to not attempt to become an expert in everything because that’s virtually impossible..lol..that’s why there’s teamwork in cybersecurity! Find out at least two things that you feel that you could have an expertise in and just have a base knowledge in everything else.




    Check that link out , that will help you find a group somewhere around you. If you get in with them, you can real network yourself and go where ever.


    Jonathan Hubbard

    sorry for the absence… every time I come to the site, I try and watch at least one video on the ceh, and usually get caught up in it…
    @whitehat4ever – i think a competition might be beyond me still… I’m still trying to get enough basics down to get taken seriously my people who actually know their stuff, not just the programmer next to me who doesn’t know much about a 3 way handshake… what I need is to find a group that might have some kind of mentoring, beyond pointing me to the vulnerable servers that are set up for us to practice on… the name escapes me after this long of a day… or at least a group that looks to expand their knowledge by sharing/teaching, where every topic isn’t going to be super expert level plus…
    @coop — I checked out infoguard for milwaukee,not much there since last spring… and was kinda hard to tell what their mission was… teaching? or just discussion the zero days and latest holes in windows servers etc… like I said before, I need some fundamentals beyond the book-learning (metaphor). I do know one person who’s brilliant at all this… a grey hat who’s been in it for a long time, kinda retired now, and doesn’t work in I.t. at all anyway; I get the occasional good tip from her, but i feel bad when that’s really her hobby at most these days, and while she’s def an expert, the way I know her (yes I’m being vague) makes me not want to bother her on a daily basis…

    as an update, I’m loving the free ceh here… just like the global knowledge course, but better examples, and I can pause, rewind, try again, and of course, it’s not 4000 dollars… I’m taking my time, trying to really lock in every part, since there isn’t a time crunch this time around, but i have hit one snag.. I can’t seem to get etherape to install in kali… i know it’s to do with the dependencies… any links of simple how-to’s for that one? why was it removed from kali anyway? seems like a nice tool, especially if you were trying to explain traffic to a non-techy… thoughts? also looking forward to python, as I know that’s a skill they look for that wasn’t even touched in my previous education in pentesting…



    As far as etherape goes, that was the old packet sniffer? Wireshark for GUI and tcpdump for commandline are what’s being used everywhere I’ve worked. I know the graphics are nice to show others but functionality is key.

    Entry level pentesting is rare. It’s not really an entry level job. Getting in to security as an entry level job altogether is difficult. Honestly it’s not impossible, but it’s much easier to go entry level networking (CCNA type work), then security/analysis, then pentesting. It’s slower, but you’ll learn more along the way. Companies want to see the experience and the knowledge that comes with it.

    BUT do NOT stop trying to get that pentester job. Work in IT, try to focus on security, keep updating and sending our your resume, as you gain experience and education you’ll get more calls for more specialized positions. I’ve seen a lot of people move in to positions and refuse to leave for at least two years. I’m always looking to learn more, move up, etc.



    I’ll second or third what others have said. Passion goes a long way in our industry. Get a lab setup and put some vulnerable CTF VMs, and use the CEH tools to hack them. Setup wifi APs with old WRT54g hardware and show that you can demonstrate cracking a WPA/WPA2 password or a WPS PIN with Reaver.

    If you’re a developer, and better, can speak to developers about securing code, you can write your salary most any place. Talking to developers about security, and sitting down with them to show them where their code falls short is something a great many infosec professional lack. Can you point out use-after-free errors? Off-by-one errors? You do that, and you’ll have a job.

    Last thing I’ll say is networking is key. ISSA, OWASP, Defcon/BlackHat, Bsides events, DerbyCon. Go to these things, talk to folks, get on Twitter and follow #infosec and people in infosec. Start a blog.

    You’ll find in time you won’t need that entry-level pentester position…



    So just out of curiosity, what is the usually the average time that it too you guys to find your jobs? If I may pry. I have been a CEH since Oct of last year after being officially out of IT for 5 years. I have gone to one conference so far which happens to be where I took the exam. I think what hurts me most is that I’m not currently in an IT field but I can’t exactly change that being in the military. I have lots of IT duties outside of my specialty though. I’m not going to get all into the weeds with everything on a public forum but I’m curious as to how long some of you guys looked or maybe if I’m missing some other key certification somewhere that I have overlooked.



    This is definitely a helpful topic for me as well. I’m just starting out in the area of Infosec but have background in programming, mostly self-taught at that. My biggest problem is where I live. It seems like an interest in IT altogether is rare (southern Louisiana), and even rarer: this area of IT!

    I have a long way to go but I keep hoping to find people less than 100 miles away, to network with and get involved with, to at least start SOMEthing. I feel like I may have to resort to putting out ads in a paper, freelancing/consulting once I get knowledgeable enough. I’m also a pastor, so perhaps even free work for other churches could help in the realm of experience.



    Hi Daraniya,

    I was interested in what you said about secure coding. I am a front-end developer. I have had some networking and network security experience before for a small company using OSSIM. I am currently getting my MISM in Information Security now. I was actually interested in security jobs with some programming and I read your post. Is there a place online that gives types of secure programming that is in demand, like use after free errors and Off by one errors? Thanks



    DO NOT UNDERESTIMATE YOUR EXPERIENCE & KNOWLEDGE BASE. For the original post: seven years in programming sounds like more than the two years they were looking for in the entry level positions. I review resumes a lot and I’m always amazed at how little effort people put into writing their resume for the position they are applying for at the time. I was guilty of this for a very long time… well basically until I got to the other side of the interview table. Don’t ever lie on your resume, but don’t just focus on what you did in your past positions.

    You need to focus on what you did in your past positions that is relevant to the job that you are applying for. For example, in your previous programming jobs, I can only assume that you tested the systems that you worked on. Maybe even ran an automated tool against (e.g. a “scan”). Made sure that your code worked properly? (e.g. a stress test or functionality test?). Look at the job post, look at other job posts, and look for the words they are using. Use those phrases in your resume effectively (and honestly). With a little bit of magic, you could be applying for positions requiring 3-5 years of experience. Just don’t get defeated by the stupid application process.

    And yes, location obviously matters quite a bit.

    @vinny- if you’re currently active duty looking for contractor roles, those are usually immediate hire positions (<45 days). I was on terminal leave with a week left of paycheck when I got my first interview… after applying for hundreds of jobs. the job fairs were worthless (from my experience). the VA can definitely help. If you don’t have your degree, you better be working on it. It’s a game changer. You can also check out the VA’s VocRehab program. It’s similar to Post 9/11 GI Bill (BAH, tuition, etc.), but there’s no “buy-in” like there was with the GI Bill and it can be used on top of or separately than the GI Bill.



    If you want to work as a pentester I would advice for a practical course such as SANS (very expensive) or OSCP (more affordable). OSCP exam is a practical one and if you pass it you are able to do pentests!



    Hi Jonathon 🙂
    Keep your dream alive – persistence and practice do pay off – and please do keep us posted on your pursuit to getting your CEH cert!

Viewing 18 posts - 1 through 18 (of 18 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?