Technical Thursday

Becoming a security tester, challenge accepted

03 Feb

Posted by: Eva

Category: security testing

Recently we added “Security Testing” to our solutions portfolio. To be able to respond to market demands we implemented a “cybersecurity” workforce. Interested Brighters can join the workforce to expand their knowledge and to do projects as a security tester. In this context Gertjan tells us about his journey towards becoming a security tester.

Last September I started at Brightest. During the recruitment process I already mentioned my interest in cybersecurity and was pleased to hear that Brightest had a cybersecurity workforce to meet the market demands in that direction (take a look at our security testing solution). So far, I gobbled up the knowledge I could gain from that workforce like candy. Reviewing the new OWASP top 10, getting to know and use Burp suite, cracking the OWASP juice shop, and so much more. The first months have been challenging and exiting.

Courses for hands-on experience

With the end of the year in sight, the career-path meeting came along with It. Brightest motto is “aim high” and I’m always looking for a challenge. This was probably the most knowledge hungry I’ve been for as long as I could remember. I really wanted to take it to a next step and learn how to perform a decent pentest. So, I searched which courses would give me the most hands on experience, which certifications mean something, and which ones would challenge me.

It was clear that I could choose from a wide variety. So, I just looked for which certificate was known as one the hardest. The same answer always popped-up: OSCP from Offensive Security. The more I read about It, the more It triggered me. The more It also scared me.

The OSCP certification

The OSCP certification stands for Offensive Security Certified Pentester. It’s created by the makers of Kali Linux. And their motto is “try harder”. Enough said… The course is built out of a manual, videos and virtual machines where you have to complete challenges (capture the flag, etc.). That’s the first reason why It is said to be hard. It is hands on, and the theory will only get you so far. You have to prove you understand and can execute the actions needed and if needed, do your own research. The second reason is because the exam to get certified takes 48 hours. The first 24 hours for hacking and the last 24 hours for reporting the vulnerabilities you found to Offensive Security. Yikes.

Of course, the doubt settled in. I’m no scripting expert; Linux is relatively new to me, and the free time investment would be huge … But then again, nothing worthwhile is easy.
So, I decided to ask Brightest to let me in the course anyway. I was so happy they agreed. The road would be long and hard, but I would be paving It.

Their motto is “try harder”

One month in

The first month has been challenging. But in a good way. Due to my limited Linux knowledge, I started with foundational labs, and they cover what’s needed. I’m challenged in each lab, which makes it fun and sometimes drives me crazy. I’ve been putting in the work each day and have learned that sometimes, you must take a step back, take a breath, and look at It again from another angle. The “try harder” part wasn’t a joke.

Sometimes you solve a lab which was estimated to only take about 30 minutes in 3 hours. Sometimes you solve a lab which was estimated to take 120 minutes in an hour. Everyone learns at a different pace, but I’m locked in and already gained more knowledge in a month than I could’ve imagined. Next up are Windows labs, which from an admin point of view will give a different view than I’m familiar with. Looking forward to It.

Got to go now.
Got some learning to do. Until next update!