top | item 15155082

(no title)

vmarquet | 8 years ago

A way to validate that you're genuinely interested in penetration testing and to learn is to do challenges on sites like https://www.root-me.org/ for example. It's not necessarily realistic challenges, meaning there can be challenges on vulnerabilities you're very unlikely to see in real life, but you'll always learn something If the challenge does not teach you on some kind of vulnerability, at least it will teach you about how to think and do research, which is the most valuable.

I've seen companies filter candidates based on their score on such platforms. For example, for a junior position in penetration testing, they asked for at least 3000 points on root-me (but it was a few years ago, the number of challenges on the site has increased so it would make sense if they had increased their minimum points requirement).

Compared to certifications, it has two enormous advantages: it's fun, and it's free. I've started that way and never regretted it. I've not needed a certification to land a penetration testing job in a serious company (this was in France though, I don't know much about practices in other countries).

discuss

No comments yet.