Training in Penetration Testing can be a very difficult and frustrating experience. It’s filled with coma inducing highs and equally worrying lows. There’s no rule or routine to it. Grabbing a Domain Admin account using an exploit found 8 years ago can leave you feeling both sets of feelings when it sinks in that you managed it using something that has either been patched since then or never enabled on default server builds.
To prevent the damaging lows, we try our best to progress everyday or at least have learned something new every few days. When you hit a wall it can have quite devastating effects. Much like every other journey, there are pathways. When training in Infosec you hit many crossroads and forks with no signs to tell you where they lead. You just have to trust your gut. Experience helps over time, however, at the beginning there is a lot of direction changing as you jump from one subject to another with no real direction.
You’re not good enough!
Something you tell yourself every other day. You read a tweet, view a job advertisement or watch a video from 6 years ago and have no idea what they are talking about. You want to cry out for a mentor. Someone to say “It’s ok, here’s where you need to be” however, sometimes you’re too proud to ask. Sometimes a snippet of information can open up a whole world of new information. This can also lead you to feel very behind as it seems like it’s already been done before.
You are good enough!!
It’s difficult to see how far we’ve come when we’re always looking ahead. Remember when you couldn’t understand Nmap? or when you just inserted ‘ OR 1=1 — on every login prompt because you thought it worked on everything? What about the time you couldn’t recognise a Caesar Cipher in a CTF or when a password is base64 encoded and you closed down the window.
The things that get you down now may well be the thing you excel at later. I’ve seen a few give up already, and while it’s a difficult industry, not only to get a job in, but to stand out in, it’s a worthwhile adventure. If you can learn your breaking points, how to move past them or when to actually take a break, you will achieve more.
Having a job in infosec is of course, the ultimate aim. However, you cannot let that focus derail you. You need to bring something to the table when someone invites you for dinner.
- Willingness to learn
All qualities that can’t be taught in a course or online. You’re either keen as a fox or you’re not. More often than not people see the work involved and give up. For those who continue to climb that mountain with no real view of the top. Well Done! keep going. For me I’ll continue trusting my gut and seek out the information on-line. After all what kind of Pen Tester would I be if I kept asking questions of people all the time? If you can’t find the information for yourself, you’re not going to be a very good Pen Tester.