8Gaining Experience

One of the hardest things about starting a new career is getting experience. Even entry-level jobs commonly require experience. This chapter will focus on some of the ways that you can get the experience you need to be employed as a pentester.

Graphic depiction that Chapter 8 focuses on some of the ways that you can get the experience you need be employed as a pentester - Capture the Flag (CTF) competitions, bug bounty programs, pro bono and volunteer work.

Capture the Flag

Capture the Flag (CTF) competitions are a way to gain ethical hacking experience. CTFs conduct hacking and other challenges that build infosec skills. Some CTFs have a greater focus on hacking, and these are the best options for those who want to be pentesters. CTFs can help you develop hacking skills and the hacker mindset. You can download CTF virtual machines, uploaded by CTF creators, from VulnHub (www.vulnhub.com). You can also find CTFs at conferences and meetups. Following are some great resources for CTFs:

  • CTFtime: This is a great resource for finding a schedule of CTFs (ctftime.org).
  • picoCTF: picoCTF is a good resource to check first for finding CTF competitions (picoctf.com).
  • VulnHub: VulnHub lists VMs that were previously used for CTFs ( vulnhub.com ).
  • OverTheWire—Wargames: OverTheWire is a great resource for CTFs, and it offers several CTF competitions that you can try (overthewire.org/wargames).

Get The Pentester BluePrint now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.