The Epidemic of Misinformation
At least daily, I come across some very confused people looking to start training in Cyber Security / Penetration Testing. They are confused mostly by no fault of their own. After all, there is a lot of dis-information online, and shows like Mr. Robot that don’t make matters any better. And unfortunately due to the UN-realistic nature of these shows, movies and information online, these potential Cyber Security warriors are duped into believing that there is some magic tool to fast track them to Cyber Stardom. I’ve written about this in a Previous Post about the golden child of the game, Kali Linux.
So, I want to try and dispel some rumors or misconceptions in this blog article, and hopefully set some would be Cyber Security Heroes straight.
Firstly, you can’t just skip past go and collect $100k+ per year as a Cyber Security Expert. It takes many sleepless nights over a period of many years of training to reach the level of technical expertise to land that monster pay check. Watching some Random Youtube Videos with some guy typing into a notepad with felonious spelling atrocities, zooming in and out of a terminal at a rate that would make you motion sick is not going to get you there. Seriously, it will not.
Secondly, speaking of Youtube, and other free training mediums. I find a lot of people balking about Professional Level Training Prices. And Look, I get it, the economy is unstable and a lot of people may not be able to afford the higher end training like SANS, or the like. But if you are thinking that by not investing some money into proper training, and flying by the seat of your pants on sites like Youtube, Udemy (to name a few) is going to land you that super awesome CyberSec job making $100k+ a year, you are severely mistaken. You can’t watch a few udemy courses and go sit for the OSCP, or even the CEH for that matter. You will waste your money on the exam voucher and fail.
Third, speaking about investing in yourself. Do you think these Industry Exams are FREE? No, they are not. In some cases they are hundreds of dollars, and in some other cases they can approach the thousands of dollars mark quite quickly. So, you will have to pony up the green paper at some point, so wouldn’t it be better to Invest in your proper training first so you don’t waste your money later by failing the Exam?
Fourth, Speaking about Industry Certifications, and I will make a few points here, is that they DO Matter. It will be a very super rare occasion that anyone can land even an interview without some of them (even the basic ones) on your Resume. To make another point here while speaking about Certifications, Don’t shoot from the hip and go for everything that has the words “Cyber Security” in it.
Fifth, Don’t fall for the Certification Hype. I know that sounds contradictory to what I just said, but hear me out. A lot of the companies that are hiring want hands on experience in conjunction with the Certifications. So you may be asking yourself “How the heck do I do that, if I can’t get a job without the provable experience?” And you’re right to ask that question, as so many do. Let me try and list a couple of things to help;
1. I have seen quite the influx of some of these online training places offering “internships”, and I use that term lightly, because often times it’s a dubious sales tactic. Why? Because some places charge YOU to intern with them. Yes, you read that right. They CHARGE YOU. Seems crazy right? But some people are desperate to have that “Hands on Experience”. Let me be the first one to tell you, YOU should NEVER PAY for an internship. That’s just absurd in my opinion.
2. Speaking of internships, a lot of these same types of places say they will write you a letter of recommendation. So be sure to get that in writing, or email, or something before you commit to these “intern” style programs. Often times they make you do work for them, and leave you hanging at the end. Here at PentesterUniversity we do not offer internships. However, we do offer a personalized written letter of Recommendation ONLY after you successfully pass our Certification Exams, which will demonstrate your skill level.Trust me, I won’t put my name and reputation on the line for just anyone, and the final exam is very difficult.
I can probably go on for hours on this subject, but I will spare you the time. The bottom line is, in order to get to a $100k+ Job in Cyber Security you have to start at the bottom and work your way up. And that means starting with a good learning plan and training, Don’t be afraid to hire a Mentor or Coach either, it helps for accountability and drive. Someone to keep you on course, guide you (not do for you) through the process and the obstacles, someone to keep you motivated and focused. I believe that is important for a students success, because if it was so easy to hit the top so fast, everyone would be doing it, and doing it quickly, which is not the case. And in case you were wondering, yes, we offer that here at Pentester University.
If you have any questions going forward, please feel free to email me anytime.