Age is Just a Number

Cyber Security Has No Age Limits.

I often get asked by potential students “I’m xx Years old. Am I too old/young to get started in Cyber Security?” and the answer is always the same; no.?

At Pentester University we have students of all ages, some not even in high school yet, and some that are retired from another previous career. The fact of the matter is, that no matter how old or young you are, its never to late or too early to get started in Cyber Security.?

Here’s the thing; your age will not determine your learning abilities, despite the old saying “You can’t teach an old dog new tricks, and you can’t teach a young old tricks.” It’s you who determined your learning abilities. With hard work, determination, and focus, you can learn Cyber Security at any age. Heck, I know some 5 year olds that know how to use an iPhone better than me. Whose fault is that? Mine. Why? Because I haven’t devoted the time to adequately learn more about it.?

At Pentester University, I try and break down all of the technical jargon and media based buzz words into something that you can easily understand. Something you can digest, and retain without it being super boring like similar online training has been known to be.?

Sharing is Caring:

Scope Creep: Escaping the Madness

Have you heard the term “Scope Creep” before? Chances are you haven’t, because it’s one of the most commonly missed things to be mindful of in Information Security / Cyber Security.?

What is “Scope Creep”?

Usually during the pre-engagement phase of Penetration Testing, while you are defining your contract, you set aside a block of hours that you feel will serve as the proper amount of time to properly test your client according to the SOW (Statement of Work). This block of time is considered as the “Scope”.?

Scope creep is when a client commonly says to you “Oh hey, While you are here, can you test this ________ also, it’s something we forgot to include in the initial engagement.” And trust me, this happens more than it doesn’t. And most Pentesters are so happy to have landed another contract, they work harder to oblige the client, and work it into the already existing scope of work.?

But here’s the thing; aside from the legal problems this can pose, it will eat up more of your pre-determined block of time (scope) and you will find yourself working longer, thus decreasing profits. ?Now if you have been enrolled in our Penetration Testing for Beginners course, you will know that I constantly bring up this issue, and warn you should never work for free. In fact, there is a way to hit the ESC key on this common debacle, while still meeting the clients request.


Escaping the Creep:

One successful way I have found to do this is is approaching your client in a manner that makes them aware that you want to help, but also you need to get paid extra. ?For instance:

“No problem Mr. Customer, I certainly understand. So what I will do is have a separate Statement of Work drawn up to include the added time and resources?that will go into testing the additional resources you mentioned. Once we?get that signed and returned back, we will go ahead and work that into the schedule. Where should I send it, to your email?”

You should never ever work for free. There will never be any benefit to it, and in fact, most clients will take that as a sign of weakness, and during the rest of your business relationship, will always seem to have “Forgotten to include that” in the statement of work. It’s a serious trap. Don’t fall victim to it.?

So by now, I hope that you are able to understand how Scope Creep can negatively impact your time and resources, and now how to effective hit the ESC key in a manner that makes the intent clear and concise.?


If you have enjoyed this article, please share it with your friends and colleagues.?

Sharing is Caring:

The Best Hacking Tool of 2017

“What is the best Hacking Tool of 2017?”

I see this question posted daily on Quora, and many CyberSec Facebook groups I belong to, so I thought I’d clear it up, hopefully (doubtfully) once and for all.?

The very best Hacking tool you will ever have (drum roll please…) is YOU. Please allow me to repeat that;

The Very Best Hacking tool you will ever have is YOU.?

No, Contrary to Popular Belief, It’s not Kali Linux, or BackBox, or ParrotOS, or what ever else distribution or tool set you could imagine. It’s Simply You.

Let me explain;?

Anyone, and I mean anyone, can open an application, type some commands or click some buttons and still miss their target almost every time. Why? Because they aren’t using Logical approaches. Out of shear and random luck, sometimes you will get some results, but then again, you’re playing the guessing game taking what you THINK is the next step.

You see, without using Logic and a firm Understanding of the “Phases of Penetration Testing”, you’ve already lost the battle. You’re just going to wind up Frustrated, and burned out from wasting so much valuable time. You might even break some stuff unintentionally.?

The use of Logic with the Phases of Penetration Testing?is something we very much go over in-depth at Pentester University

And listen, this is usually not any fault of your own. Other training Platforms like Udemy and the like simply don’t teach these two simple principles. How can they? Most of them don’t understand this or even how important it is in Penetration Testing.

I tested this theory and signed up for a few Popular Ethical Hacking courses on udemy for my research. And I have literally never been so disappointed with what I watched. But really, this should be it’s own topic in of itself.. so I will spare you for now :-)?



Sign up for our 14 Day Trial



Sharing is Caring:

Trumps Cyber-Security Executive Order

No matter if you love Trump, or hate Trump, he’s serious about the future of Cyber Security

Last week President Donald Trump issued an Executive order outlining his plans for Strengthening Americas Cyber Security Infrastructure. ?You probably haven’t heard much about it though, since it was immediately eclipsed by other news events like the Firing of FBI Director Comey, and then the super outbreak of the WannaCry super bug.?

According to TechCrunch’s Article one key thing that is important for us in the Cyber Security Private sector is this;

The EO?s call for federal government agencies ??especially civilian agencies ? to seek opportunities to share cyber technology makes a great deal of sense.”

And that couldn’t make me any happier, especially since Fridays Super Bug WannaCry kept SecOps up well over the entire weekend. Also, that is GREAT NEWS if you are seeking to start your own Cyber Security Firm.?

In Fact, since this news broke, I have received a ton of emails and calls regarding our Cyber Security Career Coaching services.

Do you remember the dot com boom of the late 90’s, early 2000’s? This is very similar, expect, unlike the dot com boom, there is no bubble or crash insight in the foreseeable future. So, roll up your sleeves folks, Cyber Security is going to be strong, no scratch that, Super Strong in terms of Budgets and Earnings. Are you ready for it?

So if you have been contemplating a Career in Cyber Security, and have questioned the validity and the future of the field, you now have your answer. Timbuk 3 (an 80’s Band said it best: “The future is so bright, I gotta wear shades”




Sign up for a 10 Day Ethical Hacker?Training Trial?

Sharing is Caring:

YouTube Ruins Online Education

This post is really a double edge sword for me personally, because YouTube is?how I got my start into online training. It’s how we built an audience of super awesome people, eager to learn. And it hurts me to admit this, but YouTube is a Terrible Place to Learn Ethical Hacking.

Let me explain;

I’m sure you’ve been there. You go to Youtube to get some information about something related to Ethical Hacking / Penetration Testing / Cyber Security only to spend countless hours watching someone type commands into a terminal, and explain it via typing (with many errors) into a notepad. The crazy zoom in and zoom out, it’s enough to make you dizzy. But, like a trooper, you suffer through it in hopes that you will be able to pull off what ever it was you were looking for. So, you get started, and realize that the YouTuber was full of crap. Nothing they showed is working for you, and now you are back at square one, frustrated and feeling defeated. Usually, people just wind up quitting at that point, and feeling like this whole Cyber Security thing is wizardry and stupid.

BUT, here’s the thing;

What I have found (even before we created the NetSecNow Channel) is that these supposed “Teachers” are just regurgitating something they found somewhere else. Seriously, how many times do you see the same titles, and each video is just worse and worse. It’s enough to make your head spin.

Most of the things you find for Cyber Security on Youtube is outdated. As such, our Industry Niche is one of the fastest changing and evolving of all IT related careers. So It’s impossible to be current on a platform like YouTube, especially with all of the outdated dis-information out there.

And maybe that’s fine for some people on a $0.00 budget who are trying to get into Cyber Security Professionally, but it’s just time wasted usually.

Sharing is Caring:

Overcoming Defeat in Penetration Testing

So if you ever practiced Penetration testing, or conducted a Penetration Test for a company, then you may have?been met with the ever so frustrating?sign of Defeat. What’s important to remember is you’re not the only one, and this won’t be the last time this happens.

It’s common to run into road blocks in Penetration Testing, stubborn firewalls, strict IP ingress/egress filtering, Crazy Sensitive A/V, etc etc. This leads to Frustration (Severe in some cases) and ultimately will lead to your own demise of success. I find the more frustrated some people get, especially in this career, the harder it is to focus and continue on. This my good friends is none other than, defeat. And sometimes, even if only Temporary, it’s important to admit defeat to yourself, step back, take a break, and re-assess the situation or plan of attack. Often times, it’s something so simple that you are over looking and making yourself crazy with, that simply stepping back, and re-engaging with a clear head will show prevalence and mitigate defeat.


Defeat is unfortunately going to be part of you, for as long as you are alive, in all facets of life, not just pentesting. But as you grow older, gain experience, it becomes easier to recognize it, and overcome it. So don’t get bummed out, or feel alone, because you shouldn’t be, and you’re not.

Sharing is Caring:

Picking the Best Online Cyber Security Training

If you are reading this blog post, you’ve probably been searching around for online cyber security training and are confused by how many results there are, what course to choose, and where to start in general. I hope this blog post will help you in Picking The Best Online Cyber Security Training.

Cyber Security is a very in-demand career, especially after all of the public mention of large, and small companies, Local and Federal Governments, and pretty much everyone getting hacked in 2016. No one was safe. So, if you have ever considered a career in Cyber Security, there is no better time than right now in 2017.

But here’s the thing, because of this so many “new” Online Cyber Security Training Facilities have popped up all over the internet, making it even more confusing for potential students to pick one. And you’re not alone. So many of these online training facilities offer so many different things; Training, Certification, Test Vouchers, Boot camps, Fast Tracks, and the list goes on for miles. Most of these “things” are just buzz words, so here’s how to choose an Online Cyber Security Training Facility.



Since it seems like almost every day a new “Cyber Security Training Facility” pops up, you should find out how long your potential choice has been around. If they are relatively new, or not known well, chances are they will close their internet doors in 6 months or less.


What do they offer?

Here’s the thing, what they offer is just as important as what they DON’T offer. Do they offer beginner classes??7 Day Bootcamp courses? :Cringe:, Do they offer Industry certifications, or do they self-certify? How long is the access to content, 7 days, 1 month, 1 year, lifetime? Support: 1-on-1, self study, forums, email support, anything at all?



While I’d advise against price being your deciding factor, it is something important to consider. If you are a beginner, you certainly should not cough up $5k per course right away. That’s entirely too much. On the flip-side, You do get what you pay for. For example, there are some free courses out there, and while I can’t personally say if they are any good, I do however live by the old adage: “You get what you pay for. Nothing in life ever comes for free, and if it does, it’s not worth the time you invest.”



It’s really hard to find an Online Cyber Security Training Facility that caters to complete beginners. It’s much harder to teach a complete beginner than it is to teach someone with experience, especially in Cyber Security. However, there are Organizations out there who do a really great job Training Complete Beginners Start to Finish, Step By Step in Cyber Security Training. We happen to be one of them.



I always CRINGE and turn the other way when I hear this buzz word. It makes my skin crawl. The reason why is simple; while is a good tool for seasoned professionals looking to up their game and get a new certification, these same Boot-camps wind up duping unsuspecting students into paying a boat load of cash for an ultra stressful, fast paced specific certification training course. Unless your sole intent is to pass a specific exam, and you already have a bunch of experience, don’t get sucked into this buzz word trap. It could cost you $5,000 per course, only to be completely lost in the material.


Free Trials / Demos:

This is very important. I’d wager that any Online Cyber Security Training Facility that doesn’t offer some sort of No-Money up front Free Trial, or Demo, should be skipped over. Here’s the thing, when ever you pick a Cyber Security Training Course, you have to see if the teachers way of teaching jives with your way of learning. If you can’t understand the teacher, or can’t follow along, perhaps it’s time to skip past that Facility as well.


So, as you can see there are a ton of questions that have to be answered in order to pick the right Online Cyber Security Training Facility. I hope that this outline was able to help you narrow down your choices.

Sharing is Caring: