So, you want to become a penetration tester but have no idea where to start? You're in the right place. In this guide, you'll get a clear, actionable, step-by-step path to becoming a penetration tester from zero to hero.
Related Video:
The Reality of Breaking into Cybersecurity
Before diving into the steps, it's important to understand that there is no single path to becoming a penetration tester. If you ask 100 penetration testers how they got their first job, you'll get 100 different answers. What you're about to read is a refined version of the lessons I’ve learned along my journey. This is one of many paths you can take.
Step 1: Commit to the Journey
Becoming a penetration tester is a long journey that takes multiple years. This is not a field where you can coast—continuous learning is required. The moment you stop learning is the moment you fall behind. Be prepared for setbacks, roadblocks, and plenty of challenges. But remember, every expert was once a beginner who knew nothing.
Mindset is everything:
Expect failure and learn from it.
Stay adaptable.
Commit to lifelong learning.
Build resilience and a never-quit attitude.
If you can commit to these principles, you'll go far in this field.
Step 2: Create and Optimize Your LinkedIn Profile
Cybersecurity is about what you know, but also who you know. LinkedIn is the most powerful networking tool for job seekers in this industry. Use it correctly by:
Completing your profile fully.
Posting about your learning journey (certificates, projects, labs, etc.).
Engaging with others in the cybersecurity community.
Posting at least once a week to stay visible.
One of the worst mistakes you can make is waiting until you need a job to start posting. Post consistently so that when you’re ready to job hunt, people already know who you are.
Step 3: Start with TryHackMe – Daily Training
Your technical training starts here. TryHackMe is an excellent beginner-friendly platform for hands-on cybersecurity learning. Commit to at least one hour per day and aim for a 365-day streak.
Learning Path Progression:
Intro to Cybersecurity & Pre-Security paths – foundational knowledge.
Pentesting & Offensive Security learning paths – core skills.
Red Teaming path – advanced techniques.
At least one Blue Teaming path – understand the defensive side of security.
Once you've completed these, graduate to HackTheBox and transition to tackling one machine per week.
Step 4: Earn Entry-Level Certifications
While doing daily TryHackMe, start preparing for certifications. The best foundational cybersecurity certifications include:
CompTIA A+ (Optional – good for IT basics, but can be skipped if you have fundamentals)
CompTIA Network+ (Highly recommended.)
CompTIA Security+ (Almost essential for cybersecurity roles.)
CompTIA Pentest+ (Great intro to penetration testing.)
If you're interested in government work, consider the CEH (Certified Ethical Hacker). It’s not the best technical cert, but it's highly recognized in government roles.
Step 5: Get an IT Job
By this point, you're qualified for help desk, sysadmin, or network engineering jobs. You might even land a cybersecurity analyst job if you network effectively.
Why start in IT?
Many penetration testers come from sysadmin or network backgrounds.
IT roles help build the technical foundation that makes you a better hacker.
Some entry-level cybersecurity jobs are available, but they are rare.
If transitioning from another industry, expect a potential pay cut at first. Long term, this is a smart career move that pays off exponentially.
Step 6: Learn a Programming Language
Any programming language will do, but Python is my recommended choice for penetration testers. It’s widely used in cybersecurity and easy to learn.
Take on a 100 Days of Code challenge to build hands-on experience. You’ll need scripting skills for writing custom exploits, automating tasks, and modifying existing tools.
Step 7: Master Linux
Linux is the primary operating system for penetration testers. If you’re not comfortable in the Linux command line, you need to fix that ASAP.
Take a Linux course or pursue a Linux certification if needed. The goal is to be completely comfortable using Linux without a graphical interface.
Step 8: Earn an Intermediate Certification
Now it’s time to level up. Choose one of the following:
eJPT (INE Security Junior Penetration Tester)
PJPT (TCM Security Practical Junior Penetration Tester) (Recommended over eJPT)
Then, move on to a full-fledged penetration testing certification:
OSCP (OffSec Certified Professional) – Industry gold standard, but expensive.
PNPT (TCM Security Practical Network Penetration Tester) – More realistic and affordable.
CPTS (Hack The Box Certified Penetration Testing Specialist) – Hardest of the three, but extremely valuable. It is starting to become the new gold standard.
Step 9: Apply for Penetration Testing Jobs
At this point, you are qualified to be a penetration tester. That doesn't mean landing a job will be easy—you will face competition. Keep applying and don’t get discouraged.
Job Search Best Practices:
Learn how to write an effective resume and cover letter.
Master your interview skills, including technical questions.
Continue networking on LinkedIn.
Keep learning and adding skills while job hunting.
Step 10: Choose Your Specialization
Once employed as a penetration tester, you can specialize further:
Option A: Web App Penetration Testing
PWPA (TCM Practical Web Pentest Associate)
PWPP (TCM Practical Web Pentest Professional)
CBBH (HTB Certified Bug Bounty Hunter)
Option B: Advanced Certifications
OSEP (OffSec Experienced Penetration Tester) – OSCP’s next level.
OSED (Exploit Developer) – Focus on exploit creation.
OSWE (Web Expert) – For advanced white box web pentesting and code review.
CAPE (HTB Certified Active Directory Penetration Testing Expert) – Advanced Active Directory attacks.
CWEE (HTB Certified Web Exploitation Expert) – Expert Web Pentesting Certification
Option C: Red Teaming
CRTO (Certified Red Team Operator) – Great for adversary emulation.
Option D: Build an All-Around Skillset
Get both network & web app testing experience.
Learn cloud penetration testing (AWS, Azure, GCP).
Gain threat hunting & detection evasion skills.
Consider niche pentesting skills in mobile, wireless, IoT, or car hacking.
Final Thoughts On The Penetration Tester Roadmap
The journey to becoming a penetration tester is challenging but rewarding. The steps outlined above are just one way to get there. Be flexible, keep learning, and adapt as needed.
Recap:
Commit to the journey.
Leverage LinkedIn for networking.
Train daily on TryHackMe, then transition to Hack The Box.
Earn foundational certifications.
Get an IT or cybersecurity job.
Learn a programming language.
Master Linux.
Earn an intermediate penetration testing certification.
Apply for penetration testing jobs.
Continue learning and specialize.
By following this roadmap, you will set yourself up for success in penetration testing. Keep pushing forward, and don’t let obstacles discourage you. Good luck!
Want to hear my personal journey from sysadmin to penetration tester? Check out this blog article for a detailed breakdown of my exact path.