The job market in general is tough right now, and cyber security, which is supposed to be a hot field, is flooded with entry-level applicants for what are essentially intermediate-level positions. This may sound a little “doom and gloom,” but if you really want to work in cyber security, it is an achievable goal!
If you’re just starting out, you can begin learning the basics through free resources, and developing a professional network is essential for hearing about job opportunities and is possibly the most reliable path for getting your resume looked at and even landing interviews. Finding a community (such as the TCM Discord channel) to learn in and contribute to is HIGHLY recommended.
But experience is one of the most significant barriers to entry for those wanting to start a career in cyber security. If you didn’t see the writing on the wall years ago and start an entry-level IT job, it can be hard to jump right in without that relevant experience. Personal projects or certifications are the next best way to demonstrate quasi-experience to those who are doing the hiring, and some certifications could be necessary if you want to reach the “human eye” level of the resume pile.
Getting the job is only part of the equation, though, and it would be tragic to get to the interview or even start your first day and have no idea what you’re actually doing.
A Practical Pentesting Certification
When Heath Adams started TCM years ago, he looked around at the cyber security certification landscape (specifically penetration testing) and didn’t see a good ‘practical’ offering. So, he made one.
Thus, the Practical Network Penetration Tester (PNPT) certification was born. Its mission: To teach the skills necessary to actually conduct a network penetration test, including reporting, and test those skills in an environment that would simulate a real-world engagement. No multiple choice questions, just hacking… and reporting.
The goal is for certified students to be trained, experienced, and ready on day one to take on the technical responsibilities of a penetration tester, giving PNPT holders and hiring managers confidence in their abilities.
There are a few certification options out there for penetration testing, and they all have different merits. In a tough job market, getting whatever will make your resume ‘pop’ is likely going to be high on your priority list, but having experience is going to help make a good impression at the interview table and in those first crucial weeks on the job, and we believe we’ve made that possible through our practical certification.
So, now let’s take a closer look at the PNPT and what makes it a certification option you should consider.
Disclaimer: It is HIGHLY recommended that you start with the Practical Junior Penetration Tester certification, unless you already have some experience as a penetration tester.
Professional Acceptance and Job Postings
First, a little context. We all know that there are some certifications that are widely viewed in the community as hoops that have to be jumped through in order to try to move up in the resume pile. HR hiring guidelines get passed down from generation to generation and can remain largely unchanged, especially in bigger organizations, so unless you have a contact on the inside (you really should be networking), it can be hard to get to the interview stage if your resume doesn’t contain the correct cypher of cert acronyms.
So, essentially, certifications serve two basic functions: Resume requirements and indicators of skill. The PNPT has appeared in job postings or been purchased for pentesting teams in organizations such as:
- Microsoft
- Nvidia
- McDonalds
- Twitch
- Capital One
- Arctic Wolf
- Booz Allen
- The National Security Agency
- The Air Force
- and more…
The PNPT is a pentesting certification that is known by team-leads and professionals as a consistent measure of competency and is becoming more well-known by hiring managers as a reliable standard of skill.
A Practical Certification Exam
Knowledge is important, but pentesting jobs are about more than information recall (Google exists). The PNPT tests your ability to perform a pentest, not answer multiple-choice questions about one. You implement methodology, rather than label a methodology diagram. You use Nmap to scan for open ports, rather than identifying it as a port scanning tool from a list.
Everything about the exam is designed to mirror a pentest; there is documentation to read, a domain controller to compromise, and a report of findings to write and present before living, breathing professional pentesters. Not to discount being able to recall information, you won’t pass if you don’t know what you’re doing, but after the PNPT, you will know that you can do it.
The Experience Gap
One of the most frustrating things for candidates is feeling as though they are not considered for a position because of a lack of experience. Saying you have “X years of experience as Y” is a powerful job hunting tool, but listing things you have done that apply to the job is very impactful and gives more context to your abilities.
Demonstrating that you know what you’re doing without professional experience can be a challenge in the job market, so we get you as close to that real-world experience as we can, so your “talk” and resume will be backed up with actually having done the thing.
Professionally Reviewed Report
This is a point that doesn’t always get the attention it deserves. You can be a wizard at scanning a network and bypassing firewalls, but the client doesn’t see those things. If your report does a poor job of conveying what you found, it’s as if those parts of the test never happened.
Writing a report may not be a skill that comes naturally to you, but it is a big part of being a penetration tester, and there’s good news… It’s part of the training and examination for the PNPT! Two full days of the exam time are set aside just for writing the report, and you should take it seriously, because you will be presenting it to professional pentesters in a 15-minute debrief.
Why We Give You Two Exam Attempts
We offer two exam attempts when you purchase the PNPT exam voucher. There are two reasons for this. 1) We don’t profit from failure, whether it’s jitters, not taking the exam seriously, or just a bad day; you get two shots. And 2) it’s a difficult and largely unique experience the first time. The format can be jarring for some who are used to multiple-choice exams or more gamified learning platforms. During the PNPT, you use real tools to find vulnerabilities and leverage those vulnerabilities to compromise a network. No multiple choice. No flags.
Problem Solving In A Pentesting Context
“Creative thinking” and “problem-solving ability” are traits that many organizations are looking for and are listed on many resumes. Some companies even use personality tests during the application phase to check for qualities such as these. Given the practical nature of the PNPT, problem-solving and creativity in the context of identifying exploitable vulnerabilities in a network are requirements for passing.
The PNPT requires you to think on the fly and develop your own solution for achieving the goal of the exam. Preparation with multiple tools and methodologies gives you the material necessary to complete the exam, but it is up to you to adapt and solve the problem.
Knowing what to do when you’re on a deadline, haven’t found a single vulnerability, and hit a dead end is not something that multiple-choice tests can simulate. But it is an experience you will likely have taking the PNPT, which is not only a good talking point but also gives you confidence (a noticeable trait).
A “Practical” List Of Skills
It wouldn’t be TCM if we didn’t explicitly give you the most useful information without the filler, so here is a basic list of what a PNPT-certified pentester has done.
- Completed a 5-day mock penetration test that included both internal and external testing
- Executed a penetration testing methodology
- Conducted active and passive network enumeration
- Identified and researched vulnerabilities
- Gained access to a network
- Bypassed AV
- Exploited an Active Directory environment *
- Performed lateral and vertical network movement
- Compromised a Domain Controller
- Produced a professionally reviewed report of findings
- Debriefed a report of findings to professional pentesters
This is not an all-encompassing list, but it gives you an idea of what could be put on your resume, and more importantly, what you will have experience doing.
* ~90% of Fortune 1000 companies operate in an Active Directory environment, so we do place an emphasis on AD in the exam.
In Closing
There are many paths to becoming a penetration tester. Talk to three people in the field and you will likely get three very different stories as to how they got there. But gaining knowledge and experience are two things that will have to be tackled at some point in the process. The PNPT is designed to provide both of these things and serve as a signal to others that you have them.
We hope that it can be a help to you, and whatever path you take to get there, we wish you the very best of luck in your ethical hacking journey!
Happy Hacking!
About the Author: Josh Daniels
Josh is an avid storyteller and writer who loves learning about the behind-the-scenes of the digital world we live in. While his professional experience is in content marketing, Josh began pursuing a career in cybersecurity in 2022, gaining a Sec+ certificate along with other training from industry professionals and a life long learner attitude.
When he is not writing, Josh enjoys outdoor adventures with his family, watching movies, reading, and an unofficial (unpaid) side gig as a Game Master Consultant for several friends who play table top RPGs. At TCM, Josh has found a home where his passion for storytelling and cybersecurity meet.
“Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.”
– Frank Herbert
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers. Pentest Services: https://tcm-sec.com/our-services/ Follow Us: Email List | LinkedIn | YouTube | Twitter | Facebook | Instagram | TikTok
Contact Us: [email protected]
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.