[JokerDan]

I am always fascinated by pen testing and studied computer networking in security to fall into a software engineering job. I just never knew where to start with heading a leg up on the tools and practices to be able to go into pen testing professionally... I couldn't find any apprenticeships or junior roles for it so ended up shelving it as a 'maybe one day' 'dream'. Where would be the best place to start? Most of the books I have are pretty dated now.

Also the article was a great read. Pinning it to go over again on the weekend as my lunch is now over.

[lucb1e]

I work as pen tester (ask me anything). In school I got the opportunity to pick digital security as my major, but I'm certain any computer science related study would have been fine.

When interviewing for my current company, my first full-time job, I was given a vulnerable web application which they used to assess whether I could do the job (next to a regular interview). I aced this hack test, but due to it being my first full-time job they still scaled me in as a junior.

Overall, if you know your thing, you can just go and interview with companies that do security. Specifics, such as a workflow when performing a security assessment, are specific to a company anyway. With some semi-related work experience (many colleagues have a programming background) you should be able to come in above junior too.

As for where to get the skills: hack something. My study gave me dedicated time to spend on it, but even in high school I was writing code, sharing it with others, and we had fun poking around each other's applications security-wise. That's how I truly learned: doing.

[mercurysmessage]

I'm the same as you. I got this book:

https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/...

Which I've dabbled in, and haven't gotten further than what I already know from my CS education, but the consensus seems to be it's a good book to learn from.