[gaspard234]

A bunch of great answers.

I've been in offensive security for ~10 years now and am a staff at one of these billion dollar SV tech companies now.

If you want to do pentesting (though i prefer the team offensive security) my advice is to learn the basics of web app security with something like portswigger's course https://portswigger.net/web-security.

Since most tech is really API's and web apps this course would be able to get you productive and probably a jr level skillset. OSCP is also good but I find network hacks are not as applicable today thanks to the cloud, though the thinking process and creative puzzle solving could be worth it.

I would particpate in as many CTF type challenges as possible (http://www.xssgame.com) then apply to jobs. Make it clear you are a junior but good at Burp and web testing.

Good luck!