If, like me, you live in the United Kingdom and you’re working towards your penetration testing certifications and want to know what route to take, then look no further. This short yet detailed article will help send you on your way. I’m going to start by presuming that you have no experience in the field at all. This way I can take you from the beginning. If you do have some experience then feel free to scroll down and start somewhere in the middle.
Cyber security and penetration testing in the UK is similar to that of the US, you need qualifications and lots of hard work to get into it. Many companies in this sector will ask for Computer Science degrees or equivalent in Maths, or even Psychology (which comes in handy for cryptography). But if you can work toward your certifications then these are barriers that can be overcome, experience wins over education, right? Right. So let’s start this with the fact that you don’t have a Computer Science degree (not all of us can afford to go to University in the UK. Not only is it extremely expensive, but we don’t want to be paying student loans off until we’re fifty.)
Basic Certifications & Advice
So certifications are going to be your main way into the industry. Your first port of call (if you’ve had no experience) should be the CompTIA A+ course. This will give you a basic understanding of software and hardware in computers, along with a little networking. Then you can move on to the CompTIA Network+ course, these courses give the foundations needed to understand how computers and networks communicate, how they are put together, and how to set them up for efficiency.
These are long courses, but they get you where you want to go. Don’t give up on them, stick it out. It’s worth it.
It’s also a good idea to familiarise yourself with different versions of Linux. Although you can make your own distros, it is more beneficial to become fluent in one of the more widely used versions such as BlackArch or Kali Linux.
Moving in the right direction
So you’ve completed these certifications and want to move on and get going with penetration testing? Slow down. Most companies these days require more than just jumping in and hacking computer systems and networks. You want to be an ethical hacker, which means you have to earn the certifications that let companies know that you can work ethically. Management certifications can help towards this such as CompTIA Security+. This course gives you the fundamentals of running the security of a network and preparing the systems for attack. While this course relies on theory more than practical teaching, the knowledge from it alone is worth its weight in the industry.
Are you speaking my language?
Let’s something straight, you’re going to need to learn a language. Not a spoken language. If you spoke like this people will more than likely shun you. If you currently speak like this, seek help.
The languages I’m talking about are programming and scripting languages. If you want to be a penetration tester/ethical hacker then you need to be versed in a couple. The languages I’d recommend would be:
Let’s look at these a little closer.
Python is a high level scripting language that’s useful for anything when it comes to ethical hacking. Why? Because it’s easy to learn, fast to type, and simple to start. Python should be your priority when it comes to learning a scripting language. All those tasks that you would have to repeat over and over again can be automated with a simple python script. Need to scan through an entire list of I.P’s but don’t have time to do them one by one? Setup a python script and worry no more.
SQL stands for Structured Query Language and is a language that communicated with SQL databases. This language is needed to extracting data from vulnerable servers that store things in databases. You’d be surprised how many hacks have been carried out using a simple SQL injection, and many websites out there are still vulnerable to it.
PHP is a server-side scripting language and can be used in conjunction with SQL for web servers mainly. PHP has had some issues in the past with bad coding. Everyone makes mistakes, and PHP accounted for 9% of all vulnerabilities on the internet at one point. One of these was simply not turning off PHP execution in directories that users could upload to. It’s a useful tool, but it doesn’t have to be essential.
Ruby is another scripting language, just as powerful as Python. Learning one or the other is fine, you don’t have to do both. Some say Ruby is easier to learn than Python, some say it’s the other way around. Metasploit was written in Ruby, so that shows you how capable it is. I’d say try both and see which one suits you better.
Practical Learning – (Start here if you have some knowledge already)
This is it. You have basic/intermediate knowledge of networks and computers. You’re itching to learn how to use the systems to penetration test. Private companies and the UK government will be looking for these qualifications:
Certified Ethical Hacker (CEHv8/v9) accredited by the EC-Council
CREST Registered Penetration Tester (RPT) accredited by CREST
Offensive Security Certified Professional (OSCP) accredited by Offensive Security
The difference between these three? Let’s go through them.
Certified Ethical Hacker v8 is a basic course that gives you all the tools to be an ethical hacker or penetration tester. Version 8 unfortunately isn’t the latest version, v9 came out recently and adds several features to the course which make it more interesting, but that shouldn’t stop you from pursuing it. The thing that might stop you is the course requirements. EC-Council stated in their FAQs:
“EC-Council fulfills its social responsibility by ensuring that only persons with a minimum of two years of security related experience are eligible for the course.“
Which puts a hold on you actually taking the course unless you’ve been working in that sector for some time.
CREST Registered Penetration Tester is the “pinnacle” of certifications in the UK for those who want to be a penetration tester, though they don’t actually teach any courses. Instead, you’re encouraged to do the outside learning by yourself at one of their accredited course partners such as 7SAFE, another company who can offer you the courses. The bonus for the RPT is that it gets you CHECK status once you have passed the exam, which also allows you onto the CESG register for working with UK government networks that may hold confidential documents. If you gain this accreditation then you could, theoretically, end up working for GCHQ. The exam is multiple choice with some practical and the accreditation is useful for working with top Pen Testing companies within the UK. The CREST Practitioner examinations are the entry level exams and are aimed at individuals with around 2,500 hours relevant and frequent experience. The CREST Registered Tester examinations are the next step and by passing this you are demonstrating your commitment as an information security tester. Typically, candidates wishing to sit a Registered Tester examination should have at least 6,000 hours (three years or more) relevant and frequent experience.
Offensive Security Certified Professional in my opinion is the best option for those wanting to learn about ethical hacking, the methods, and the procedures followed. What’s involved is the one of the most comprehensive exams that you will encounter, a network that you have to compromise in order to pass. The course giving you the tools and concepts to pass the exam is called Penetrating with Kali or PWK. The course works through every step including how to properly document your work and encourages you to do this as you carry out your tests, but also makes you look outwards to further your understanding. You will be required to look elsewhere for the answers as to how to crack certain systems and gain entry.
The bonus for passing the OSCP is the automatic CREST RPT accreditation. That’s right, for passing the OSCP you are put on the register for it as Offensive Security and CREST have recently partnered making the OSCP the equivalent to the RPT in the UK. The only caveat is that it doesn’t get you onto the CESG list to work with confidential information, in order to do this you have to pass the CREST exam as well which means more exam fees. Although, the OSCP is held in high regard even in the UK with several jobs citing they would take someone on who had the minimum CEHv8, but preferred requirements would be the OSCP.
Learn! It’s not an easy road and requires a lot of discipline, but you might find it to be one of the most rewarding career choices you’ve ever made. Even if you don’t fully pursue it, the skills you learn on the way will more than give you what you need for a job in most I.T. sectors. The world will open up for you in this sense and so will your job opportunities.
Just remember, if you get stuck ask smart questions. And if you don’t succeed TRY HARDER!