Interview essentials for a Pentester role: How to land your first job in Security
Welcome to another, knowledgeable blog! This is for people who want to get into a pentesting job and they are searching for a right direction. I am from India so take this blog as per Indian job market because I really dont have any idea how it works in other countries. I will try to help you as much as possible to land a pentesting job through this read. Let’s move forward.
When I landed into appsec, I had to learn everything in my own. That will help you the most. You have Google, take help of internet and find everything you need. There are already many blogs and paper available which can help you in finding the right resources. Also, before moving forward, I would like to mention, a very few big names in India hire freshers. Most of them will look for someone experienced. However, THERE ARE organisations who hire freshers these days(2023). There are certain points which you need to take care of before getting into appsec/pentesting jobs.
- Learn the basics of Networking, a bit of programming and hands-on pentesting:- These things are very important when you go for a pentesting Interview. You should know common ports, layers, different protocols etc. There are many more things out there which you can take help from. A bit of programing will definitely help you to understand the code and automate your game, but in the interview you will have a great edge over people who dont know it. And most important part, do a lot of hands-on, either on labs or through bug bounties.
- Internships helps:)-: This point is for freshers. Internships really helps you to get a full time job faster because it shows you had done some good practicals in real life environment. Believe me, a daily job is way different than bug bounties because it is not limited to finding bugs and reporting them. Also, if you do some internships, there is a high chance it will get converted to full-time job. So I will highly suggest to grab a good Internship.
- Certifications:- This point could be debatable, but again as per Indian market, as a fresher they do matter. If you have some certifications for eg. CEH, OSCP, eWPTX, CRTP/any of these, you will bypass more HR rounds and get more interview calls. In my opinion, OSCP works best because its the best entry level practical cert till now.
- Bug bounties and hall of fames:- If you are in bug bounties, its a great win-win. You just have to be good at it. Since you already know how to exploit vulnerabilities, it will be easier for you to explain the questions asked in a pentesting interview. Suppose someone asks a scenario based question, and you already have exploited it in past, you will describe it in a better way. You will find a lot of scenario based questions in interviews so bug bounties will definitely help you. Also, hall of fames are an add-on to your resume which shows you have reported bugs to known companies.
- Security Conferences:- Try to attend as many of them as you can. Security conferences are a great way to interact with different minded people which will also help you to gain new knowledge and share them as well. Also, these connections will help you to find jobs in better companies. There are so many conferences happening these days:- Nullcon, bsides Ahmedabad, OWASP Seasides, bsides Bangalore etc. These conferences help you with the latest trends and news as well so it is always worth to give it a go. Try to visit cities, you will love this❤
- A good resume:- Actually this should be the first point but I forgot to add it on top. A good resume is a very important step in finding jobs. Your resume should not contain your hobbies, parents’ name and other things which are not relatable. It should contain your skills, work experience, certifications, hall of fames etc which will look good on the paper. It is the first impression which shows you are creative along with technical skills. Also, resume should be different than others, not a copy-pasted one. I have seen a lot of people copying my resume lol.
- Communication skills:- Suppose you topped in everything mentioned above, and a poor communication skill, you will be rejected straight away. Make your communications strong, work on it. Your interview outcome is 70% of your comm. skills. Its not a problem if you are bad at it, problem comes when you dont work on make it correct. So, become good at comm. skills. There are many great sites you can take help from.
Andddd, the most important part, connections! Remember this phrase in IT:- It doesn’t matter what do you know, matters who do you know:)
If you have a lot of good connections which can refer you, your chances will be very high in landing a job. The more connections you have, more referalls you will get, and the more the better. So make great connections, talk with them, and when time comes dont hesitate to seek help. There are so many helping hands within community, You just have to find some:)
Well, I have tried to cover as many points as I could, and I believe these points are more than enough to crack pentesting interviews. Again, dont afraid of failure because this is stairs for success. You might get rejected in a few interviews, but there is always one organization which is waiting for you my friend! So make sure you dont lose hope and keep trying.
I wish you all the best in your job hunt. Happy hacking ❤