I receive a lot of emails. (Please don’t make it worse, thanks!) Unfortunately I don’t have as much spare time as I used to, or would like to, so I often have no other choice than to redirect questions to our forums or our IRC channel (#corelan on freenode), hoping that other members of the community will jump in and help me answer those questions.
One of the most frequently asked question is “how do I become a penetration tester”.
Depending on whom you ask this question, you may get different results or may be told to take a specific approach. With this post, I am trying to formulate my views on this question (with a focus on the process and not so much on the technical aspect), in an attempt to hopefully provide a good starting point for those that find themselves in a similar situation.
For the record, I am not a penetration tester… but I try to apply common sense (seasoned with a touch of plain logic) to challenges and pretty much all situations in life. Don’t hesitate to provide feedback, suggest changes or tell me to STFU and GTFO. Any motivated additions or changes to this post are more than welcome, and I’ll update this page as needed.