This is an automated archive.

The original was posted on /r/cybersecurity by /u/0xh0russ on 2023-08-28 20:59:18+00:00.


TLDR: Having multiple years of security professional experience as a prerequisite to apply for penetration testing jobs is an outdated idea because resources today are significantly better than they were ten years ago.

I’m a recent college graduate. I did an internship for a company, got a return offer for a full time position, worked for them for a couple of months and then they had a large round of layoffs. Now I am looking for new pentesting roles but it seems like most companies do not view penetration testing as an entry level role. The mostly require 3+ years of experience. (*Cough* Amazon *Cough*)

My opinion is that there was a time where most penetration testers were previously sys admins or software devs but that does not have to be the case today because training and resources have gotten much better over the last 10 years. There are also many opportunities for students to develop their skills that were not available in the past like CTFs, Bug Bounties, platforms like TryHackMe and HackTheBox, and collegiate competitions like CPTC and CCDC in the US.

Experience is definitely very valuable but I don’t think “3+ years professional non-internship experience” has to be a hard requirement to begin anymore.

How long have you been in the field? and what do you think?Also, if you’re involved in hiring. What do you look for on a resume?

Thanks.