As an ex-serviceman myself, I’m often approached by numerous service leavers who’ve asked how they can best prepare themselves for a career as an IT Security Consultant (AKA Penetration Tester / Ethical Hacker).
I’ve created this post based entirely on my personal experience. The aim is to provide guidance to those, who like myself, intend entering this exciting and fast evolving industry as a complete beginner.
It was two years after leaving the Armed forces when I realised the career path that I wanted to take, and this realisation came after much deliberation into what actually motivates me. Unfortunately, as a result of this delayed realisation and lack of calculated direction, I didn’t effectively utilise my time in resettlement. Of which, I’d strongly recommend using the whole year to get the very most out of it! Resettlement is one of the most joined up processes the military offers, providing you apply thought to what you want out of it. I would encourage anyone in resettlement seeking a career as a Security Consultant to utilise all available opportunities and look into the training programs explained below.
- Sign up to the CTP (Career Transition Partnership) website and enrol on the CompTIA A+ course (10 days). Now I know what you may be thinking “A+ is primarily hardware related” and you would be right. But A+ also covers a lot of the basics such as virtualisation, networking and security practices – These “basics” will become part of your everyday working life as a Security Consultant. Besides, you’ll also become a competent IT Technician, armed with the skills and knowledge to repair your own PCs/laptops; saving yourself £££’s in the future. It will also prepare you for course number 2, outlined below.
- CompTIA’s Network+ and Security+ course (15 days). This course is designed to look into networks and then security best practices (both topics are vitally important as a Consultant, because you will need to advise your clients on how to remediate their security failures). It is during this course where you will begin to learn about testing network security with pen testing tools. I would also take the time to invest in attending the exams for any courses to gain your formal certification. This will impress any potential employer, whilst also demonstrating your commitment and aptitude. CTP receive a preferential discount on CompTIA exams to encourage ex-servicemen and women. Consider using your annual SLC to fund these exams.
- Sign up to Cybrary.it and study the Linux+ course. This is VITALLY important because the tools you will be using in the future as a Consultant are likely on the Operating System (OS) Kali Linux. Before you start to use Kali Linux, you really need to understand how a Linux OS works. Cybrary’s Linux+ course does just that. Don’t just give the course lip service, it’s so important to get used to the functionality of a Linux OS – You really need to understand exactly what you are running. Practice, practice, practice; this will save you so much pain in the long run.
- The allocated resettlement/GRT shouldn’t be viewed as “buckshee holiday”; you should be using this time to apply your technical knowledge in a practical way and applying to potential employers for work placements. Things like accommodation and travel, as well as food are all covered when you are using GRT for a work placement (I will caveat that with, this was the case 3 years ago).
- Using the whole year, this would take you into roughly 6 months of resettlement and you’d have gained the basic skills to further your development. It is now you should consider using one of your resettlement grants towards a course provider who offers CREST training in Penetration Testing / Ethical Hacking in order to work towards the CRT (CREST Registered Tester) exam. The fact you are leaving the military most likely with SC, or DV and a CRT qualification will make you highly desirable.
- You will now be armed with plenty of skills and certificates to be considered for a Junior Tester position. Whilst you’re applying for jobs or just seeing out the end of your time in the Armed Forces, download vulnerable Virtual Machines; Metasploitable2 is a great start. It’s purposely designed with plenty of security flaws to exploit and test your newly learned skills. Alternatively, there are plenty more vulnerable VMs.
- Should you want to excel and go above and beyond it would be worth considering studying for the OSCP (Offensive Security Certified Professional) exam. The OSCP certification is regarded as the best within the Pen Test industry. By successfully completing the OSCP certification, the holder will have clearly demonstrated their proficiency as a Penetration Tester. This course costs around £1200 and is a difficult course that requires 100% commitment.
Embrace learning! The industry is constantly evolving and I haven’t stopped learning and I don’t think I ever will. Ensure you utilise your resettlement package wisely and invest the time and effort to prepare for your future.
I wish you all the success in your future. Please feel free to drop me a message should you need further guidance.
To contact Nettitude's editor, please email firstname.lastname@example.org.