It’s been a little over two years since I obtained my last certification, the eWPTX from eLearnSecurity. My primary career focus has been on Web Application penetration testing, but I’ve always wanted to expand my skill-set to encompass Mobile and Network testing as well. Once Heath Adams and TCM Security announced the launch of the PNPT certification earlier this year, I’ve been interested in finding out what the course and its material has to offer.

To start, the price of the PNPT course + certification exam costs a total of $399 ($299 for the exam + $100 for lifetime access to the training material). This price point removes the gatekeeping a lot of the training requirements create for those breaking into the field. Not everyone has the ability to spend $1k+ for exams and trainings, and by offering single courses at around $30, students have the flexibility to purchase what they’re able to and work towards completing the exam.

Once you’ve purchased the PNPT training bundle (comprised of the Practical Ethical Hacking — The Complete Course, Windows Privilege Escalation for Beginners, Linux Privilege Escalation for Beginners, Open-Source Intelligence (OSINT) Fundamentals, and External Playtest Playbook), you’ll receive access to the five courses as well as special thank you message to those who helped make the course, access to a GitHub repo with the resources needed for the course, and an outline for the best completion order for the material.

One of the unique aspects of the PNPT certification is that, rather than being full of multiple choice questions, you are expected to perform a professional-level external and internal network pentest over the course of 5 days, submit a professional report, and conduct a read-out to a panel of industry professionals.

Let’s dive into the Practical Ethical Hacking — The Complete Course introduction section

Heath Adams (@thecybermentor) opens up the course with an overview of his background, explains the benefits of this practical course, highlights the topics covered within the course, and goes over the immense resources offered by the Discord server and dedicated Practical Ethical Hacking (PEH) channels.

To finish out the introductory section, Heath provides a look into the daily life of an ethical hacker / penetration tester. As someone who has spent the past three years working in the information security industry, I love getting to see how others spend their day and their personal experiences within the industry. While everyone’s experience are different, demystifying the career can help those interested gain a better understanding of what the day-to-day life is like.

While careers and roles can look different based on where you’re working, Heath does a great job of highlighting a lot of the benefits you might see working in a country like the United States; high salaries (near six figures), work location flexibility (remote opportunities), the continued challenge and education that comes with working in an ever-changing industry (new technologies and exploits are utilized), and the high demand for more workers.

One thing Heath said, and so have many others, is that there’s a “people shortage” and that “we have more jobs than we have people.” I do have to disagree with that sentiment. While companies become more aware of their security needs and jobs become available, there is a large untapped pool of talent that is otherwise capable of filling these roles, if companies knew where to look. It’s easy to get pigeonholed into a narrow candidate pool, but as more learning opportunities occur outside of “traditional” locations and resources become more accessible, existing non-traditional and diverse talent can be considered for these critical roles.

Another thing Heath touches on during this introduction are both the necessary technical (“hard”) skills as well as the non-technical (“soft”) skills that are useful and can be incredibly beneficial when working as a penetration tester or ethical hacker. On the technical side, Heath highlights the benefit knowledge of items like the Linux operating system, networking and scripting, a testing methodology, as well as a familiarity of tools such as Metasploit, Burp Suite, and Nessus. Additional knowledge of things like Active Directory, typically used wireless attacks, and the OWASP Top 10 are incredibly useful when advancing your skills as a penetration tester.

Often overlooked, but almost equally as necessary for a successful career as a penetration tester are soft skills, a combination of people skills, social skills, communication skills, personality traits, and attitude, that help people work well when used with hard skills. Examples of these skills that are highlighted include a strong desire to learn, ask questions, networking with peers, and a will to work hard, seek answers, and give back to the community.

While the introductory section of the course lacks any technical information or hands-on training, the information presented here is almost just as critical. By setting up students for success, showing them the practical side of becoming an ethical hacker, and outlining the resoruces available to them (through the community-driven Discord, course-provided material, or those available online), Heath and the PNPT team give an incredible opening to a course that I’m sure is equally as great.

Next week I’ll cover my experience going through the material covered in the Notekeeping, Network Refresher, and Setting Up Our Lab sections of the course.

Weekly Wrap-Up

I’m incredibly excited to see what TCM Security’s Practical Network Penetration Tester course has to offer, and share with you my thoughts, feelings, and experience while working through the course material and exam.

Keep an eye out on Twitter for day-to-day updates and information about my BuyMeACoffee giveaway goal, any upcoming Twitter Spaces or podcasts featuring other infosec community members, recently announced infosec job listings, as well as opportunities for you to get involved.

For those new to the community or interested in joining, throughout the week members of the InfoSec Twitter community participate in unofficial events such as #CyberMentoringMonday and #FF where you can find and connect with some incredible people.