Life as a pen tester after the PWK / OSCP

This is my personal experience of what happened after passing the OSCP exam.

I passed the OSCP, applied to a bunch of positions, went on a bunch of interviews, and after some time, became a red teamer. I am now a penetration tester with Leidos, and so far, I enjoy it.

Post Exam
I have noticed a lot of people posting blogs after taking the OSCP exam. A lot of them have been pretty good articles about their trials and tribulations in relations to the PWK course and subsequent OSCP exam. It’s great to see many others being successful in the OSCP exam and achieving their certification.

What I have also noticed is that not many people post a whole lot about their experiences after obtaining their OSCP. This article will be about my life post OSCP.

Searching and searching
A little after I passed the OSCP exam I updated my resume and my LinkedIn profile. At that time the OSCP wasn’t as well known to people as it is today. Kudos to Offensive Security for getting their name out there and making more people aware of what they provide. Not only just training, but also their security services. I had a few recruiters sending me messages about various positions. Mostly junior security positions. At that point of my career, I already had 20 years of IT experience, and a year and half into security engineering. So I was not looking for a junior position. I knew what I wanted, I was comfortable in my position, and was willing to wait until I found the right position that was right for me.

It took a year before I landed in the right position. During that year I went on countless interviews, including one within my own company (Lockheed Martin). I even landed an interview because of my article on my PWK/OSCP experience. Nothing was what I wanted. In the mean time while I was searching I was trying to keep my skills sharp. So I started working on more vulnerable machines from vuln hub, I was reading more security related articles, and getting more on /r/netsec.

Great success!
Eventually I found a great position for a government red team. I wasn’t sure I was going to be able to do it, as I hadn’t ever done any penetration testing for a company at that point. I thought to myself, what the hell? The worst that’ll happen is I’ll get the job.

So I applied, and I got a call back the next day from the recruiter. He wanted to talk about salary, and tell me a little more about the job etc. A couple of days after that, I had a technical interview with someone at the company. The screen went very well, and I was able to show them I was passionate about security and was knowledgeable about penetration testing. They wanted to bring me in for an on site penetration test in their lab, but the lab was down. I was happy to do the on site test if it were available. So instead I told them I would take a PC recording of me attacking a vulnerable machine, and the steps needed to enumerate etc. They liked the idea. So I did the task, and sent it over to the person I had spoke to. They liked what I had done,  and after an in person interview with the same person, and their management, they offered me the position.

I really enjoyed that process because it put me on the spot to perform and provide a deliverable, and in doing so rewarded me with a position on a red team. Not bad for someone who had no penetration testing experience.

I enjoyed my time with that particular red team. I learned a lot and got to do some really cool things. I got paid to hack government computers, and not go to jail! How cool is that?

To infinity and beyond!
Like all good things, everything comes to an end. The missions dried up, and I wasn’t getting any training. I wasn’t really looking for another opportunity, but my current position came up and was presented to me. I decided why not listen to what they had to say? I went to an interview and did well. I was offered the job with more money, and promised training. In addition they’d send me to defcon. After a couple of days of thinking, I decided to take the job. This new position is providing me with different challenges and I am learning. You can’t really beat that. I’m hoping to stay here for a few years, learn some more, and provide a valuable service to my customer.

About me
I have a BS and MS in IT/Cyber security and I have a whole bunch of IT certifications (MCSE, MCSA, RHCSA, VCP, CEH, GCIH, OSWP, OSCP).
I also have over 20 years of IT and security experience, and I am a Navy veteran.
I’m sure that my sheer drive and determination lead me to where I am today. Never stop learning, and always keep pursuing¬† your goals.

In the immortal words of conner4real: Never stop never stopping.
OSCP Never Stop Never Stopping