How I got a job as an Ethical Hacker without Certs or a College degree
This isn’t an article bashing certifications or calling higher education a scam. I also don’t think those things are true. Certifications maintain a benchmark of knowledge and can help you organize your professional studies. Colleges can offer a more well rounded approach to complex topics under the guidance of a professor.
This article is going to be about my mindset and choices leading up to that elusive first offer letter. Spoiler alert, it took many sleepless nights and a bit of luck.
Two years ago I didn’t know I wanted to be a hacker. I was actually more interested in Data Science. My goal was to build an AI fitness tracker that recommends exercises based on how the user currently feels and their current form. Up to that point, I’ve been a Fitness Coach for 6 years. Naively I thought it was going to be quick project……even though I didn’t even know how to code!
To get anywhere near my mission, I needed to learn how to program. I chose python and got a few books on Object Oriented Programming and Algorithms. Still I wasn’t sure exactly what steps it was going to take to build my vision, so I began following content creators like TechWithTim and Corey Shafer
My inner math geek was excited to re-visit topic in statistics, calculus, number theory and graph theory. Again, YouTube was my school and content creators were my professors.
The deeper I went into topic, the more apparent it became to me that technology and software is continuously evolving. My hunger to learn more kept growling. Luckily for me, to build an AI Fitness App I needed more than a couple AI models, I also needed a website and app!
My thought process was
- I need to put my knowledge of Exercise Science(along with primary research) into functions that work together
- I need to collect user data and integrate with mobile devices
- I need a user friendly frontend to get real users
With this in mind my goals became
- Build an exercise/movement API
- Build a computer vision AI model to check user form(yes it was ambitious lol)
- Build a front facing web app and mobile app
There were many days, and there still are, where I felt overwhelmed by how little I knew vs how much I wanted to know. Sometimes this feeling discouraged me, but I kept reminding myself that you don’t climb Mt. Everest in one step. On days where I felt my motivation drop, I visited bookstores and looked at other related topics through a non-technical perspective.
On one of those visits, exploring the computer science section at my local Barnes and Nobles, I stumbled across a book with an interesting title “Inside Cyber Warfare” -
Before reading this book, I knew that hackers could steal money and identities; but after, my perspective on the global impact malicious hackers have changed. I was hooked and began feeling like a kid that just learned that you can ice skate and itching to get in the ring.
I read other books such as
- Dark Territory
- Countdown to Day Zero
- Breaking and Entering
- The Art of Invisibility
The more I read, the more I realized I was already a hacker. Maybe not in technical experience, but rather in spirit.
“The Journey Starts, Where The Footprints Ends”
To close the technical gab I used TryHackMe.com(my username is Joe.Biden , no relationship) and HackTheBox academy to learn technical topics.
I was hungry to apply what I was learning to real world scenarios but I couldn’t land a job in this field with my current experience. Instead of accepting defeat, I used a sales tactic I learned working for commercial gyms; Identify the client issues, effectively communicate the issues, provide a solution to one of their issues and sell the game plan to solve the issues.
For this endeavor I build a simple blog website for my freelance security work. Then I used Shodan.io to look for security issues in business in my local area. I’ve found outdated servers connecting multiple entities together, open ports with default credentials and weak encryption. Given the discovered info, I explained a few steps the businesses owners could implement on their own to improve their security posture; then I followed up with a more technical next step to further strengthen their defenses.
At this point I was going after low hanging fruit. Small local businesses and issues discovered with publicly available data. My target was to reach out to a small business for every job I application I send. I did this for months with very little response back. In hindsight, it did look shady for someone without credentials or references telling you what to do with your businesses.
This is where luck came into play. After an initial interview with the COO and a technical interview with the Penetration Testing Lead and a Senior Pentester at Breachlock, I was offered a pentesting internship. The reason, quoted from the COO, “You have an entrepreneur spirit”. He was more interested in my ability to put myself out there in real client facing scenarios than my ability to be make it to top rankings in learning platforms.
Now I am a full time Pentester at Breachlock where I work on web apps, mobile, APIs and network assets. It still feels like a dream(don’t pinch me).
Moral of the story →
Follow your curiosity. When the challenge seems enormous and overwhelming, break it down into steps and believe in what you can do, the rest comes with persistence.
