*New people that have never worked in infosec*
"I want to be a Penetration Tester, I've applied to 4 job postings in the last month and haven't gotten a job! The #infosec field is TOXIC."

Here's some perspective for you..I want to help, I seriously do.

1. It's highly unlikely that you'll land a Red Team job during your first couple of job applications. Especially as your first job.
2. That doesn't mean quit, it means do what you can to be considered an asset.
3. There are other jobs in Information Security besides Penetration Tester. I'm not dissuading you if it's what you want, just truly ask yourself why it's what you want.
4. There's no time limit. I find that people get discouraged because they've applied to 'x' amount of jobs in 'x' days. Don't look at the Infosec job search as a numbers game, it's a compatibility game. Also, keep in mind that you miss 100 percent of the shots you don't take.
5. Red Teaming. An obsession for some - they want to do it so bad. They get their OSCP and they want to do sexy hacking and then a client basically asks for the equivalent of an automated vulnerability scan, with a manual review (but no hacking permitted). Yes this happens.
6. Depending on who you work for you could legit be running Nessus scans all day long. I've heard the horror stories, and seen it with my own eyes.
7. Toxicity in #infosec exists. You know where else toxicity exists? Literally everywhere. Every single career field.
8. Stop calling yourself a Penetration Tester if you've legitimately never even exploited a system. Trust me, employers can sniff the BS from a mile away. If all you understand is theory you're going to have a difficult time. Trust me, im trying to be real not harsh.
9. Instead, maybe say that you're a penetration testing enthusiast..but do you even have business applying for a pentest role if you dont know how to hack? No! Let me help you. Information is free! SEEK it. Live in it! Don't expect anyone to 'mentor' you. Go learn! 💪
10. Wrapping this all together:
-Pentesting isn't the only job in Infosec.
-Find your interests, hone your skills
-Apply a lot, everywhere. You won't get a job with limited submitted applications.
-If you do want to hack for a living, showcase your skills.
..but how? Set up a blog, show that you can write and that you understand concepts, develop tools, hunt bugs, find CVEs, mentor others, start a hacking group, do CTFs, get certifications, write guides/make videos.

The power is in your hands.
You can follow @johnjhacking.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: