Read on Twitter
*New people that have never worked in infosec*
"I want to be a Penetration Tester, I& #39;ve applied to 4 job postings in the last month and haven& #39;t gotten a job! The #infosec field is TOXIC."
...what?
"I want to be a Penetration Tester, I& #39;ve applied to 4 job postings in the last month and haven& #39;t gotten a job! The #infosec field is TOXIC."
...what?
Here& #39;s some perspective for you..I want to help, I seriously do.
1. It& #39;s highly unlikely that you& #39;ll land a Red Team job during your first couple of job applications. Especially as your first job.
2. That doesn& #39;t mean quit, it means do what you can to be considered an asset.
1. It& #39;s highly unlikely that you& #39;ll land a Red Team job during your first couple of job applications. Especially as your first job.
2. That doesn& #39;t mean quit, it means do what you can to be considered an asset.
3. There are other jobs in Information Security besides Penetration Tester. I& #39;m not dissuading you if it& #39;s what you want, just truly ask yourself why it& #39;s what you want.
4. There& #39;s no time limit. I find that people get discouraged because they& #39;ve applied to & #39;x& #39; amount of jobs in & #39;x& #39; days. Don& #39;t look at the Infosec job search as a numbers game, it& #39;s a compatibility game. Also, keep in mind that you miss 100 percent of the shots you don& #39;t take.
5. Red Teaming. An obsession for some - they want to do it so bad. They get their OSCP and they want to do sexy hacking and then a client basically asks for the equivalent of an automated vulnerability scan, with a manual review (but no hacking permitted). Yes this happens.
6. Depending on who you work for you could legit be running Nessus scans all day long. I& #39;ve heard the horror stories, and seen it with my own eyes.
7. Toxicity in #infosec exists. You know where else toxicity exists? Literally everywhere. Every single career field.
8. Stop calling yourself a Penetration Tester if you& #39;ve legitimately never even exploited a system. Trust me, employers can sniff the BS from a mile away. If all you understand is theory you& #39;re going to have a difficult time. Trust me, im trying to be real not harsh.
9. Instead, maybe say that you& #39;re a penetration testing enthusiast..but do you even have business applying for a pentest role if you dont know how to hack? No! Let me help you. Information is free! SEEK it. Live in it! Don& #39;t expect anyone to & #39;mentor& #39; you. Go learn! 
https://abs.twimg.com/emoji/v2/... draggable="false" alt="💪" title="Angespannter Bizeps" aria-label="Emoji: Angespannter Bizeps">
10. Wrapping this all together:
-Pentesting isn& #39;t the only job in Infosec.
-Find your interests, hone your skills
-Apply a lot, everywhere. You won& #39;t get a job with limited submitted applications.
-If you do want to hack for a living, showcase your skills.
-Pentesting isn& #39;t the only job in Infosec.
-Find your interests, hone your skills
-Apply a lot, everywhere. You won& #39;t get a job with limited submitted applications.
-If you do want to hack for a living, showcase your skills.
..but how? Set up a blog, show that you can write and that you understand concepts, develop tools, hunt bugs, find CVEs, mentor others, start a hacking group, do CTFs, get certifications, write guides/make videos.
The power is in your hands.
The power is in your hands.
