The Pentester Blueprint
by Philip L. Wylie and Kim Crawley
Table of Contents
Some time ago, I bought a Humble Book Bundle on Cybersecurity1, and it included SOOOO MANY BOOKS. Seriously, when I found out about this bundle, I couldn’t contain myself. Since then, I’ve started reading some of these books, always driven by the idea “Read more books to read more”2 and constantly working to improve my skills.
I initially skipped this book, focusing on more practical ones, until I came across the following Shannon Morse thumbnail. That’s when I decided to start reading it, and… this is the first book I’ve completed3.
Summary
Alright, alright, alright. The book is excellent.
That being said, it’s important to note that this isn’t a book that will teach you a lot of new things—most readers will likely already be familiar with the terminology used. The title truly captures its essence: it’s a blueprint. The authors did a fantastic job selecting training material, compiling tips, and interviewing professionals in the information security field. Through its content, the book clearly outlines a path to a career in information security, presented in an easy-to-read manner.
What happens next is up to you. Action.
Book’s Contents:
- What is a Pentester
- Prerequisite Skills
- Education of a Hacker
- Education Resources
- Building a Pentesting Lab
- Certifications and Degrees
- Developing a Plan
- Gaining Experience
- Getting Employed as a Pentester
Tips:
- Every skill, no matter how technical, can be valuable in information security.
- Focus on mastering the basics before moving on to more complex topics. General certification programs such as CompTIA’s A+, Security+, and Network+ are helpful for building this foundation.
- Read and practice extensively. Setting up and experimenting with your own lab
and participating in CTFs are great ways to advance.
- Keep notes on the challenges you face and your progress so you can always refer back to them.
Resources to check:
I debated for a long time before publishing this article, and I ultimately decided that the best way to connect it with the book would be to list some useful resources that anyone can explore4:
[ ]https://attack.mitre.org[ ]CompTIA certifications (as mentioned in the tips)[ ]VulnHub[ ]https://danielmiessler.com/- I have since become a huge fan of his newsletter.
[ ]https://jhalon.github.io/becoming-a-pentester[ ]http://www.porcupine.org/satan/admin-guide-to-cracking.html The first proper whitepaper on ethical hacking[ ]https://quizlet.com/395420241/ceh-v10-flash-cards/
Note
If you’ve ever considered yourself an information hoarder, striving to function at the highest level (without overloading yourself—it took me a long time to manage that, and it’s still a work in progress), I highly recommend getting this book.
Footnotes:
I will probably devote an article to this idea someday. I once read a beautifully written piece on this perspective, but I didn’t have my current organization system in place, so it got lost among other articles.
Some might argue that since I skipped the last chapter, I didn’t technically complete it. However, that chapter isn’t relevant to me at the moment. That will inevitably change in the future, and when it does, I’ll make sure to read it.
Obviously, these resources cannot replace the book itself. They are found within it but represent only a small fraction of its content.