Starting a Career in Information Security

A high school student becomes OSCP and OSWE certified to secure future career opportunities.

Editor’s Note: Per our company policy, the minimum age for an Offensive Security student is 18. However, under specific circumstances with parental permission, Offensive Security will waive the age requirement.

We introduced Mihai and his journey to the OSCP certification in December 2019. Now, he has added the OSWE to his list of achievements. As a high school student, Mihai’s work experience is understandably limited. However, that didn’t stop him from finding a way to turn his enjoyment of capture the flag (CTF) contests into career opportunities – even before graduating. 

Cybersecurity is a growing field with a massive skills gap. Now more than ever, skilled penetration testers, web application security specialists, and related roles are needed to defend organizations in a world where the pace of change only seems to accelerate.

Whether you’re still in school or interested in making a career change, Mihai’s experience can help you determine your next steps.

Challenge

While it’s possible to enter information security as a self-taught professional, many organizations require proof of skills. Increasingly, the Offensive Security Certified Professional (OSCP) certification is called for in job descriptions for penetration testers.

“The cybersecurity landscape is continuously changing and those who pursue information security as a career when it’s not their passion will find themselves left behind.”

Before tackling Penetration Testing with Kali Linux and the OSCP exam, Mihai’s challenges included:

  • Needing more practical, hands-on experience with greater difficulty and structure than was offered by CTF and other practice resources
  • Finding a self-paced online course with the right level of difficulty and practical experience
  • Being considered too young and inexperienced to know anything about information security

Mihai’s goals were to learn as much as possible about information security, while successfully balancing the rigors of the course with his ongoing school work and extracurricular activities.

Solution

The reputation of the training provider, the instruction methods used, and the amount of practical knowledge offered were important to Mihai as he evaluated his options. 

With regard to reputation, he said, “Everyone that I spoke to who has an OffSec certification had only good things to say about the company. From my experience, everyone from OffSec is very friendly and helpful.”

Out of Offensive Security’s course offering, he decided to start with the Penetration Testing with Kali Linux foundational course to develop his penetration testing skills. With more experience, he later went on to specialize in web application security with Advanced Web Attacks and Exploitation.

He selected and returned to Offensive Security as a training provider because he appreciated being able to follow the hands-on coursework in a self-paced manner. With regard to instruction, he liked how the material and instructors would point him in the right direction, but allow space to research the subject individually.

“Both of the courses that I’ve completed managed to exceed my expectations: whenever I thought I knew enough about something, OffSec usually showed me something new.” 

Results

With the OSCP in hand, Mihai was able to secure his first penetration testing job, which led him to follow up with the OSWE certification to specialize in web application security. As a result of earning these certifications, Mihai: 

  • Started getting recruiter views on his LinkedIn profile
  • Secured a contract penetration testing engagement
  • Learned that any problem can be solved with persistence, a key part of the Try Harder mindset

Training with Offensive Security develops not only your information security skills, but also how you view and approach challenges. OffSec certifications open doors, both in the mind and with employers. Learn more about our courses and take a step toward securing your information security career.

“Being in this field means being willing to learn new things and constantly improving your knowledge.”


Have questions for Mihai? He welcomes conversation on Twitter as @yakuh1t0.