Planning to branch into pentesting, worth it?

moonshire

Member
Joined
Feb 10, 2010
Messages
218
Reaction score
0
Hi all, I'm currently a systems engineer doing infra related activities and I've been considering moving over to cybersec and to do pentesting. Is it worth it? I know that in general red team jobs are rarer and only found in consultancy firms as not many companies can afford to have a dedicated red team. I'm studying eLearn Security PTS with ine certification and intend to move over to eLearn PPT and then probably OSCP. Lately my role has been more project management and i really want to dive back into the technicals. I'm still rather young, 29, so would like to branch out into new fields to experiment, ala Pentesting as a chosen field to specialise in. Is it worth doing pentesting in singapore? How is the work culture like? Is it true that you have to continuously keep upskilling and reading up on news + labs before and after work?
 

seesiang

Member
Joined
Oct 17, 2011
Messages
403
Reaction score
1
Hi all, I'm currently a systems engineer doing infra related activities and I've been considering moving over to cybersec and to do pentesting. Is it worth it? I know that in general red team jobs are rarer and only found in consultancy firms as not many companies can afford to have a dedicated red team. I'm studying eLearn Security PTS with ine certification and intend to move over to eLearn PPT and then probably OSCP. Lately my role has been more project management and i really want to dive back into the technicals. I'm still rather young, 29, so would like to branch out into new fields to experiment, ala Pentesting as a chosen field to specialise in. Is it worth doing pentesting in singapore? How is the work culture like? Is it true that you have to continuously keep upskilling and reading up on news + labs before and after work?
Good luck on your journey.

IT security is hard to get in. Once you get in, it is hard to get out.
 

liewhl

Senior Member
Joined
Mar 23, 2012
Messages
1,369
Reaction score
0
Hi all, I'm currently a systems engineer doing infra related activities and I've been considering moving over to cybersec and to do pentesting. Is it worth it? I know that in general red team jobs are rarer and only found in consultancy firms as not many companies can afford to have a dedicated red team. I'm studying eLearn Security PTS with ine certification and intend to move over to eLearn PPT and then probably OSCP. Lately my role has been more project management and i really want to dive back into the technicals. I'm still rather young, 29, so would like to branch out into new fields to experiment, ala Pentesting as a chosen field to specialise in. Is it worth doing pentesting in singapore? How is the work culture like? Is it true that you have to continuously keep upskilling and reading up on news + labs before and after work?

I would suggest you do "in demand" cert first like OSCP and crest CRT first, else, you might have to enter as a "freshgrad" hire.

culture wise can look at glassdoor.

Is it true that you have to continuously keep upskilling and reading up on news + labs before and after work?

OSCP is like the foundation cert and entry cert which is expected for a junior role. senior or lead wise, you will need to look at more advance option and i think there is a lot more advance cert offsec have to offer.
 

seesiang

Member
Joined
Oct 17, 2011
Messages
403
Reaction score
1
Hi all, I'm currently a systems engineer doing infra related activities and I've been considering moving over to cybersec and to do pentesting. Is it worth it? I know that in general red team jobs are rarer and only found in consultancy firms as not many companies can afford to have a dedicated red team. I'm studying eLearn Security PTS with ine certification and intend to move over to eLearn PPT and then probably OSCP. Lately my role has been more project management and i really want to dive back into the technicals. I'm still rather young, 29, so would like to branch out into new fields to experiment, ala Pentesting as a chosen field to specialise in. Is it worth doing pentesting in singapore? How is the work culture like? Is it true that you have to continuously keep upskilling and reading up on news + labs before and after work?
in terms of learning, elearnsecurity is more structured and it has more than 1 level for beginner to catch up. But in terms of the support offensivesecurity is much better.

offensivesecurity is more recognized than elearnsecurity.

In terms of technical support, both are the same; try harder.

pen test are mostly found in consultancy firms such as big four. In terms of work-life-balance, the working culture is well-known for consultancy firm. If you do not work in consultancy firm before, try asking those work in big four and you will understand it more.

There will be companies that hire in-house pen test and usually such posts are highly sought for. You only see these positions available once in a blue moon (as people hardly move around)
 

Trader11

Supremacy Member
Joined
Oct 14, 2018
Messages
6,280
Reaction score
516
How much does junior pentester earn? 7 to 8K?
 

devglass

Senior Member
Joined
Mar 18, 2014
Messages
640
Reaction score
2
Hi TS,
to do PT as a career in sg, quite sad to say you will need a minimum of oscp + Crest chop. I assume you don't self-fund sans 560/542 or 600 series yourself either. Now OSCP can do direct equivalency to CRT with a written CPSA already, so CREST cert is a by the way kind of thing if you have OSCP.

IMO, the organic red team in an org is really small and lean in size compared to the generic blue teamers. That being said, being in the RED team, need to be skilled + with field experience. If org cannot afford to have orgainc team, then outsource. To PT for someone, Crest is a minimum + alot of red tapes. Script kiddies will only "grab and smash" but red-teamers you can't... business are at stake.

After all, PT career is quite rewarding. but if you didn't make it, you can join other infosec position with oscp easily too.
 
Last edited:

Trader11

Supremacy Member
Joined
Oct 14, 2018
Messages
6,280
Reaction score
516
Hi TS,
to do PT as a career in sg, quite sad to say you will need a minimum of oscp + Crest chop. I assume you don't self-fund sans 560/542 or 600 series yourself either. Now OSCP can do direct equivalency to CRT with a written CPSA already, so CREST cert is a by the way kind of thing if you have OSCP.

IMOH, the organic red team in an org is really small and lean in size compared to the generic blue teamers. That being said, being in the RED team, field experience is crucial too. PT career is quite rewarding. but if you didn't make it, you can join other infosec position with oscp easily too.
Oscp is base line cert for PT. How much does junior PT earn nowadays?
 

devglass

Senior Member
Joined
Mar 18, 2014
Messages
640
Reaction score
2
Can range from 4.5 - 8k SGD depending on the sector (eg, finance, sme, xxx). The domain also plays a part. IT infra is not the only domain people PT on :)
 

Trader11

Supremacy Member
Joined
Oct 14, 2018
Messages
6,280
Reaction score
516
Can range from 4.5 - 8k SGD depending on the sector (eg, finance, sme, xxx). The domain also plays a part. IT infra is not the only domain people PT on :)
Web application PT? Suppose you have existing experience in software dev
 

devglass

Senior Member
Joined
Mar 18, 2014
Messages
640
Reaction score
2
Web application PT? Suppose you have existing experience in software dev
Ha, we don't go into that. let's help answer TS question.

Hi all, I'm currently a systems engineer doing infra related activities and I've been considering moving over to cybersec and to do pentesting. Is it worth it? I know that in general red team jobs are rarer and only found in consultancy firms as not many companies can afford to have a dedicated red team. I'm studying eLearn Security PTS with ine certification and intend to move over to eLearn PPT and then probably OSCP. Lately my role has been more project management and i really want to dive back into the technicals. I'm still rather young, 29, so would like to branch out into new fields to experiment, ala Pentesting as a chosen field to specialise in. Is it worth doing pentesting in singapore? How is the work culture like? Is it true that you have to continuously keep upskilling and reading up on news + labs before and after work?
eLearnSecurity is a progressive stage you can learn. Slowly, move to proving grounds from offsec. Hackthebox is great for intermediate phase learning, but some htb machines are damn unrealistic which I don't recommend. Normally satisfaction is obtained during the oscp process where one learns new methods.

Work culture is not the usual 8-5, reputation/credibility sometimes is on the line therefore you will have to work under very tight timeline. And yes, you will need to continuously upskill your techniques all the way (because you never know any new/young chap who joins can supersede your tech skills anytime).
 
Last edited:

liewhl

Senior Member
Joined
Mar 23, 2012
Messages
1,369
Reaction score
0
so far, i think for elearnsecurity only the ecptxv2 interest me.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Terms of Service for more information.
Top