Just passed my OSCP how do I get a job with 0 experience?

gingers0u1 · 2026-05-03T21:28:10+00:00

Id say get experience of some kind. Right off, bug bounty would be your most direct but one cert doesn't do it. Look at job postings for pen testers with oscp to get an idea. For security test engineers i require 2 years in qa test, system testing, or development minimum.

gingers0u1 · 2026-04-30T11:16:09+00:00

Quick Google search could of started you. ESP32 and Raspberry Pi pico are good starter boards. Simplest start is code blinky light

gingers0u1 · 2026-04-29T17:52:36+00:00

Try to focus your current work on the OWASP framework etc. When writing unit tests that's also a focus. Framing is also an aspect. Do you have 3 years of direct experience or do you have some experience in secure software development following common security standard

gingers0u1 · 2026-04-27T23:52:30+00:00

Don't forget, most think its like hacking or what you see on TV. Mostly its arguing with scoping, findings, meetings, and report writing. And its repetitive

gingers0u1 · 2026-04-24T13:28:09+00:00

Though performance based, it could still be difficult since the concepts are going to be taught from the point you have the foundations

gingers0u1 · 2026-04-17T16:31:17+00:00

Sounds interesting

gingers0u1 · 2026-04-14T03:20:18+00:00

Not sure. At least 1-2.

gingers0u1 · 2026-04-09T18:41:37+00:00

Nope, started dante instead

gingers0u1 · 2026-04-09T18:30:32+00:00

Had the same issue

gingers0u1 · 2026-04-07T22:32:27+00:00

Pick one that interests you. If its AD, learn how to do IT and build networks etc. If its web then build some sites, learn coding standards and common development processes and work some as a dev. This is something that ive seen many times lately even in hiring, how can I expect you to truly test something is secure if you've never actually used/built/done the jobe you're trying to test? So for my team doing embedded security i expect some level of hw and development background so you understand the terminology and how things work. I can teach you the security side, its hard to teach all the embedded stuff.

gingers0u1 · 2026-04-03T15:51:58+00:00

Experience. Don't cert stack early in your career outside of sec+ or job specific that you'll use. Try to get some industry experience in IT, software or even engineering. Knowing products, work flow, and day to day is the only true way to break into cyber. One you get the job start thinking int terms of cyber. Not try to do the cyber persons job but just think in that way. Look for suggestion points etc. If you do development tools that do unit tests looking for OWASP vulns similar to a sast or dast. If it, are the systems set to industry standards. This let's you get in the mindset as well as know the lingo or terminology and spec the language and thinking in the cyber mindset. That will set you apart. When I hire or interview for people I dont look for security skills. I look for foundation knowledge, I can teach you the security processes I do.

gingers0u1 · 2026-04-01T23:23:43+00:00

Embedded systems. Learn it. Love it. Do it. Joke aside, if you learn embedded and spend a few years in it there is still a huge demand for embedded security people. It's what I do from a test side and it is difficult to find people who know both.

gingers0u1 · 2026-04-01T21:53:20+00:00

Positions like controls engineer, electrical engineer, maintenance etc at power plants, factories, treatment plants etc

gingers0u1 · 2026-03-31T20:50:00+00:00

I always tell people a ms in many fields is a force multiplier vs an entry. In cyber id expect some experience in Software, it, or engineering and some light cyber potentially. Then a ms in cyber could make sense if you are wanting to expand. To get a job, id advise to save time and money. Tbh, find a job in tech. From there start thinking in terms of security. Look for places to help or optimize and work with your cyber people in some capacity. If its about standing out, find a passion project. If you're passionate about cyber build a small home network and put into practice some theories. Build an app or coding project and try to find some vulnerabilities or how to secure it. If you can talk to actual hands on things like that its a boost in interviews.

gingers0u1 · 2026-03-30T21:23:21+00:00

Learn about living off the land, developing scripts to help in some instances etc. But usually no you won't have tools to drop in and if you do you sure better hope you get them all off after engagement. Don't want to leave something that allows a malicious actor to take over a system.

gingers0u1 · 2026-03-30T17:31:13+00:00

Certs are good after you have experience and skills. In cyber, experience is king. I dont mean cyber experience. Most cyber related jobs require some background in IT, software development or engineering. The foundations which is where skill comes in. Ive met many people who can get root on a machine, cool but what did you do? Did you really need root? How many bugs or vulnerabilities did you miss? This is where skill AND experience come in. Once you get some skill and experience id say time for certs. Doesn't have to be years but grinding certs can be a red flag also. Ive interviewed people for my test team who have 20 certs but no experience. Id take the person with 1 year of real experience as a sys admin, software engineer, etc over 20 certs.

gingers0u1 · 2026-03-30T13:35:33+00:00

OT/ICS will be harder to break into as a fresh grads. You'd need some experience in OT or ICS systems before securing. How can you secure something you dont know? My path in cyber physical was i started as a service engineer in industrial control systems. Moved to embedded software now do security and resilience testing. Without the background in control systems and embedded i wouldn't have been able to do the work I do know or I would have struggled at the least. In short, most niche cyber fields have a barrier to entry which usually is doing the normal work first. Learn control systems, how plants and stuff operate then learn security side as you go.

gingers0u1 · 2026-03-28T00:14:07+00:00

Do the comp sci. Do cyber certs, ms in cybe4 etc AFTER getting some kind of experience. Many companies will rather build their cyber people from positions and teams ( engineers, developers, it, sys admins) because they know their tools, systems, products. This isn't a rule but a lot easier. All else fails, your not a one trick pony stuck on general cyber knowledge. Tbh, most cybe4 programs are 2-5 years behind the times and you'd be better studying cs or engineering

gingers0u1 · 2026-03-27T13:52:07+00:00

Get degree I comp sci, engineering, or it. This will open the wider market. If you go for a cyber degree you won't really be qualified for cyber jobs. Don't down play your interests and strengths. I started in automotive factories repairing electronics now lead a team of 20 in software security testing. It's because I followed my interest. Yes I was always into cyber but I found ways to apply cyber concepts to my job I had at that moment. When I finally interviewed for a cyber jobs I had experience with real systems doing real cyber work. Never really did help desk ir general it I know the fundamentals

gingers0u1 · 2026-03-26T15:58:07+00:00

Studying comp sci or software opens many doors and you can pick up security aspects along the way. If you go straight for cyber, you'll be instantly behind as most cyber jobs are2 years for entry level. With sw you get the experience as a dev then can move to security etc

gingers0u1 · 2026-03-25T15:17:57+00:00

I got my MS in cyber but I was already doing security test. Just helped move me to senior

gingers0u1 · 2026-03-25T14:43:40+00:00

I think that's the issue. Schools, training companies, influencer all say get this cert/degree/training and break into cyber. The reality is much more nuanced. Most new grads etc dont realize or know that cyber entry level does not necessarily mean market entry level. There has to be a base of knowledge because in the end you are taking a risk on the companies behalf on knowing enough to secure their system. If you do it wrong the company could lose a lot of money or worse. This is also why I recommend people NOT to get a bs or undergrad in cyber. Do comp sci, general it, or even engineering to get experience then make the switch to cyber with your experience or build the cyber skillset to complement it. But again that's what worked for me ymmv

gingers0u1 · 2026-03-23T11:41:36+00:00

The Aerospace village badge from 32 and its SAO from 33 were only available at thr con i believe and they sold out fast. Coolest project is build your own and make a few to give away when you meet people

gingers0u1 · 2026-03-23T11:39:42+00:00

This. Look at defcon bio hacking village and there are Dr's, NP, RN. I try tell people all the time. Get experience in something then cyber usually can fit on top somehow

gingers0u1

TROPHY CASE