I see a lot of requests about shooting for certain entry level certs and was curious if there are people out there looking for practical experience as well to go in conjunction with the certs? Just interested to hear if anyone is exploring options out there and what type of luck they're having.

Joshsevo, you're lucky like you said.  I haven't been able to find any pentesting jobs that require less than 3 years experience, let alone an internship.  How to get that first job without the 3 years...

The key is to demonstrate your passion for the industry. This can bypass experience sometimes. You have to do things on your own time to demonstrate that you're obsessed with this stuff, get certs, write articles, find exploits......whatever it is, do it and keep doing it. You've got to go into interviews professional, but energized. For example, I had a network admin/engineer background (12 years) and was hired as a senior pen testing consultant because I convinced them I knew what I was talking about. It can be tricky but it can be done. A good company will recognize passion and know that the upside for someone with passion is far superior to someone who is just luke warm.

"Bypass" might have been a strong word. You obviously have to have some experience. I had a plan to get into the industry for years so I tried to do everything I could at my old job in the security space, and tried to leverage that experience in the interview. What are you currently doing?

That's interesting conversation. I just get the impression from a lot of the posts I see that certifications seem to be valued more than experience and was curious what specific issues people have encountered. It's pretty painful offering services for free, but indeed some times it is the only route. What about working penetration into your current positions, has anyone attempted that?

US