If you are located in the UK, you should take a look at CREST, CHECK and Tiger Scheme.

To get your hands dirty, you could play around with some premade vulnerable images, such as DVL, De-ICE, DVWA, WebGoat, Metasploitable, etc.

To which university are you referring to?
Is there a specific field in IT security that you are interested in?

I'd just concentrate on the basics and concepts - attacking a target will be much easier then and feels more natural. If one understands the very basics, understanding attack vectors on top of it shouldn't be much of a problem.


I haven't played around with Metasploitable 2, but personally I don't think that any premade vulnerable image can mimic a real target/network/infrastructure 100%. As you said, they are usually rather easy to root and aim to demonstrate specific attack vectors. Of course you will find in real pentests low-hanging fruits as well or can use a single exploit to do a mass pwnage, but often it's much more complicated or needs multiple stages of exploitation in order to get to your desired data.

If you meet the requirements you will most probably enjoy the labs from Offensive Security.

I was just referring to this:

I also am hoping to get a job as a pen tester one day. I'm majoring in computer science at the local university. I'm still taking my core requirements, not into the actual cs stuff just yet, although I will be taking 1 class this fall on sql programming. I'm just reading books at home and I have set up an old computer and am running it as a server and trying out things on it that I'm learning from my books. Right now I'm reading "The Basics of Hacking and Pen Testing" by Pat Engebretson. I also have Ninja Hacking which I haven't gotten started in yet. I hope to teach myself a bit of the security stuff as I go through college since they don't offer a security major here. Then after I finish my bachelors I may enroll somewhere and work on getting my masters in security. I'm just working with what's available to me, so hopefully, I'll be able to make it all work out for me. Good luck to you Sam Kennedy in your journey to becoming a pen tester! I hope you are successful!

Hi Sam,

I would say do a course in security if you can there are a lot of places that offer good security course in the UK.

I would also try get involved and make contact by attending events in the UK if you can afford it go to 44con.

CREST adn TIGER  are the main cert you want to get in the UK but they come in at pretty price I think to get team member for Tiger its about 2k.

There are lots cool website that contain free information and lots of security groups. If you dont have one already build your own lab to pratice any skills you gain.

Hope this helps......