My goal is to get into pen testing and basically wanted some advice as to how I should next proceed.
I am 27 years old and have a degree and masters in information security and I am currently working as a security engineer. My remit is installing and configuring/trouble shooting firewalls and performing vulnerability testing for our clients.
I have been in this post about six months but want to get into pen testing and always have. The company I work for not offering pen testing only vulnerability assessments.
I am aware you can’t just jump into being a pen tester and that is the problem I currently have.
My company would fund the CEH but I know this only gets past HR in a pen testing role, and other certs hold a lot more value. I can’t see my employer paying for SANS/CHECK CREST/OSCP so I am limited as to which step next.
Should I stay in this role for another six months and try and get a job as a pen tester? Although it would only be a junior role and possibly a pay cut? Or do I stay where I am for a few years and fund myself to take the OSCP and try and get a job as a pen tester in a few years, but the it might still be junior as lack of actual pen testing experience?
I apologise for the wall of text but any guidance with this would be fantastic!