One year using INE, What I really learned ?

When I began the INE path, I was not starting from zero.

Anas Lachheb

~4 min read · February 12, 2026 (Updated: February 12, 2026) · Free: Yes

I already had a strong technical foundation : development, systems, networking and cybersecurity.

I have an understanding of architectures. I am able to read code without any problems. The basics of penetration testing are also something I'm familiar, with. I know the fundamentals of penetration testing.

Understanding cybersecurity is not the same as executing under pressure, inside an unfamiliar environment.

In one year, I earned:

eJPT
eCPPT
eWPT
eMAPT
eWPTx

It may look like a fast stack of certifications. It was a structured, methodical, demanding immersion. Here is what that year truly taught me.

Penetration Testing Track

A strong technical base accelerates everything, but it is not enough

My background really helped me out. When I saw: - Suspicious network traffic - Vulnerable code - An inconsistent server configuration

I could understand what was happening, but intellectual understanding does not replace operational ability.

Example: Before, I could explain Linux privilege escalation. After eCPPT, I could quickly identify a misconfigured sudo rule, an exploitable SUID binary, or a weak service configuration in a real environment.

The difference is repetition. You can read one hundred articles, nothing replaces ten broken environments that you must figure out alone.

eJPT reminded me that fundamentals win

A lot of people do not think the basics are important. They think the basics are easy and they do not need to learn about them. The basics are really the foundation of everything. You should really focus on learning the basics of something before you move on to complicated things : - Enumeration - Scanning - Service analysis - Simple exploitation

Yet about 80% of a successful intrusion depends on proper enumeration.

With eJPT, I reinforced one simple rule: "Never attack before fully understanding the attack surface".

You must: - Identify every exposed service - Check versions - Look for weak configurations - Test anonymous access - Review application errors

This level of rigor separates superficial testing from real compromise.

eCPPT forced me to structure my offensive thinking

eCPPT was a turning point. It is no longer about finding one vulnerability. It is about chaining steps: Reconnaissance, Pivoting, Privilege escalation, Lateral movement and Maintaining access.

I learned to think in scenarios. For example: - Gain low level initial access - Extract credentials - Access another machine - Escalate on a domain controller

This type of chain needs a method and a lot of patience. You have to write everything down try out your ideas and be okay with making mistakes and going back, to the start. The chain requires you to be methodical and patient so you can figure out what works and what does not work with the chain.

Web security is more complex than it looks

With eWPT and especially eWPTx, my perspective changed. Before, I focused mainly on classic technical vulnerabilities or OWASP Top 10: - SQL injection - XSS - LFI …

After this training, I understood that logic flaws are often more dangerous. An application can be technically clean, but its workflow can be exploitable: - Modify a hidden parameter - Bypass client side validation - Abuse role mismanagement - Exploit an undocumented API endpoint

This type of issue requires reasoning. Modern attacks often exploit functional weaknesses, not only technical ones.

eMAPT expanded my vision

Mobile changes the game, with eMAPT, I worked on: - Reverse engineering - Static analysis with Jadx - Dynamic analysis - Security mechanism bypass - Traffic interception

The lesson was simple: "A poorly protected mobile app exposes the entire backend architecture".

You can uncover internal endpoints, API keys, hidden logic, authentication mechanisms and a lot of more. Testing mobile often gives you a shortcut to the API. It taught me to think in ecosystems, not isolated applications.

Time management is a core skill

Passing several certifications in one year requires strict organization. I structured my learning: - Weekly plan - Monthly goals - Reviewing notes - Repeating difficult labs - Simulating exams

I did not just consume content, I repeated exercises. Repetition builds reflex. When you open an unknown environment, you do not panic, you apply a method.

To conclude, if you are considering a similar path : - Do not chase speed - Chase depth - Redo the labs - Redo the labs (x2) - Redo the labs (x3) … - Redo the labs (xN)

One well structured year (or more if you don't have a solid IT background) can create a major level jump if you accept repetition, frustration, and high standards.

Offensive skill is built, It is never improvised where Mental discipline is the real differentiator.

My learning with INE continues on a new path. Feel free to visit their website for more information: https://get.ine.com/f440tn20lx90

#pentesting #learning #cybersecurity