You don't need to be a genius hacker in a hoodie. You just need to know where to start.

Every time there's a data breach in the news, someone somewhere is thinking — "I want to be the person who finds those vulnerabilities before the bad guys do."

That person is a penetration tester. And if you're reading this, maybe that person is you.

Penetration testing — or "pen testing" — is one of the most exciting, in-demand, and well-paid careers in cybersecurity. It's also one of the most misunderstood. Hollywood has painted hackers as mysterious geniuses who type furiously in dark rooms. The reality is both more technical and more accessible than that.

This is your beginner's guide. No fluff, no gatekeeping — just a clear path from curious to career-ready.

So, What Actually Is Penetration Testing?

Penetration testing is the practice of legally and ethically attacking a system to find its weaknesses before malicious hackers do.

Think of it like a fire drill — but for cybersecurity. A company hires a pen tester (or a team) to simulate real-world attacks on their networks, applications, or physical infrastructure. The goal is to find the gaps and report them so they can be fixed.

It's hacking — but with permission. That distinction is everything.

Pen testers might target:

  • Web applications — finding SQL injections, broken authentication, cross-site scripting
  • Networks — scanning for open ports, misconfigured firewalls, unpatched systems
  • Mobile apps — reverse engineering apps to find exposed APIs or insecure data storage
  • Social engineering — testing whether employees fall for phishing emails
  • Physical security — yes, sometimes pen testers actually walk into buildings to test physical access controls

The Penetration Testing Process

Every professional pen test follows a structured methodology. Here's how it works:

1. Reconnaissance

Before touching anything, a pen tester gathers as much information as possible about the target — publicly available data, domain names, employee information, technology stack. This is called OSINT (Open Source Intelligence) and it's entirely passive. You're just watching, not touching.

2. Scanning and Enumeration

Now the tester actively probes the target. Tools like Nmap scan for open ports and running services. The goal is to map out the attack surface — what's exposed and potentially vulnerable.

3. Exploitation

This is the part everyone thinks of when they hear "hacking." The tester attempts to exploit discovered vulnerabilities to gain unauthorised access. This might mean exploiting a known CVE (Common Vulnerability and Exposure), cracking weak credentials, or chaining multiple smaller vulnerabilities together.

4. Post-Exploitation

Once inside, the tester asks: how far can I go? Can I escalate privileges? Move laterally across the network? Access sensitive data? This phase demonstrates the real-world impact of the vulnerability.

5. Reporting

This is arguably the most important phase — and the one that separates good pen testers from great ones. A detailed report documents every finding, its severity, how it was exploited, and exactly how to fix it. Writing clearly and concisely is a superpower in this field.

Tools Every Beginner Should Know

You don't need to master everything at once. Start with these:

Kali Linux — The go-to operating system for pen testers. It comes pre-loaded with hundreds of security tools. Free to download and use.

Nmap — Network mapper. Scans targets to identify open ports, services, and operating systems. The first tool most pen testers reach for.

Burp Suite — The industry standard for web application testing. Intercepts and manipulates HTTP traffic to find vulnerabilities in web apps.

Metasploit — A framework for developing and executing exploits. Powerful, widely used, and essential to learn.

Wireshark — A network protocol analyser. Captures and inspects packets flowing across a network in real time.

John the Ripper / Hashcat — Password cracking tools used to test the strength of password hashes.

Where to Practice — Legally

This is the question every beginner asks. The answer: practice on systems you own or that exist specifically for learning.

HackTheBox (HTB) — The gold standard for hands-on pen testing practice. Machines of varying difficulty that simulate real-world scenarios. If you can consistently solve medium and hard boxes, you're job-ready.

TryHackMe — More beginner-friendly than HTB. Guided learning paths that walk you through concepts step by step. Great starting point.

VulnHub — Free downloadable vulnerable virtual machines. Set them up locally and practice offline.

DVWA (Damn Vulnerable Web Application) — A deliberately insecure web application for practising web vulnerabilities. Run it locally and go wild.

Bug Bounty Programmes — Platforms like HackerOne and Bugcrowd let you test real applications legally and get paid for valid findings. Start here once you have some basics down.

Certifications That Actually Matter

The cybersecurity certification landscape is crowded. Here's what hiring managers actually look for in pen testing:

CEH (Certified Ethical Hacker) — A good entry-level certification that introduces pen testing concepts. Widely recognised, especially in corporate environments.

CompTIA PenTest+ — Vendor-neutral, covers the full pen testing lifecycle. Good for beginners building a foundation.

OSCP (Offensive Security Certified Professional) — The gold standard. Brutal 24-hour practical exam where you have to compromise multiple machines. If you have an OSCP, every hiring manager takes you seriously. This is the one to work towards.

eJPT (eLearnSecurity Junior Penetration Tester) — Perfect first certification. Affordable, beginner-friendly, and entirely practical. Start here.

PNPT (Practical Network Penetration Tester) — By TCM Security. Highly practical, affordable, and increasingly respected in the industry.

Building a Career in Pen Testing

The technical skills get you in the door. Here's what builds the career:

Build a portfolio. Document your HackTheBox and TryHackMe writeups on a blog (Medium is perfect for this). Show your methodology, your thinking, your reporting style. Hiring managers want to see how you work.

Get on LinkedIn. Cybersecurity hiring is heavily network-driven. Follow pen testers, engage with their content, share your own learning journey. People hire people they recognise.

Contribute to the community. Attend local cybersecurity meetups (Dublin has a strong scene — BSides Dublin is a great starting point). Contribute to open source security tools. Mentor beginners once you've progressed.

Understand the business side. The best pen testers aren't just technical — they understand risk, communicate clearly with non-technical stakeholders, and write reports that executives can act on. This is where a background in IT audit or GRC becomes a serious advantage.

Specialise strategically. Web application testing, mobile testing, cloud security, red teaming, social engineering — pick a lane and go deep. Generalists are common; specialists are rare and well-paid.

What Does the Career Actually Look Like?

Pen testing careers typically progress like this:

Junior Pen Tester / Security Analyst — Entry level. Following methodology, running tools, writing reports under supervision. €35,000–€55,000 in Ireland.

Penetration Tester — Independent engagements, specialised skills, client-facing. €55,000–€85,000.

Senior / Lead Pen Tester — Leading teams, scoping engagements, complex targets. €85,000–€120,000+.

Red Team Operator — Simulating sophisticated, nation-state level attacks against mature organisations. Elite level. €100,000–€150,000+.

Independent Consultant / Bug Bounty Hunter — Working for yourself, your own rates, your own schedule. Uncapped earnings for the best in the field.

Ireland is an especially strong market — with the European headquarters of Google, Meta, Microsoft, and dozens of financial institutions all based here, the demand for offensive security professionals is significant and growing.

The Honest Truth About Getting Started

Here's what nobody tells beginners: pen testing is hard, and the learning curve is steep.

You will get stuck. Machines on HackTheBox will frustrate you. You'll spend hours on a problem that has a ten-second solution once you know it. That feeling of being stuck is not a sign you're in the wrong field — it's the job.

The people who succeed in pen testing are curious, persistent, and genuinely enjoy the puzzle. They read CVE databases for fun. They rebuild lab environments on weekends. They go down rabbit holes.

If that sounds like you — welcome. You'll fit right in.

Your Action Plan — Starting Today

  1. Set up Kali Linux in a virtual machine (VirtualBox is free)
  2. Create a TryHackMe account and complete the "Pre-Security" path
  3. Sign up for HackTheBox and attempt your first easy machine
  4. Start the eJPT certification — it's affordable and entirely practical
  5. Document everything on Medium or a personal blog
  6. Connect with the community — follow pen testers on LinkedIn, join Discord servers

You don't need to do all of this at once. Pick one and start today.

The best time to start was five years ago. The second best time is now.

Follow me: @ramss2311 on Medium