A structured path to becoming a professional penetration tester, from foundations through advanced offensive security expertise.
Penetration testers ethically hack systems to identify vulnerabilities before malicious actors can exploit them. This roadmap progresses from basic security knowledge to advanced exploit development and penetration testing.
Want 1-on-1 guidance through this path? I offer a mentorship program where I personally help you get certified, build real projects for your GitHub, rewrite your resume, and land your first cybersecurity role. Learn more
| Level | Certification | Organization | Link |
|---|---|---|---|
| Foundation | Security+ | CompTIA | Website |
| Entry-Level Pentest | PenTest+ | CompTIA | Website |
| Intermediate | CEH (Certified Ethical Hacker) | EC-Council | Website |
| Advanced | OSCP (Gold Standard) | Offensive Security | Website |
| Expert | OSEP | Offensive Security | Website |
| Expert | GXPN (Exploit Researcher) | GIAC | Website |
Target: Security+
Build fundamental knowledge in:
- Network protocols and architecture
- Operating systems (Windows/Linux)
- Security concepts and terminology
- Basic cryptography
- Security tools fundamentals
Resources:
- CompTIA Security+ official materials
- Basic networking courses
- Linux fundamentals training
Target: PenTest+
Learn core penetration testing:
- Reconnaissance and enumeration
- Vulnerability scanning
- Exploitation basics
- Post-exploitation techniques
- Reporting and documentation
Resources:
- CompTIA PenTest+ study materials
- TryHackMe beginner paths
- HackTheBox easy machines
Target: CEH
Expand attack methodology:
- Advanced footprinting
- System hacking techniques
- Web application attacks
- Wireless network attacks
- Social engineering
- Malware analysis basics
Resources:
- EC-Council CEH training
- Practical hacking labs
- CTF competitions
Target: OSCP (Industry Gold Standard)
Master practical penetration testing:
- Manual exploitation techniques
- Buffer overflow exploitation
- Privilege escalation (Windows/Linux)
- Active Directory attacks
- Lateral movement
- Real-world lab environments
Resources:
- Offensive Security PWK course
- Proving Grounds practice labs
- OSCP preparation guides
Note: OSCP requires hands-on exam - you must compromise multiple machines within 24 hours. No multiple choice.
Target: OSEP
Learn evasion and advanced techniques:
- AV/EDR evasion
- Code signing and obfuscation
- Process injection
- Advanced Active Directory attacks
- Lateral movement techniques
Resources:
- Offensive Security PEN-300 course
- Advanced red team training
- Real-world penetration testing experience
Target: GXPN
Specialize in exploit research:
- Vulnerability research
- Exploit development
- Reverse engineering
- Zero-day discovery
- Advanced binary exploitation
Resources:
- SANS exploit development courses
- Reverse engineering platforms
- Bug bounty programs
Technical Skills:
- Linux command line mastery
- Scripting (Python, Bash, PowerShell)
- Web application testing (Burp Suite, OWASP ZAP)
- Network exploitation (Metasploit, custom exploits)
- Active Directory attacks
- Binary exploitation
- Report writing
Soft Skills:
- Critical thinking
- Attention to detail
- Problem-solving under pressure
- Clear communication (technical reports)
- Ethical judgment
- Continuous learning mindset
- Foundation to Entry: 5-10 months
- Entry to Advanced: 10-18 months
- Advanced to Expert: 1-3 years
Total time to expert level: 3-5 years with continuous practical experience.
- TryHackMe - Guided learning paths
- HackTheBox - Realistic machines
- VulnHub - Downloadable VMs
- PentesterLab - Web app focused
- Proving Grounds - OSCP-like practice
Build pentesting skills with these projects:
This is a lot to tackle alone. If you want someone guiding you through the certifications, building your projects, and getting your resume right — my 1-on-1 mentorship covers the full process for 90 days. certgames.com/mentorship