What do you think?
Rate this book
The Pentester BluePrint: Starting a Career as an Ethical Hacker
JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER The Pentester Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications. You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement. Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing. Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach
192 pages, Paperback
First published December 3, 2020
101 people are currently reading
595 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 19 of 19 reviews
November 21, 2020
If you’ve ever considered pursuing a career in cyber security, especially penetration testing (or pentesting), ethical hacking, or whatever the kids are calling it these days, The Pentester BluePrint: Starting a Career as an Ethical Hacker is the perfect place to begin. Reading this book won’t get you a job. However, what it will do is give you direction. It’s a roadmap (er…blueprint) for getting started.
My first job in cyber security was as a technical writer with a team of pentesters. As a technical writer, I was never required to be trained in the field in which I was working. Solid communication skills and an aptitude for learning have opened plenty of doors for me. During my time with the security team, I was continually blown away by the work they did. It was really amazing watching them in action. I knew then that I wanted to be a pentester. How to get started, though? It seemed like all of the job openings required experience, and no one was offering training. I kept wondering how I could get experience. You can’t get a job without experience, and you can’t get experience without a job. What a conundrum!
How could I learn to do all of the amazing (and honestly, really cool!) things the testers were doing? There was really no guide that I could find. There were of course plenty of hacking and security tool reference guides. But all of those assumed that the reader was already skilled. There was no guide on how to get started. After earning some security certifications and gaining experience in incident handling, GRC, and other aspects of security (while still employed as a technical writer), I found a great entry-level security analyst position. My new boss paid for beginner penetration testing training through eLearnSecurity. I got my first real hands-on penetration testing training there. When my employer needed someone to start testing our web applications, I jumped on the opportunity and have since tested dozens of applications.
I may have taken the long way to get where I am. Honestly, I feel like I’ve been making this (my security career) up as I went along, always learning, listening, making plenty of mistakes, and growing. Had I had a book like The Pentester BluePrint to follow, I might have been able to start learning sooner, stay focused, and start my pentesting career earlier. I just didn’t know where or how to start.
I met Phillip Wylie in 2019 at the BSides security conference in San Antonio, TX. Phillip was hosting a workshop on web application penetration testing. I was excited about getting some hands-on training from a professional, even if only for a few hours. Later, I watched several of Phillip’s webinars, one being The Pentester BluePrint, for which this book is named. For the webinar, Phillip outlined the high-level steps required to prepare for a career as a pentester. I really learned a lot from that talk. Later, I took Phillip’s Web Application Penetration Testing course at Richland College (now Dallas College). Phillip knows his material, and he knows how to communicate it.
Earlier in 2020, Phillip announced that he was writing a book based on his The Pentester BluePrint conference talk. This was a great idea, because it allowed him to move beyond the confines of a one-hour discussion and go into greater detail. And through collaboration with cyber security journalist Kim Crawley, they did just that. They expanded Phillip’s one-hour talk into a full 172-page book. I was already familiar with Kim’s work, having read several of her articles. Her writing style is very clear, concise, and on point, and it shows in this book. It’s not just a checklist, however. It feels like the authors are speaking directly to the reader and sharing their knowledge and experience one-on-one the way a mentor would.
The Pentester BluePrint: Starting a Career as an Ethical Hacker opens with a wonderful forward by half of the team behind the Tribe of Hackers series, Marcus Carey, followed by a summary of Phillip’s own experiences in the world of IT and pentesting. The book is divided into nine logically ordered chapters:
• Chapter 1: What Is a Pentester?
• Chapter 2: Prerequisite Skills
• Chapter 3: Education of a Hacker
• Chapter 4: Education Resources
• Chapter 5: Building a Pentesting Lab
• Chapter 6: Certifications and Degrees
• Chapter 7: Developing a Plan
• Chapter 8: Gaining Experience
• Chapter 9: Getting Employed as a Pentester
In reading this book, you’ll gain a solid understanding of what penetration testing is and why penetration tests are important and necessary. You’ll learn about different types of security testing (e.g., vulnerability scanning, web apps, IoT, physical, Red Team, etc.). You’ll also get a good general cyber security education. You’ll learn about the types of skills (e.g., networking, operating systems, social engineering, etc.) you’ll need to acquire if you want to work in this profession.
They discuss other educational resources including certifications, penetration testing guides, and blogs. And of course, there’s a lengthy discussion about setting up your own lab including descriptions of some of the more popular pentesting tools. Rounding out the book are chapters on how to create your plan to become a penetration tester, how to gain real world experience, and finally how to get an actual paying job.
This book is very well organized, well written, and easy to follow. What puts it over the top is that the authors interviewed and quoted many working cyber security professionals to learn which tools they use and how they use them, how they gained experience, how they built their pentesting labs, and how they actually got hired as either full-time penetration testers or as security practitioners who perform penetration testing as part of their job. The interviews are not just interesting; they also express the idea that no one way is the right way. If you’re interested in pursuing a career as a penetration tester, use The Pentester BluePrint: Starting a Career as an Ethical Hacker as your guide, but then choose the right direction for you. As you learn more and get exposed to new technologies and ideas (or happen to witness a cool hack at BSides or on YouTube), you may realize that you want to focus on one aspect of penetration testing, such as web application or mobile penetration testing, over all of the others. You may also become more of a generalist who conducts several types of tests. But you’ll have to get exposed to as many facets of the profession as possible before you can know.
Note: I’m especially excited about the interviews part, because Kim and Phillip interviewed and quoted me. I’m very proud and honored to have been a part of this excellent book.
You may look at all of this and feel overwhelmed. That’s why The Pentester BluePrint: Starting a Career as an Ethical Hacker was written in such a logical sequence. If you’re new, just start at the beginning and work your way through at your own pace. And don’t be afraid to ask questions. If you already have experience, take what you need and fill in the gaps.
I hope that Kim and Phillip follow up with a second book that covers the more advanced aspects of the profession.
My first job in cyber security was as a technical writer with a team of pentesters. As a technical writer, I was never required to be trained in the field in which I was working. Solid communication skills and an aptitude for learning have opened plenty of doors for me. During my time with the security team, I was continually blown away by the work they did. It was really amazing watching them in action. I knew then that I wanted to be a pentester. How to get started, though? It seemed like all of the job openings required experience, and no one was offering training. I kept wondering how I could get experience. You can’t get a job without experience, and you can’t get experience without a job. What a conundrum!
How could I learn to do all of the amazing (and honestly, really cool!) things the testers were doing? There was really no guide that I could find. There were of course plenty of hacking and security tool reference guides. But all of those assumed that the reader was already skilled. There was no guide on how to get started. After earning some security certifications and gaining experience in incident handling, GRC, and other aspects of security (while still employed as a technical writer), I found a great entry-level security analyst position. My new boss paid for beginner penetration testing training through eLearnSecurity. I got my first real hands-on penetration testing training there. When my employer needed someone to start testing our web applications, I jumped on the opportunity and have since tested dozens of applications.
I may have taken the long way to get where I am. Honestly, I feel like I’ve been making this (my security career) up as I went along, always learning, listening, making plenty of mistakes, and growing. Had I had a book like The Pentester BluePrint to follow, I might have been able to start learning sooner, stay focused, and start my pentesting career earlier. I just didn’t know where or how to start.
I met Phillip Wylie in 2019 at the BSides security conference in San Antonio, TX. Phillip was hosting a workshop on web application penetration testing. I was excited about getting some hands-on training from a professional, even if only for a few hours. Later, I watched several of Phillip’s webinars, one being The Pentester BluePrint, for which this book is named. For the webinar, Phillip outlined the high-level steps required to prepare for a career as a pentester. I really learned a lot from that talk. Later, I took Phillip’s Web Application Penetration Testing course at Richland College (now Dallas College). Phillip knows his material, and he knows how to communicate it.
Earlier in 2020, Phillip announced that he was writing a book based on his The Pentester BluePrint conference talk. This was a great idea, because it allowed him to move beyond the confines of a one-hour discussion and go into greater detail. And through collaboration with cyber security journalist Kim Crawley, they did just that. They expanded Phillip’s one-hour talk into a full 172-page book. I was already familiar with Kim’s work, having read several of her articles. Her writing style is very clear, concise, and on point, and it shows in this book. It’s not just a checklist, however. It feels like the authors are speaking directly to the reader and sharing their knowledge and experience one-on-one the way a mentor would.
The Pentester BluePrint: Starting a Career as an Ethical Hacker opens with a wonderful forward by half of the team behind the Tribe of Hackers series, Marcus Carey, followed by a summary of Phillip’s own experiences in the world of IT and pentesting. The book is divided into nine logically ordered chapters:
• Chapter 1: What Is a Pentester?
• Chapter 2: Prerequisite Skills
• Chapter 3: Education of a Hacker
• Chapter 4: Education Resources
• Chapter 5: Building a Pentesting Lab
• Chapter 6: Certifications and Degrees
• Chapter 7: Developing a Plan
• Chapter 8: Gaining Experience
• Chapter 9: Getting Employed as a Pentester
In reading this book, you’ll gain a solid understanding of what penetration testing is and why penetration tests are important and necessary. You’ll learn about different types of security testing (e.g., vulnerability scanning, web apps, IoT, physical, Red Team, etc.). You’ll also get a good general cyber security education. You’ll learn about the types of skills (e.g., networking, operating systems, social engineering, etc.) you’ll need to acquire if you want to work in this profession.
They discuss other educational resources including certifications, penetration testing guides, and blogs. And of course, there’s a lengthy discussion about setting up your own lab including descriptions of some of the more popular pentesting tools. Rounding out the book are chapters on how to create your plan to become a penetration tester, how to gain real world experience, and finally how to get an actual paying job.
This book is very well organized, well written, and easy to follow. What puts it over the top is that the authors interviewed and quoted many working cyber security professionals to learn which tools they use and how they use them, how they gained experience, how they built their pentesting labs, and how they actually got hired as either full-time penetration testers or as security practitioners who perform penetration testing as part of their job. The interviews are not just interesting; they also express the idea that no one way is the right way. If you’re interested in pursuing a career as a penetration tester, use The Pentester BluePrint: Starting a Career as an Ethical Hacker as your guide, but then choose the right direction for you. As you learn more and get exposed to new technologies and ideas (or happen to witness a cool hack at BSides or on YouTube), you may realize that you want to focus on one aspect of penetration testing, such as web application or mobile penetration testing, over all of the others. You may also become more of a generalist who conducts several types of tests. But you’ll have to get exposed to as many facets of the profession as possible before you can know.
Note: I’m especially excited about the interviews part, because Kim and Phillip interviewed and quoted me. I’m very proud and honored to have been a part of this excellent book.
You may look at all of this and feel overwhelmed. That’s why The Pentester BluePrint: Starting a Career as an Ethical Hacker was written in such a logical sequence. If you’re new, just start at the beginning and work your way through at your own pace. And don’t be afraid to ask questions. If you already have experience, take what you need and fill in the gaps.
I hope that Kim and Phillip follow up with a second book that covers the more advanced aspects of the profession.
August 24, 2021
Highly informative with awesome chapters that provide useful resource information.
Read
June 12, 2021Absolutely good for the first step to become an ethical hacker. After reading, you will know what the next step might be or an efficient plan.
August 5, 2021
A very well written how-to guide on how to get into the Penetration Testing career field.
While reading this I thought to myself, if I were writing this type of book... honestly I would go down the same path and couldn't see anything the author really missed or I would have done differently.
For me, with greater than 10 years experience in the information security field, a lot of this was refresher material. But, it was still enjoyable and the author not only knows what he is talking about, he delivered the material in a concise and effective manner.
Relevant publication reference and coverage hit the mark too.
At the end of the day to provide a summary on how to land your first pentesting job:
Get Certs, grind home labs, do CTFs, and network.
While reading this I thought to myself, if I were writing this type of book... honestly I would go down the same path and couldn't see anything the author really missed or I would have done differently.
For me, with greater than 10 years experience in the information security field, a lot of this was refresher material. But, it was still enjoyable and the author not only knows what he is talking about, he delivered the material in a concise and effective manner.
Relevant publication reference and coverage hit the mark too.
At the end of the day to provide a summary on how to land your first pentesting job:
Get Certs, grind home labs, do CTFs, and network.
December 5, 2022
The pentester blueprint is strikingly different from other ethical hacking books as it doesn't introduce you to the practical concepts which one expects out of such a book. This is a one of a kind book which focuses more towards the theoretical nature of ethical hacking and provides a path towards starting a career in this field. The provided content takes you from the meaning of an ethical hacker and the skills required for it to the several ways in which one can acquire them. It follows on with the job aspect of this industry and provides several anecdotes to broaden your view towards a career in this field. This is a must read for anyone beginning this exhilarating journey and is highly recommended from my end.
July 22, 2021
Sort of guide to someone who is thinking about career change (or starting career after school). For someone with some experience this could be summarized in one printout, with some links and table of vital skills to have, but for someone starting from scratch - it's useful.
I think it could be summarized to two things: Do CTFs and learn to take notes. Everything else will come naturally while doing CTFs.
So as two star rating says - It was Ok.
I think it could be summarized to two things: Do CTFs and learn to take notes. Everything else will come naturally while doing CTFs.
So as two star rating says - It was Ok.
June 25, 2024
Today I read this terrific book on pentesting by Phillip Wylie in one sitting. If you're interested in pivoting into pentesting as a career, or want to know what pentesting really is, there's lots of practical and actionable information here, especially regarding career options. The field of cybersecurity and information security continues to grow because networks and data sources are only getting bigger and bigger. This is the perfect book for beginners, and it provides sound advice and a well-reasoned roadmap for getting started as a pentester.
There's a couple of ways to get the most out of this book other than reading it. First, save every link in the book and research the content.
Second, the glossary is so useful. Read the glossary and see if you can explain every term in your own words without looking at the definitions. If you can't, do a deep dive into the concept.
There's a couple of ways to get the most out of this book other than reading it. First, save every link in the book and research the content.
Second, the glossary is so useful. Read the glossary and see if you can explain every term in your own words without looking at the definitions. If you can't, do a deep dive into the concept.
January 8, 2021
It’s ok.. rather high level, no in the weeds stuff .. I like to take notes and have follow ups from books and I had very few from this. It’s more explaining what red and blue and purple teams do and industry jargon. It’s an ok read for a beginner.
February 10, 2021
very useful
This entire review has been hidden because of spoilers.
October 16, 2021
A great intro as to the education required for a pentester
October 31, 2021
it is not really a book but rather a brochure with a medium-level quality of content
December 5, 2021
Många bra pekare till resurser och riktlinjer för hur man ska gå vidare om man vill jobba med pentesting.
July 20, 2022
Good entry-level information for someone interested in getting into pentesting.
October 24, 2022
Great starting point, beginner level.
January 15, 2023
This was a very well-written book on the subject. I listened to the audio version, and I can imagine how better the book would be with the images in it.
February 16, 2023
This is definitely a must read book for any beginner who is skeptic on how start a career in this field!!
Read
April 14, 2023Excellent! Great tips on getting into pen testing and Phillip Wylie is at the top of his game!
June 3, 2025
excellent book!
January 10, 2024
This book provides an accessible overview, highlighting numerous resources for those aspiring to become ethical hackers. It serves as an excellent starting point, enabling readers to navigate the world of cybersecurity careers and assisting in the development of a roadmap to secure a job in the field.
Displaying 1 - 19 of 19 reviews