How I Earned OffSec’s Certs In One Year

Summiz Holo

Muhammad's decade-long journey from game hacking to penetration testing, passion-driven cyber security exploration, and the pursuit of challenging OffSec certifications

• Muhammad has been in the cyber security field for over 10 years, starting from game hacking which led him to programming and penetration testing.
• He initially pursued cyber security as a passion rather than a career, unaware of job opportunities in the field, particularly in Egypt.
• Muhammad became interested in OffSec certifications after realizing they present a challenging opportunity for growth in offensive security.
• He scheduled his first OffSec exam on the same day he started his subscription to push himself to adapt to time constraints.
• The most challenging certification for him was the 'Ed like play development,' which required deep understanding and took him around two and a half months to study and practice.

Exploit development as a complex transition from user to creator requiring reverse engineering, system internals mastery, and error message comprehension

• Exploit development is considered level two of hacking, requiring knowledge of reverse engineering and vulnerability discovery.
• Developing exploits involves a deeper understanding of system internals, such as Windows API and assembly language.
• Transitioning from using exploits to developing them presents a challenging mindset shift, requiring self-guided learning and research.
• The feeling of writing an exploit provides a profound understanding of the subject matter, described as powerful and rewarding.
• Frustration is common during the learning process, but scheduling exams and finding alternative ways to understand difficult topics can help mitigate this.
• Understanding every part of an error message is crucial for learning, rather than glossing over it.

Persistence in problem-solving, transferable skills in cybersecurity, diverse mindsets in penetration testing, leadership through hacking lessons, and applying a hacker's mindset to everyday understanding

• The speaker emphasizes the importance of persistence in solving challenging tasks, stating they took a break to return with a new perspective.
• The speaker finds that all areas of study are transferable in cybersecurity, but highlights OCP, OA, and OCD as particularly useful in real-life applications.
• Leading a penetration testing team requires understanding that pentesters have different mindsets compared to ordinary employees.
• The speaker applies lessons from learning hacking to their leadership role, encouraging team members’ skills and fostering their passion.
• The speaker's approach to problem-solving extends beyond work, as they apply a hacker's mindset to understand how everyday things are built.

Embracing a Try Hard Methodology, Learning from Failure, and Mastering Cybersecurity Tools through Persistent Problem-Solving

• The importance of a 'try hard' methodology in problem-solving and hacking, where one learns by attempting to solve complex problems without prior knowledge of the solution.
• Acceptance of failure as a learning mechanism, emphasizing the need to view challenges from different perspectives and not give up easily.
• The OffSec courses require a different approach compared to ordinary courses, focusing on persistent practice and problem-solving.
• A deep understanding of tools and systems is crucial in cybersecurity, rather than just running tools to achieve results.

Deep comprehension of cybersecurity tools and attacks, distinct research methodologies, diverse field exploration, certification exam preparation strategies, and personalized burnout management techniques

• Understanding the underlying mechanics of tools and attacks is crucial for effective penetration testing and adapting to different scenarios.
• Research in cybersecurity differs from penetration testing; it requires a deep understanding of each component involved.
• The speaker has experience in multiple areas of cybersecurity and expresses a desire to explore more fields, including cloud penetration testing.
• Preparing for certification exams involves solving challenges, utilizing resources like Proving Grounds, and carefully reading the exam guide.
• Dealing with burnout varies by individual; taking breaks and learning new things can help alleviate burnout, while accepting it is important.

Career focus through acceptance of limitations, balancing study to prevent burnout, navigating pentesting challenges, adapting research strategies, delivering actionable client value, and understanding security postures

• Accepting that you can't be the best in every domain allows you to focus on what advances your career or interests you.
• Burnout often results from feeling powerless and frustrated when studying without balance, not from working less.
• Understanding your job and accepting challenges in pentesting can help you navigate frustrations and improve your skills.
• Researching and adapting during pentesting engagements is crucial, especially in areas with limited resources.
• Providing value to clients doesn’t always mean finding vulnerabilities; it's about offering actionable next steps based on your findings.
• Not finding vulnerabilities can still be a success if you help clients understand their security posture and next actions.

Demonstrating pentesting effort through relationship building, consultancy, and exam readiness amidst personal challenges and minimal sleep

• You can't prove a negative in security, but you can demonstrate effort by showing different techniques and time spent on testing endpoints.
• Building relationships is important in pentesting, allowing for discussions on findings and detection methods even if no vulnerabilities are found.
• Pentesting is not just about finding vulnerabilities; it involves consultancy and providing best practices to clients.
• You don’t know for sure if you’re ready for an exam, but solving challenges can indicate readiness.
• The structure of challenge labs in courses reflects the structure and complexity of the exams.
• Completing five certifications in a year is feasible; the speaker finished all specifications in 10 months.
• Personal circumstances, like marriage and having a baby, can impact the time taken to complete certifications.
• The speaker managed with only four to five hours of sleep while preparing for the exams.
• Some breaks were taken between the hardest courses, but generally, the speaker pushed through with minimal downtime.

Chess dedication parallels cybersecurity adaptation, API pentesting's connection to application vulnerabilities, evolving AI and machine learning in pentesting, and the continuous learning journey in cybersecurity

• The dedication required in chess mirrors the thought process and adaptation needed in cybersecurity and hacking.
• API pentesting is closely related to application pentesting due to the prevalence of API vulnerabilities in various applications.
• AI and machine learning in pentesting are still developing, with many vulnerabilities identified but not fully explored.
• The speaker emphasizes that everyone in cybersecurity, including experts, is still learning and should avoid burnout.