The Pentester Blueprint guides readers on how to prepare and enter the cybersecurity filed as a penetration tester aka ethical hacker or white hat hacker. While there are a lot of books about technical tools for penetration testing, The Pentester Blueprint describes the role of a penetration tester, what a pentest entails, and the perquisite knowledge required to start the educational journey of a pentester. The book goes on to detail learning resources and industry certifications that are helpful in becoming a pentester.  The Pentester Blueprint evolved from the author's frequent popular presentations on the same topic at many conferences. 
Coverage includes:

• Foundation - Discuss the foundational perquisite knowledge needed to become a pentester. Discuss the IT basic skills such as operating systems, networking and security needed to be a pentester.
• Hacking skills – Discuss developing hacking skills and the hacker mindset.
• Education options – Discuss learning options such as college classes, security training providers and self-study.
• Education resources – Discuss education resources including; books, videos, conferences and community.
• Certifications and degrees – Discuss credentials useful for gaining employment as a pentester including; degrees and certificates.
• Getting Experience – Discuss methods for developing hacking/pentesting skills such as labs (third party and home), CTFs, bug bounties, pro bono/volunteer work.
• Developing a plan – Discuss how to assess current skillset and knowledge to find a starting place and the perform a gap analysis to develop a learning plan. Discuss goal setting and educational milestones to track progress.
• Getting employed as a pentester – Discuss how to find a job as a pentester through networking, social media and community evolvement. 

PHILLIP L. WYLIE has over two decades of experience working in IT and information security. In addition to working as a penetration tester he has founded and runs The Pwn School Project, teaching ethical hacking. He holds the CISSP, OSCP, and GWAPT certifications. He is a highly sought-after public speaker who frequently presents at conferences about pentesting. He was interviewed for the Tribe of Hackers Red Team book.

KIM CRAWLEY is dedicated to researching and writing about a plethora of cybersecurity issues. Some of the companies Kim has worked for over the years include Sophos, AT&T Cybersecurity, BlackBerry Cylance, Tripwire, and Venafi. All matters red team, blue team, and purple team fascinate her. But she's especially fascinated by malware, social engineering, and advanced persistent threats. Kim's extracurricular activities include running an online cybersecurity event called DisInfoSec, and autistic self-advocacy.

Foreword xvi

Introduction xviii

1 What is a Pentester? 1

Synonymous Terms and Types of Hackers 2

Pentests Described 3

Benefits and Reasons 3

Legality and Permission 5

Pentest Methodology 5

Pre-engagement Interactions 7

Intelligence Gathering 7

Threat Modeling 7

Vulnerability Analysis 7

Exploitation 8

Post Exploitation 8

Reporting 8

Pentest Types 9

Vulnerability Scanning 10

Vulnerability Assessments 10

Pentest Targets and Specializations 11

Generalist Pentesting 11

Application Pentesting 11

Internet of Things (IoT) 12

Industrial Control Systems (ICS) 12

Hardware and Medical Devices 13

Social Engineering 13

Physical Pentesting 13

Transportation Pentesting 14

Red Team Pentesting 14

Career Outlook 14

Summary 16

2 Prerequisite Skills 17

Skills Required for Learning Pentesting 18

Operating Systems 18

Networking 19

Information Security 19

Prerequisites Learning 19

Information Security Basics 20

What is Information Security? 21

The CIA Triad 22

Security Controls 24

Access Control 26

Incident Response 28

Malware 30

Advanced Persistent Threats 34

The Cyber Kill Chain 35

Common Vulnerabilities and Exposures 36

Phishing and Other Social Engineering 37

Airgapped Machines 38

The Dark Web 39

Summary 40

3 Education of a Hacker 43

Hacking Skills 43

Hacker Mindset 44

The Pentester Blueprint Formula 45

Ethical Hacking Areas 45

Operating Systems and Applications 46

Networks 46

Social Engineering 47

Physical Security 48

Types of Pentesting 48

Black Box Testing 49

White Box Testing 49

Gray Box Testing 50

A Brief History of Pentesting 50

The Early Days of Pentesting 51

Improving the Security of Your Site by Breaking into It 51

Pentesting Today 52

Summary 53

4 Education Resources 55

Pentesting Courses 55

Pentesting Books 56

Pentesting Labs 60

Web Resources 60

Summary 64

5 Building a Pentesting Lab 65

Pentesting Lab Options 65

Minimalist Lab 66

Dedicated Lab 66

Advanced Lab 67

Hacking Systems 67

Popular Pentesting Tools 68

Kali Linux 68

Nmap 69

Wireshark 69

Vulnerability Scanning Applications 69

Hak5 70

Hacking Targets 70

PentestBox 70

VulnHub 71

Proving Grounds 71

How Pentesters Build Their Labs 71

Summary 81

6 Certifications and Degrees 83

Pentesting Certifications 83

Entry-Level Certifications 84

Intermediate-Level Certifications 85

Advanced-Level Certifications 87

Specialization Web Application Pentesting Certifications 88

Wireless Pentesting Certifications 90

Mobile Pentesting Certifications 91

Pentesting Training and Coursework 91

Acquiring Pentesting Credentials 92

Certification Study Resources 99

CEH v10 Certified Ethical Hacker Study Guide 100

EC-Council 100

Quizlet CEH v10 Study Flashcards 100

Hacking Wireless Networks for Dummies 100

CompTIA PenTest+ Study Guide 101

CompTIA PenTest+ Website 101

Cybrary’s Advanced Penetration Testing 101

Linux Server Security: Hack and Defend 101

Advanced Penetration Testing: Hacking the World’s Most Secure Networks 102

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 102

Summary 102

7 Developing a Plan 105

Skills Inventory 105

Skill Gaps 111

Action Plan 112

Summary 113

8 Gaining Experience 115

Capture the Flag 115

Bug Bounties 123

A Brief History of Bug Bounty Programs 124

Pro Bono and Volunteer Work 125

Internships 126

Labs 126

Pentesters on Experience 126

Summary 135

9 Getting Employed as a Pentester 137

Job Descriptions 137

Professional Networking 138

Social Media 139

Résumé and Interview Tips 139

Summary 148

Appendix: The Pentester Blueprint 149

Glossary 155

Index 167