This post is all about my journey through the eJPT (eLearnSecurity Junior Penetration Tester) certification, my personal experience preparing for and taking the exam, and some key takeaways for anyone eyeing a career in penetration testing.
My Background
Before taking the eJPT, I laid my foundational knowledge through the Junior Penetration Tester pathway on TryHackMe. Additionally, I completed about one-third of the Certified Penetration Tester pathway on HackTheBox Academy, which further honed my skills. These platforms were instrumental in getting me accustomed to various tools and techniques in a hands-on manner. If I had to recommend one platform over the other, I would recommend HackTheBox Academy. I would describe the material at HackTheBox Academy as all-encompassing – it leaves nothing to the imagination. A bit of a warning, even though they have beginner modules, some of the material can be a bit advanced, so be prepared for lots of Googling.
The eJPT Experience
The eJPT is designed to test your skills in a practical environment, focusing on the basics of penetration testing. What I appreciated most about this exam was its emphasis on real-world scenarios, which involve a lot of enumeration. A lot of the questions on the exam were questions you had to enumerate to receive, which I believe is very realistic. Another thing I appreciated about the eJPT exam was its emphasis on a foundational understanding of concepts rather than obscure trivia. this approach made the exam feel relevant and practical, akin to the real-world situations I encounter in my job.
Completing the exam in about 5 hours, a sense of accomplishment washed over me. Being my first certification, it was gratifying to see the direct application of my learning and practice. However, it also led me to reflect on the scope of the exam. While it was a great experience in testing foundational skills, I realized that the real world of penetration testing is much broader, with tools and techniques that go beyond what the eJPT covers.
Advice for Aspiring eJPT Test Takers
- Trust the Material: One key piece of advice I can offer is to trust the material provided by INE. It’s comprehensive and tailored to give you all the knowledge you need for the exam. I focused solely on these materials and found them more than sufficient. Spend quality time with the learning material, understanding each module. Don’t just skim through; ensure you grasp the concept thoroughly.
- Understand, Don’t Memorize: Grasping the underlying concepts is vital. Instead of rote memorization, aim to understand the ‘why’ and ‘how’ behind each technique. This understanding is what will enable you to tackle unexpected challenges.
- Stay Calm and Focused: During the exam, it’s important to stay calm and methodical. If you hit a roadblock, take a short break, then revisit the problem with a fresh perspective.
- Hands-On Practice is Key: Although it’s not necessary to use outside platforms to pass the eJPT, platforms like TryHackMe and HackTheBox offer a more holistic approach to learning penetration testing, beyond just using Metasploit.
- Get Comfortable with Common Tools: Familiarize yourself with tools commonly used in penetration testing, such as Nmap, Wireshark, and Metasploit. While the eJPT might not require advanced usage of these tools, understanding their basic functionality is important.
- Join Online Communities: Engage with online forums and communities related to penetration testing and cybersecurity. They can be great resources for advice, study tips, and moral support.
Would I Take the eJPT Again?
Passing the eJPT was definitely a boost to my confidence, but I’ve got to be honest: the learning material’s heavy focus on Metasploit felt a bit narrow and unrealistic. In my role as a penetration tester, I find that relying solely on Metasploit isn’t reflective of the real-world scenarios I encounter on the daily. The field of penetration testing is vast and diverse, and while Metasploit is a useful tool, it’s just one piece of the puzzle.
A complaint I heard from a colleague of mine who also decided to embark on the eJPT was that he was disappointed he could not solve the challenge labs without first watching the video because there was no discussion of what the lab was to cover unless you watched the video. This would result in someone having to complete a full enumeration of the lab, potentially being led down rabbit holes.
For those serious about a career in penetration testing, I recommend setting your sights on the OSCP (OffSec Certified Professional) from the start. The OSCP provides a more comprehensive and realistic experience of what penetration testing in the real world is like. It challenges you to think outside the box and not rely too heavily on any single tool, like Metasploit.
While I’m proud of passing the eJPT, my professional experience as a penetration tester has shown me the importance of a broader skill set that the OSCP exam can provide. If you’re venturing into the world of cybersecurity, consider where you want your skills to take you and choose your certifications accordingly.
