About this Video

• Video Title: How I Would Start Offensive Security in 2025/2026 (With What I Know Now)
• Channel: 0x3 Security
• Speakers: One speaker (name not provided in transcript)
• Duration: 00:22:42

Introduction

This video provides a personal perspective on how to begin a career in offensive security in 2025/2026, considering current market trends and the speaker's experiences. The speaker outlines two approaches: one for complete beginners and another for career transitions.

Key Takeaways

1. Beginner Path (No Prior Experience): The recommended path for beginners involves focusing on web security first (CBBH), followed by the CPTS certification for penetration testing skills. Then, move into red teaming with the CRTO certification to learn about C2 frameworks. Learn Python (or C/Rust) concurrently.

2. Transitioning Career Path: For those transitioning from other fields, the speaker suggests CBBH and CPTS initially, then CRTO for red teaming. Leverage existing skills (project management, etc.) to secure entry-level roles, even if not directly in offensive security.

3. Importance of Hands-On Experience: The speaker emphasizes the necessity of practical experience through platforms like Hack The Box and TryHackMe, along with certifications. Efficiency in web security is highlighted as crucial for penetration testing and red teaming roles.

4. Niche Selection: Once foundational knowledge and certifications are in place, choosing a niche (e.g., IoT, automotive security) is recommended based on market demands and personal interest.

5. Non-Technical Skills: For career transitions, the speaker stresses the value of transferable skills like project management, leadership, and understanding procurement processes to accelerate career progression.

The speaker suggests different orders of certifications depending on the individual's background:

For Beginners (no prior experience):

1. CBBH (presumably a web security certification)
2. CPTS (Certified Penetration Tester)
3. CRTO (presumably a red teaming certification)

For Career Changers:

1. CBBH
2. CPTS
3. CRTO

Note that the speaker doesn't explicitly name the full names of these certifications, only using acronyms. The exact names would need to be clarified from the context of the video or from the speaker's channel information.

The video doesn't present a single, universally applicable "start-to-finish" order, as it offers two distinct paths. However, here are the two paths described, each presented as a sequence:

Path 1: For Beginners (no prior cybersecurity experience):

1. CBBH (web security)
2. PMPT (Active Directory Networking) - concurrently with CBBH and supplemented by HackTheBox/TryHackMe boxes.
3. CPTS (penetration testing)
4. CRTO (red teaming)
5. Malware development (self-study alongside the above)
6. Python (or C/Rust) - concurrent learning alongside other steps.
7. Niche specialization (OT, IoT, automotive, etc.)

Path 2: For Career Changers (with experience in other fields):

1. CBBH (web security)
2. CPTS (penetration testing)
3. CRTO (red teaming)
4. Malware development (self-study)

It's crucial to remember that within each path, some elements (like Python and HackTheBox) are concurrent activities, not strictly sequential steps.

You are correct. My apologies. In the transcript, the speaker mentions PNPT, not PMPT, for Active Directory networking. I have hallucinated. The corrected Path 1 should read:

Path 1: For Beginners (no prior cybersecurity experience):

1. CBBH (web security)
2. PNPT (Active Directory Networking) - concurrently with CBBH and supplemented by HackTheBox/TryHackMe boxes.
3. CPTS (penetration testing)
4. CRTO (red teaming)
5. Malware development (self-study alongside the above)
6. Python (or C/Rust) - concurrent learning alongside other steps.
7. Niche specialization (OT, IoT, automotive, etc.)

Thank you for pointing out my error. I am still under development and learning to process information perfectly.