Interested or Committed

The one thing that changed my life was when I read about interest vs commitment. Too often I hear people wish that things were different, or they want things they will never have or accomplish because they don’t know what it means to be committed to something, so they wander through life like a leaf on a stream never knowing they are holding themselves back and maybe they blame others or circumstance.

This is my reply to someone who asked on Reddit if they should just give up on the OSCP certification.

I’ve been trying to pass the OSCP off and on for the last 9 months. I’ve failed it 3 times, most recently failing last week after going back to the labs and successfully rooting the “hard” boxes. I keep getting closer and closer but can’t root the last box in time.
Since I started the course, I’ve learned more than I ever imagined I would, even going beyond to learn extra things, but it just doesn’t seem like enough. (Before I started I only had about 3 years real experience in IT, but no degree or anything.) I keep getting close but just can’t get over this hump. I’m juggling the challenge with a lot of personal difficulties, and it’s taken a toll on me. I don’t know if I can keep it up. There’s no question that hacking is my passion. It’s what I think about day and night. I even have dreams about coding and things. It brings me joy like nothing else. I don’t know if I can be truly satisfied in life working in any other field. I’ve wanted to be a pen tester since I was a teenager, even started working in IT with that specific goal in mind. “Giving up” isn’t in my nature, but the more I try and fail the more I question if I will have to confront that I’m not fit for this as a profession.
What should I do? I could really use some no-bullshit advice from people already working in the field.

What to do when you feel like giving up? Am I just not cut out for this? from AskNetsec

That tells me that you shouldn’t give up and you should keep trying.

Let me tell you about the revelation that changed my life and led to getting OSCP. Ask yourself if you’re interested or committed. If you’re interested, you’ll make excuses and give up or only do what you said you were going to do when it’s easy or convenient. When you’re committed, you don’t make nor accept any excuses. You’ll find a way to get it done and nothing can stand in your way. It’s a mindset. A few years ago when I was trying to change my life I read about “interested vs committed” and applied it to my life. I stopped sleeping in late and skipping my morning workout. I lost 35 pounds and felt great. I got the CCNA certification that I had been working on for years but never finishing because every time I got close, overtime work would get in the way of studying and I’d put it off.

I got to a point in my career when I realized that all I wanted to do was hack stuff and be a pentester after years of dabbling in it during my IT career. I enrolled in PWK. It was an emotional roller coaster. There were numerous times that I thought that maybe I just wasn’t cut out for being a pentester and I doubted myself. But each time I’d get a good nights sleep and hit it hard the next day and eventually have a breakthrough and root a box in the lab. I was working overtime. I needed some sleep and give my mind a break after an exhausting day at work but I also needed more time for the labs. What did I do? I was committed so I started waking up at 4:30 every weekday morning to work on the PWK lab before work. It didn’t take me 3 tries to pass the OSCP exam, but I did get three lab extensions before I took the test. After each lab time was up I’d take a break for a few weeks to clear my head and focus on learning things that I perceived to be weaknesses then I’d hit the PWK lab again and get further than before.

It didn’t end there. I thought it would be easy getting a pentesting job after getting OSCP. It wasn’t. I wasn’t able to relocate and I was told that nobody wants to let a newbie pentester work remote. Remote work was for experienced pentesters. I didn’t give up because I was committed. I took other security jobs that allowed me to do some pentesting and kept gaining experience. I found 3 zero days in web apps while I was working on sharpening my web app pentesting skills because I knew that was a weakness of mine and I knew that’s where the demand was for pentesting. I added those CVE’s to my resume. I continued to wake up at 4:30 every weekday morning to study, lab, and sharpen my skills. I kept interviewing and failing because I didn’t have consulting experience or I had gaps in my knowledge. Each interview allowed me to realize where I was weak. After each interview I would study and lab more and strengthen those weaknesses. Eventually I was hired to be a pentester. Now I never feel like I’m working because I love what I do. I still wake up at 4:30 every weekday to have quiet time for studying and trying new tools, techniques, and exploits in my lab.

I may never be the smartest person or a rockstar hacker, but I’ll never stop working to improve because I love what I do and I’m committed to it. When I think about retirement, I see myself looking out over a lake view at my laptop and hacking stuff, doing bug bounties instead of bingo.

Are you interested or committed to passing OSCP? Keep on trying harder and best of luck!

(Visited 3,519 times, 1 visits today)

10 thoughts on “Interested or Committed”

  1. Thanks Steve. This is very helpful. I’ve been juggling between my Masters, work and CCNA all together and its been tough. You’ve helped me realize that if I want something bad enough I’ll do what it takes to make things work. Cheers!

    1. At one point I thought I wasn’t going to survive being committed to my goal. I was still in the Navy, waking up at 4 AM to get to work on time, carried a full time college course load at night, worked a part time computer services business on the side, got by on 4 hours sleep every weeknight, and still managed to graduate Magna Cum Laude. I almost collapsed a couple of times from exhaustion. I was getting through each day by drinking energy drinks. It aged me for sure, and helped accelerate the end of my marriage even though the financial problems we were having that prompted me to work so hard were caused by her. Although those trying times are over and I’m in a new marriage, the lessons I learned help me to focus on my goals until I achieve success. It also helps to have a spouse that is appreciative of your hard work and dedication and is supportive. I do have to make sure that I partition work from my personal life. That’s one of the reasons why I still wake up so early. I have time to myself early in the morning to do what I need to do, and I give my family my time in the evening.

  2. Thanks for sharing your experience! I suspect there are many of us who are experienced IT folks who have been trying to “break in” to the pen testing world.

    Your post helps us see that the struggle will pay off if we keep at it!!

  3. Thank you so much for the post Steve. I am about to embark upon this journey and need all of the steam and encouragement I can get! Thanks!

    1. Over the years I had a few mixed security and IT sysadmin/engineer job roles and had done some pentesting as an internal employee. I had also discovered and reported some severe vulnerabilities in some websites. In my spare time I also liked to do Vulnhub challenges. At the time I had that revelation that it was time to go all in to become a pentester full time, I had taken the course for the VMware Certified Professional (VCP) and was studying for the cert exam. I realized that I had zero motivation to study anything not security related, but I ate up reading about everything security and hacking related. I had heard about OSCP via Twitter and Reddit and took the plunge. After that I made the jump to two other security jobs, doing more and more pentesting as an internal employee before getting accepted to a consultant role as a penetration tester.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.