I'm a professional copywriter with 15+ years of experience. My "day job" consists of me writing persuasive content for manufacturing companies that sell their products (e.g. blog posts that rank well in Google for long-tail keywords, case studies, and internal product pages).
That said—I have decided to take it upon myself to "self study" and learn pen testing at night. The goal is to spend 1-2 hours every weeknight (weekends too?) going through the lessons at TryHackMe and other free online resources.
I'm currently treating this repo as a place to verbally vomit what's on my mind. Do not expect to find pitch-perfect grammar/etc. I'm not getting paid to write this.
I have been led to believe that my background as a freelance copywriter and knowledge of SEO (moreso my server/website/web app experience) will be a benefit as a pen tester. I also have AI experience. Two years ago I built a ~$25k server that consisted of seven 4090s, ROMED8-2T motherboard, 512Gb DDR4 RAM, and an EPYC CPU. I also fine-tuned a few AI models for copywriting purposes. I assume that could be a potential advantage as well.
I'm using this blog as part motivation and part documentation to prove to any future employers/colleagues/etc that I know my shit. Of which I currently don't know my ass from a hole in the ground when it comes to pen testing.
I am currently considering IoT pen testing for manufacturing companies (I was a Sr. Buyer for many years at a mfg company). However, that could (and will?) change as the months and years go by. Or not.
I'm giving myself 3 years on the short end and 5 years on the long end to learn enough such that I can take the various certification tests (OSCP, CEH, GPEN, CIoTSP, ETSI EN 303 645, IEC 62443, and UL 2900, etc). I highly doubt 3 years is enough time of self study and even 5 years is probably too short to get all those certs.
However, I am treating this journey as a marathon vs. a sprint wherein I study every night and progress at my own pace.