ECHOBUBBLE

My Penetration Tester Roadmap 2025

By: Abe

The road to an offensive security researcher is no easy feat. This roadmap is what I’m currently aiming for this year to help hone my skills.

Goals:

• Reach GURU rank on HackTheBox.
• Find some VDP bugs purely for the experience.
• Any or all of the following certifications listed below.
  • (List is subject to change)
    
    

Certifications for 2025:

• OSCP/OSCP+
  • The classic “HR bypasser” certification that is exactly that, a golden ticket to throw yourself into the deep end of the cybersecurity pool. It’s rare, but the OSCP (now the OSCP+) could be the very thing that lands you an interview or at the very least prepare you for a hiring test. The exam itself requires 24 hours of your time and some intermediate knowledge of penetration testing. The “downside” of this certification is primarily the price. It’s around ~$1600. Some important things to consider too is the learning material, which is said to be lacking in providing extensive information needed for actually tackling the exam. On top of that, many takers have warned others about the frequent need to reset Offsec’s machines during the exam for services to work properly in the labs. This can waste valuable time in getting points down or writing out the report.
• CPTS
  • In order to take this exam you must first complete all of the HTB academy modules for the CPTS job-role pathway. This helps prepare you even if you think you’re skilled enough. I want to say that this should be a gold standard approach to a pentesting certification. This certification is currently underappreciated by HR, mainly due to it being new to the scene. Currently there are only a handful of jobs springing up that are including the CPTS. HackTheBox guys aren’t playing here however. The exam is 10 days of pure hands-on carnage at around ¹⁄₃ the price compared to the OSCP. The exam is meant to simulate an actual IRL engagement with extensive report writing. The material supplied for the CPTS has everything you need to pass and even get started on the HTB platform. My only gripe with this cert is how cheating is easier and can go unnoticed due to it not being proctored like the OSCP…another possible reason why this cert is having a hard time getting any HR attention.

Anything beyond this point should be focused on specialization on a particular area of cybersecurity such as:

• CAPE
  • HTB Certified Active Directory Pentesting Expert
• CWEE
  • HTB Certified Web Exploitation Expert
• OSWE
  • OffSec Web Expert
• OASP/OAWSP
  • Offensive Azure Security Professional
  • Offensive AWS Security Professional
    

Random closing thought

Currently I’m quite interested in using Go for just about everything. The language has really grown to rival to Python/Bash in terms of scripting nowadays.

[Last updated: February 11, 2025]