Syllabus for self-studying information security and Pentesting [closed]

manpreet Best Answer 2 years ago

I'm someone who's distant, industry-wise, from technology. I'm actually in the medical field. That said, I'm very interested in technology and specifically in information security.

I'd like to make a roadmap to be a professional Pentester and may eventually switch careers (I'm 20, so that wouldn't be life changing per se), or the more probable possibility to be a professional Pentester of hospital networks and medical services (that way I can work in both jobs which is what I want).

So, as I said, I need to make a syllabus for beginners to professional Pentesting as self-study material for anyone following the same path.

I currently have a plan to study courses in:

1. CompTIA's Linux+

2. Courses on Kali Linux

3. CompTIA's Network+

4. CompTIA's Security+

5. EC-Council CEH

Note that I don't program in any language! Would you suggest adding programming courses, and which one? And how do evaluate this study plan?

Note2: This guide is not personal, it's general for ANYONE starting Pentesting. I hope it doesn't get deleted :(

EDIT FOR MODS:

So to narrow the scope of the question I'll add that this discussion hopes to produce a battery of opinions about the best way to approach Pentesting as a career for someone who doesn't have the ability to aquire a formal degree in the field or in Computer Science. The student/enthusiast will form his own personalized syllabus based on the opinions and experience (((which an outsider like me can't get ANYWHERE else due to not having the exposure to people in this field. I don't think there's one specific answer or one-size-fits-all model to learn any subject, and thus I think this should be open for discussion about experiences in the field and how to go about the path to learn.)))

To narrow it further I personally need to be a network and web apps Pentester. My interest here in these two specialties is derived from the fact that hospital networks are proven (by a security researcher) to be extremely vulnerable. And almost all devices on that network are also vulnerable. There are also some emerging technologies in Medical Social Networks and online medical apps with sensitive patients' data, I see a market or a career for such experience in the medical information field.

So to rephrase: What is a path you, experts, advise an enthusiast to pursue for a career in Network and Web Apps Pentesting?