The nuggets were from HD More. The creator of Metasploit...... Let me copy and past what I asked him and what he responded: ME--> Hello Mr. Moore, thanks for connecting on LinkedIn. I understand you have tremendous demands on your time, and if you don’t have time to respond, no problem. But if you do, even a sentence would mean a lot to me. I am a n00b into the world of PenTest & in disparately looking for some guidance. If you would to start all over again in Cybersecurity (Pentester) where would you begin? How would you go by getting that first Pentest job? HIM --> Hello! Thanks for reaching out. Most security roles depend on having extensive skills elsewhere first; I started off writing lots of (bad) web applications and continue to balance development work and system administration with security work, as you can't do security work without the dev/admin experience, and its hard to be good at dev/admin work without security experience as well. If you are looking for a pentest job, the route depends on what you already know. If you can write code, start to focus on code auditing, and identifying common security issues. If you do admin/devops/etc work, focus on auditing cloud environments and identifying common mistakes with key management or AD configurations. If you dont do networking, admin, or development work today -- you are going to have a hard time with security work, as every task you work on assumes you know how something was built and how it is operated first. I see the certificate alphabet in your profile - certs (outside of GPEN/OSCP/CREST) are mostly worthless for interviews with pentest firms. They help with broader consulting orgs (E&Y, etc), but folks like NCC and Atredis care what you can do and want to see proof of that (open source, previous advisories, writeups, etc), not a list of certs. Anywho - feel free to reach out by email if you have additional questions (REMOVED IT) - Bug bounties are a great place to start these days if you don't have an existing portfolio or experience doing pentests.