Do you want to break into penetration testing but don’t know where to start?

You feel that urge to do something, but you always end up watching random YouTube videos, downloading Kali Linux, and feeling like you are getting nowhere.

In cybersecurity, a lack of direction is more dangerous than a lack of knowledge.

I am going to be honest with you. I am not a penetration tester. I am a Cybersecurity Manager.

But I have worked alongside pentesters. I have interviewed candidates for offensive security roles. And I have studied this path carefully enough to know exactly what separates the people who break in from the ones who stay stuck.

This is the study plan I would follow if I had chosen this path.

Penetration Testing (Offensive Security)

Penetration testing is one of the 5 cybersecurity paths you can choose.

If you are not familiar with the cybersecurity paths, read this first:

👉 How to Choose the Right Cybersecurity Role Before You Waste Time and Money on the Wrong Certifications

But before you deep-dive into the materials I am about to provide, make sure this path is really for you.

You do not want to waste weeks and months learning things that will not get you any closer to your goal.

It is a great fit if you:

• Enjoy thinking like an attacker - finding weaknesses before others do

• Like structured problem solving with clear objectives

• Are comfortable going deep into technical detail

• Enjoy learning how systems actually work under the hood

• Have patience for long, methodical investigation

Be honest with yourself:

• Penetration testing is not beginner-friendly

• Most entry-level roles require at least some IT or networking background

• You will spend months building foundations before touching offensive tools

• The learning curve is steeper than almost any other cybersecurity path

But don’t get me wrong here. I am not saying it isn’t worth it! All I am saying is you need some IT experience first!

The Decoded Security Penetration Testing Roadmap

This roadmap has three main goals.

First, make sure you understand the cybersecurity fundamentals that underpin everything in offensive security.

Second, make sure you understand how systems and networks actually work, because you cannot attack what you do not understand.

Third, force you to practice in real environments, not just watch tutorials.

What is your target role? Let me know in the comments and let’s discuss your next steps!

Here is the exact roadmap I would follow if I had to start from scratch.

Step 1: Build the Right Foundation

Before you touch a single offensive tool, you need to understand how cybersecurity actually works.

Most beginners skip this step. They download Kali Linux on day one and wonder why nothing makes sense.

Do not make that mistake.

Make sure to understand these especially:

1. Threat ≠ Risk ≠ Vulnerability: Why CISSP Basics Matter More Than You Think

2. Cybersecurity Controls from Zero to Hero

3. The Psychology of Hacking: Why Smart People Fall for Dumb Scams

4. 6 Myths That Are Killing Corporate Cybersecurity

Step 2: Master Networking and Systems

You cannot hack what you do not understand.

Every penetration tester needs a deep understanding of how networks and systems communicate. This is not optional. It is the foundation of everything.

Focus on:

Networking fundamentals

• This Is How I Explain DNS To Beginners

• Top 5 Most Important Network Protocols for Cybersecurity Beginners

• This Is How I Explain Subnetting To a Beginner

• Why Most Beginners Don’t Understand How Networks Actually Work

• 7 Networking Questions That Instantly Expose Beginners in Cybersecurity Interviews

Linux - non-negotiable

• This Is How I Explain Linux To a Beginner

• Top 5 Linux Commands for an Entry-Level Cybersecurity Role

Cryptography basics

• Symmetric vs Asymmetric Encryption

• Digital Signatures Explained

• [This Is How I Explain PKI To a Beginner] - will be published soon!!

Attack techniques

• This Is How I Explain The Man-in-the-Middle Attack To a Beginner

• How Phishing Works in 5 Steps

• The QR Code Trap

Do you struggle with any of these concepts? Comment the one you don’t understand and I will break it down for you.

Step 3: Get Your First Certification

Most people ask the wrong question: “Which certification should I get?”

The right question is: “Which certification fits where I am right now?”

For penetration testing, here is the honest order:

Start here: eJPT (eLearnSecurity Junior Penetration Tester)

Free to study. Practical exam. Actually tests whether you can do the work, not just memorize definitions. This is the most realistic first certification for this path.

Then: CompTIA PenTest+

Widely recognized. Good intermediate step. Bridges the gap between foundational knowledge and hands-on offensive work.

The goal: OSCP (Offensive Security Certified Professional)

The industry standard for senior offensive roles. Do not attempt this first. Attempt it when you are ready - but consider attempting it earlier than you feel comfortable. Passing OSCP before you have extensive experience sends a signal that nothing else on this path does.

Read the full certification breakdown here: 👉 Stop Buying Random Certifications. Here’s Exactly Which One You Need Based on Your Path

Step 4: Practice in Real Environments

Reading about penetration testing will not make you a penetration tester.

You need to practice. Every day. In real environments.

Here are the free platforms I would use:

TryHackMe - Start here. Guided learning paths with real machines. The most beginner-friendly platform on this list. Complete the “Pre-Security” and “Jr Penetration Tester” paths first.

OverTheWire: Bandit - Teaches Linux command line through puzzles. Surprisingly fun. Surprisingly hard. Do this alongside TryHackMe.

HackTheBox - More advanced. Move here once you are comfortable with TryHackMe. The machines are harder and less guided.

The rule: One hour of practice every day beats five hours on weekends. Consistency matters more than intensity.

Do you struggle with any of these platforms? Comment below and I will point you to the right starting point.

Leave a comment

Step 5: Build a Portfolio

This is the step most beginners skip. Do not skip it.

A penetration testing portfolio proves you can do the work before you have a job to prove it.

What to include:

• CTF writeups - document every challenge you solve on TryHackMe and HackTheBox. Explain what you did, why you did it, and what you learned.

• Personal lab - set up a home lab with VirtualBox or Docker. Document your setup.

• A GitHub profile - publish your scripts, notes, and writeups publicly.

• A blog or newsletter - writing about what you learn forces you to understand it deeply. It also makes you visible to recruiters.

Hiring managers for offensive security roles do not just look at your CV.

They look at your GitHub. They look at your write-ups. They look for evidence that you actually do this.

Have you started a portfolio? Comment below and share it. I will give you feedback.

Leave a comment

Conclusion

Most people do not fail in penetration testing because it is too hard.

They fail because they never had a plan.

They download Kali Linux on day one. They watch random YouTube videos. They jump between tools without understanding what they are doing or why.

That is how months turn into years with nothing to show for it.

This roadmap fixes that. It gives you the structure I wish someone had given me when I was learning this field.

It tells you:

• What to learn

• In what order

• And how to actually practice it

You will start thinking like someone who can:

• Understand how systems communicate

• Identify realistic attack vectors

• Build the skills that actually get you hired

You already have the roadmap. Now it is about execution.

See you in the comments.

Thank you for reading Decoded Security!

Erich

Comment your target role and your current level. I will give you your next step.

💬 Which step feels most challenging right now? Comment below - I read every response.

Leave a comment

Let’s Connect

If you want to collaborate, discuss, or just geek out over networking and cybersecurity, reach out:

Email: erich.winkler@decodedsecurity.com
LinkedIn: Erich Winkler
Gumroad community: Decoded Security
Start Here: Decoded Security Roadmap

Enjoyed this article? Like it or drop a comment. I’d love to hear your thoughts and questions!

Let’s learn and grow together!