top of page

My Journey into Ethical Hacking: Breaking In the Right Way

jvasquez7966
Mar 52 min read

Introduction

For years, I’ve worked in cybersecurity, focusing on governance, risk, compliance, and application security. But as the industry evolves, so do my interests. Now, I’m making the leap into ethical hacking, pursuing hands-on security testing, red teaming, and penetration testing.

Why Ethical Hacking?

Working in cybersecurity has given me a solid foundation in security controls, compliance frameworks, and risk management. But I’ve always been drawn to the offensive side—understanding vulnerabilities from an attacker’s perspective and using that knowledge to strengthen defenses.

Breaking into systems legally and ethically to help organizations improve their security posture is where I see my future. I want to move beyond compliance audits and security governance to active testing and real-world exploitation scenarios.

My Plan: Certifications & Skills Development

To formalize my knowledge and gain hands-on skills, I’ve built a roadmap for myself:

  1. Currently Studying: Practical Junior Penetration Tester (PJPT) – A great entry point into penetration testing that focuses on real-world scenarios.

  2. Next Up: Practical Network Penetration Tester (PNPT) – This certification will validate my ability to conduct external and internal assessments, pivot in networks, and deliver professional reports.

  3. Final Goal: Offensive Security Certified Professional (OSCP) – The gold standard in penetration testing. Achieving this will prove my ability to handle complex exploitations under pressure.

These certifications, combined with my existing security experience, will help bridge the gap between my GRC background and offensive security.

My Background & Transition

I’ve spent years working in security, from risk assessments and compliance to cloud security and application security enablement. My experience includes:

  • Leading Application Security Enablement at Discover Financial, where I helped reduce open-source vulnerabilities.

  • Conducting Security Compliance Audits to ensure organizations meet regulatory standards like NIST, PCI DSS, and SOC 2.

  • Working with SIEMs, Cloud Security Tools, and Automation to improve threat detection and incident response.

  • Technical Experience with Scripting, Network Security, and Risk Assessments that provides a strong foundation for penetration testing.

Now, I’m shifting gears to use my technical skills in a more offensive role. My background in security governance, combined with hands-on hacking skills, will allow me to approach security from both sides—identifying and exploiting vulnerabilities while ensuring businesses remain compliant and secure.

What’s Next?

As I progress through these certifications and continue hands-on practice with CVEs and real-world exploits, I’ll be documenting my journey here. Expect write-ups on labs, CTF challenges, and insights into transitioning from GRC to ethical hacking.

This is just the beginning. Breaking in—ethically—is the goal.

Connect With Me

I’d love to network with others in the field! If you're also on the journey into ethical hacking, feel free to reach out on LinkedIn.

 
 
 

Comments

bottom of page