From wannabe hacker to Penetration Tester & Security Consultant

Everything started in 2009 when I first heard of Ethical Hackers. My first employer hired them for a penetration test.

I later read their report and was fascinated by how smart those guys are. Anyway, time passed. More or less five years until I read about Hacky Easter Adventure 2014 starting March 26th, 2014. I remembered those "smart Hackers" so I joined Hacking-Lab to see what this event is all about.

24 Easter eggs are waiting for you. To find them, you'll need to solve hacking challenges.
The Easter eggs contain a QR code - scanning it with the Hacky Easter app will submit your solution to the server and increase your score.

That sounded interesting, so I started to try to solve some of the challenges. I was able to solve around half of the eggs. After the event, I read with interest, about the challenges I wasn't able to solve in the solutions document. I learned a lot and planned to join the next event from Hacking-Lab. After a short period, I received an email from Hacking-Lab. The next event will be Swiss Cyber Storm 2014 Online Qualifying May 21st.

Swiss Cyber Storm is seeking for the top cyber talents. On November 3rd, 2014, the Swiss team will travel to Fürstenfeld, Austria to fight against the teams from Austria and Germany.

That sounded like an excellent chance to recheck my skills. Again I spent a lot of time on those challenges. I read a lot and learned an incredible amount of new stuff. From all people doing the online qualification, I ranked under top 20 and was thus invited to participate in the onsite qualification for the Swiss team to travel to Austria. Onsite I was not ready (did not qualify) to be part of the Swiss team but again I learned a lot of new stuff regarding security and hacking. I met new people from all over Switzerland. I felt awesome!
It was clear to me, to try again next year. I wanted to be part of the team so hard; I invested hours and hours in learning. I joined different platforms and tried to solve challenges.

The year went by, I qualified (top 20) again and was finally ready for the Swiss team. 1 out of 10 people having the privilege of representing Switzerland at the European Cyber Security Challenge. I was pleased. The experience was great.

ECSC 2015: Our hard work paid out. We won the bronze medal.

2015 was great for me. I met awesome people, learned a lot of new things, newspapers and tv stations reported about me. I technically stepped up a level as well as mentally.

During 2016 it was the same. I read, tested, built, destroyed, hacked a lot of stuff together with new friends. I participated in HackyEaster and HACKvent and again managed to be part of the Swiss team for ECSC 2016.

ECSC 2016: I had the honor to lead the team in Düsseldorf (Germany).

In Düsseldorf 10 Nations took part. Every team had their server with specific vulnerabilities placed by the Hacking-Lab staff. On the one hand everyone had to attack servers and services from other teams, and on the other hand, the teams had to patch vulnerabilities, decipher hidden messages and solve difficult hacking challenges.

ECSC 2016: Switzerland ranked on 7th place.
Again it was a great time.

2016 was the year, I and some friends founded sw1ss. A Swiss Capture The Flag team. The team participates in CTFs and publishes write-ups on CTF tasks. From now on I invested even more time in hacking. I couldn't stop. I was kind of addicted to solving technical problems and finding flags. Regarding ECSC, I was no longer entitled to participate as a player. Nevertheless, Swiss Cyber Storm gave me the chance to guide new talents as a coach.
Meaning, 2017 me and Valentin Zahnd coached the Swiss team participating in the European Cyber Security Challenge.

ECSC 2017: The Swiss team including staff, traveled to Málaga (Spain) to participate in the ECSC Final.

During the year I played a lot of CTFs, together with sw1ss. I read books. Regarding HACKvent, I changed from solving to create challenges.

I concluded I'd change from developing TYPO3 solutions to Penetration Testing for some years. I'll try to find a Company that gives me a chance, to prove my skills professionally.

Towards the end of 2017, I applied for a job as IT Security Analyst at Compass Security and was called to an interview. Honestly, I did not prepare myself.
I had to take a test with a given laptop. Right after, around ten people asked me stuff I should know for this position. I did not feel very comfortable. I was not able to answer the questions and felt unconfident.
Two weeks later, I received an answer. Compass Security found someone more qualified for the position. I was disappointed and doubt my abilities. After recovery, I decided to start the OSCP. I had the desire to test my skill again. I wanted to prove myself, that I'm able to do Penetration Tests professionally. Again I began to read new books. I created a blog and set up an efficient infrastructure at home. I made a gameplan for OSCP.

January 2018, a good friend contacted me regarding a vacant position at Oneconsult AG. My fiancée convinced me to try again and apply for the job as Penetration Tester. I learned from my mistakes and prepared myself as good as possible. The interview and test went great. Oneconsult immediately offered me the job. I can't put into words how happy I was. One of the top companies in the security field in Switzerland.
The cherry on top: OSCP is part of the initial training.

Monday I'll start as a Penetration Tester & Security Consultant at Oneconsult AG.
Wish me luck on my new journey.