Hacker

8 min read

From Physics Student To Red Team Consultant: Josiah Beverton’s Story

Learn how Josiah Beverton went from a physics student infatuated by cybersecurity to a professional penetration tester with experience in Blue and Red Team roles.

Tom00000 &  b3rt0ll0, Jun 16,
2022

Josiah Beverton is one of our community's many success stories. Josiah studied physics at university before moving on to Tesco as a Scrum Master and then, later, ATOS as a Security Analyst. 

His commitment to professional development and learning through Hack The Box helped him refine his offensive security abilities and land his first role as a Penetration Tester. He continues to develop his skills through the platform and is now part of the Red Team at Mandiant.

(Note: We also interviewed Josiah’s hiring manager to learn how his organization found and decided to employ him - whilst saving “around £8,000 in potential agency recruitment fees.” You can read it right after Josiah’s interview below.) 

How did you get into learning cybersecurity while studying another subject? 

I decided to learn cybersecurity in my spare time after noticing a post about it on our university job board (I studied Physics at the University of Durham). 

Initially, my learning materials focused more on system administration as opposed to practical cybersecurity.

I had no idea of the first steps to take or how to advance my knowledge, so I started with whatever I could discover on the internet. This is how I discovered Hack The Box. 

It gave me a way to develop my practical knowledge of the subject whilst also having fun. I eventually decided to pursue cybersecurity as a career after the enjoyment I got from my research and through playing Hack The Box. 

Programming and networking are two of the most fascinating disciplines with which I had the opportunity to become acquainted during my undergraduate years. I wanted to continue honing my talents and find a job in the industry after graduating.

What struggles did you face while trying to enter the cybersecurity field?

As a graduate with no prior experience or hands-on training, I quickly realized that landing the first cybersecurity job was challenging. Practicing what I learned was also difficult. 

Online resources like blogs, magazines, videos, etc. existed in 2016, but accessible hands-on training platforms to help you apply and sharpen your practical skills were scarce. 

Fortunately, the cybersecurity community has always been supportive. Thanks to numerous threads and discussions on Reddit and other forums, I was able to identify practical resources to develop my skills. 

Downloading virtual machines (VMs) was time-consuming and inconvenient at the time, but it was still a great opportunity to train. I am pleased that hands-on training is now so accessible and straightforward to implement, making it simple for anyone interested in cybersecurity to get started.

What do you think helped you get a job?

Hack The Box has been a key asset to my cybersecurity career!

This is because, as I mentioned, learning cybersecurity can be challenging in the early stages. It’s a combination of understanding theory and having practical know-how, which takes time to develop. 

HTB sped up my skills acquisition by connecting theoretical knowledge with hands-on practical machines that tested me. 

When I joined the platform there were 18 machines available! I started off with the easiest and avoided the harder ones on purpose, I was intimidated. Solving the first machine was a huge turning point for me; the confidence I gained helped me progress to attacking harder machines and sharpening my abilities.

Today, I find the community on Discord to be extremely supportive. You can learn from other students and ask for help when you get stuck or feel discouraged. 

Finally, the HTB Career Portal gave me, and I am sure thousands of other users, the opportunity to get in touch directly with businesses that are hiring for cybersecurity positions. 

I was lucky enough to land my first penetration testing job at Context Information Security, which allowed me to put into practice what I had been learning on the platform and kickstart my career. 

Now that you work in cybersecurity, how do you keep yourself trained and up-to-date? 

I continue to stay threat-ready by practicing with HTB. Pro Labs are great, my favorite is Offshore. 

I play both retired and active machines because you can review solutions to improve your perspective and learning experience. I also read blogs as I prefer to consume written content over video.

There are a lot of smart people in the hacking community producing great videos and written content. Finding the info you need to become better at what you do is just a matter of browsing the web and identifying the approach or medium of content you prefer. 

What’s your best advice for anyone looking for a job in cybersecurity?

To be honest, continuing to enhance your skills and staying current is critical. Your hard work will be rewarded in the long run. 

If you want to work as a penetration tester, you'll need to make a habit of closely checking the news for new vulnerabilities or exploits. 

For anyone thinking about a career in cybersecurity, it's important to obtain a solid grasp of the fundamentals and how things actually work. This will help you later on in your career and ensure that you aren't just reliant on tooling.

My biggest tip is to ensure that you are genuinely interested in the field you want to work in. Then share that passion with anyone you come into contact with. 

Hiring Manager - Tom Williams - Hack The Box

The Hiring Manager Perspective

Hiring good penetration testers and red teamers is both challenging and expensive. How do companies find, attract, and retain cybersecurity talent in today's job market?

Revealing “the other side” of Josiah’s story, we interviewed Tom Williams, the former Principal Consultant at Context Information Security (who hired Josiah using Hack The Box's Talent Search service) to find out. 

How would you normally recruit members for your team?

We previously depended heavily on recruitment agencies and this was an incredibly expensive way to recruit. Further, recruiting this way meant that we tended to see profiles that were almost an exact copy of one another (similar certifications and experience levels). 

There wasn’t anything wrong with this directly. Benchmarking in this way was how recruiters used to guarantee (as best they could) a certain level of aptitude.

However, we felt as though we were missing out on an addressable section of the market that maybe did not have these certifications, and may also be on a completely different career path. 

Certifications are earned at a point in time, so when you’re relying solely on them to gauge competencies it's harder to identify passionate candidates. Viewing their Hack The Box profile helps by showing you who is actively studying and practicing with no immediate incentive to do so. 

We also felt that broadening our recruitment options would ensure we got the most value from partner recruiting agencies; they could focus on niche roles that are harder to fill. 

How was the process of hiring through HTB? 

We finally were able to target an audience that exactly matched the type of skills we were seeking. There aren’t any other credible job boards that specialize in penetration testing, Red Team, or just focusing on cybersecurity roles.

Why should companies grow their cybersec team with HTB? 

Hack The Box offered us the opportunity to post jobs directly to a community of hackers. 

We got access to profiles that are non-traditional, this broadens your perspective and opens up a whole new addressable market of skilled candidates. 

Filtering by rank provided an indication of capability. It’s how we found Josiah, who was working in a Blue Team role at the time. His profile likely wouldn’t have reached us via a recruiting agency because it did not meet the typical criteria. 

Not only did we unearth a real gem in Josiah - who went on to become a great asset to the company and is continuing to go from strength to strength in his career - we also saved around 8,000 GBP in potential agency recruitment fees for hiring someone with Josiah’s capabilities.

Tips for other hiring managers/team leaders/recruiters hiring for the same role? 

Be open to profiles from outside the industry who have proven themselves on the HTB platform. They may bring highly relevant skills, capabilities, and perspectives from elsewhere in the job market that diversify and strengthen your cyber security function.

Hack The Box - Talent Search

Hire and get hired for cybersecurity positions with HTB

More than 150 open job opportunities are now open on the Hack The Box Career Portal

Aspiring hackers can apply directly to roles posted by companies worldwide such as Amazon Web Services, NTT, Verizon, Daimler, DAZN, Context Information Security, and more.

At the same time, organizations can access a growing pool of talented individuals and look for their next cybersecurity star hire. Our new and revamped Talent Search helps recruiters find the perfect candidate more quickly and confidently than ever.

Talk to our team to start using HTB Talent Search

Hack The Blog

The latest news and updates, direct from Hack The Box