Post

Earning My TCM Security Practical Junior Penetration Tester Certification

Posted Updated
By Shahzeb Mahmood
3 min read
Earning My TCM Security Practical Junior Penetration Tester Certification

Earning My TCM Security Practical Junior Penetration Tester Certification

I’m excited to share that I’ve recently earned my TCM Security Practical Junior Penetration Tester (PJPT) certification and badge. This has been a significant milestone in my cybersecurity journey, and I wanted to document my experience for anyone considering this path.

TCM Security Practical Junior Penetration Tester Badge
TCM Security Practical Junior Penetration Tester Certificate

Why TCM Security’s PJPT?

After working in DevOps and cloud security for several years, I realized I wanted to deepen my understanding of offensive security. While I’ve been building secure infrastructure and implementing defensive measures, I felt I needed hands-on experience with the attacker’s perspective to become a more well-rounded security professional.

TCM Security’s Practical Junior Penetration Tester certification stood out because it’s entirely practical, with no multiple-choice questions, just real-world penetration testing scenarios. This aligned perfectly with my learning style and career goals.

The Learning Experience

The course material was comprehensive, covering everything from basic enumeration techniques to advanced privilege escalation methods. What I appreciated most was the emphasis on understanding why things work, not just memorizing commands.

Key Topics Covered

  • Network Enumeration: Learning to systematically map out target networks and identify attack surfaces
  • Web Application Security: Understanding common vulnerabilities like SQL injection, XSS, and authentication bypasses
  • Privilege Escalation: Both Windows and Linux escalation techniques
  • Active Directory: Exploring AD environments and common misconfigurations
  • Report Writing: Learning to document findings clearly and professionally

The Practical Exam

The exam itself was challenging but fair. It required me to apply everything I’d learned in a realistic environment, not just regurgitate information. I had to:

  • Perform thorough enumeration
  • Identify and exploit vulnerabilities
  • Document my findings professionally
  • Think critically about attack paths

This hands-on approach is exactly what I needed. It forced me to think like an attacker while maintaining the ethical mindset of a security professional.

Challenges and Growth

One of the biggest challenges was balancing this certification work with my full-time DevOps role and my Master’s studies. Time management became crucial, and I learned to be more efficient with my learning approach.

I also had to push through moments of frustration when techniques didn’t work as expected. Those moments taught me the importance of persistence, documentation, and understanding the underlying concepts rather than just following tutorials.

How This Fits Into My Journey

This certification bridges a gap in my skill set. As a DevOps Engineer, I’ve been focused on building secure systems and implementing defensive controls. Now, with offensive security knowledge, I can:

  • Better understand attack vectors when designing secure infrastructure
  • Contribute more effectively to security assessments
  • Move closer to my goal of becoming a Pentester or DevSecOps engineer
  • Apply red team thinking to improve blue team defenses

What’s Next?

This certification is just the beginning. I’m continuing to practice on platforms like HackTheBox, working through more advanced penetration testing courses, and applying these skills in my current role where appropriate. The goal is to eventually transition into a dedicated penetration testing role or a DevSecOps position where I can combine my infrastructure expertise with offensive security skills.

Advice for Others

If you’re considering the PJPT certification:

  1. Be patient: Practical skills take time to develop. Don’t rush through the material.
  2. Practice regularly: Set up your own lab environment and practice the techniques.
  3. Join communities: Engage with other learners and professionals in the field.
  4. Document everything: Keep notes on what works, what doesn’t, and why.
  5. Stay ethical: Always ensure you have proper authorization before testing any system.

Final Thoughts

Earning this certification has been incredibly rewarding. It’s given me confidence in my practical penetration testing skills and opened up new career possibilities. More importantly, it’s reinforced my passion for cybersecurity and continuous learning.

The journey from DevOps to penetration testing isn’t always straightforward, but each step builds on the previous one. My infrastructure background gives me a unique perspective on how systems are built, which helps me understand how to test them more effectively.

If you’re on a similar path or considering this certification, feel free to reach out. I’m always happy to discuss experiences and share what I’ve learned along the way.

Interested in learning more about my cybersecurity journey? Check out my other posts in the categories section.

Certification, Cybersecurity
tcm certification pentesting cybersecurity learning practical
This post is licensed under CC BY 4.0 by the author.