
Aug 4, 2020
Starting a Career in Information Security
Considering a career in infosec? Mihai’s experience pursuing the OSCP and OSWE certs can help you determine your next steps. Get inspired with this case study.
A high school student becomes OSCP and OSWE certified to secure future career opportunities.
Editor’s Note: Per our company policy, the minimum age for an Offensive Security student is 18. However, under specific circumstances with parental permission, Offensive Security will waive the age requirement.
We introduced Mihai and his journey to the OSCP certification in December 2019. Now, he has added the OSWE to his list of achievements. As a high school student, Mihai’s work experience is understandably limited. However, that didn’t stop him from finding a way to turn his enjoyment of capture the flag (CTF) contests into career opportunities – even before graduating.
Cybersecurity is a growing field with a massive skills gap. Now more than ever, skilled penetration testers, web application security specialists, and related roles are needed to defend organizations in a world where the pace of change only seems to accelerate.
Whether you’re still in school or interested in making a career change, Mihai’s experience can help you determine your next steps.
Challenge
While it’s possible to enter information security as a self-taught professional, many organizations require proof of skills. Increasingly, the Offensive Security Certified Professional (OSCP) certification is called for in job descriptions for penetration testers.
“The cybersecurity landscape is continuously changing and those who pursue information security as a career when it’s not their passion will find themselves left behind.”
Before tackling Penetration Testing with Kali Linux and the OSCP exam, Mihai’s challenges included:
- Needing more practical, hands-on experience with greater difficulty and structure than was offered by CTF and other practice resources
- Finding a self-paced online course with the right level of difficulty and practical experience
- Being considered too young and inexperienced to know anything about information security
Mihai’s goals were to learn as much as possible about information security, while successfully balancing the rigors of the course with his ongoing school work and extracurricular activities.
Solution
The reputation of the training provider, the instruction methods used, and the amount of practical knowledge offered were important to Mihai as he evaluated his options.
With regard to reputation, he said, “Everyone that I spoke to who has an OffSec certification had only good things to say about the company. From my experience, everyone from OffSec is very friendly and helpful.”
Out of Offensive Security’s course offering, he decided to start with the Penetration Testing with Kali Linux foundational course to develop his penetration testing skills. With more experience, he later went on to specialize in web application security with Advanced Web Attacks and Exploitation.
He selected and returned to Offensive Security as a training provider because he appreciated being able to follow the hands-on coursework in a self-paced manner. With regard to instruction, he liked how the material and instructors would point him in the right direction, but allow space to research the subject individually.
“Both of the courses that I’ve completed managed to exceed my expectations: whenever I thought I knew enough about something, OffSec usually showed me something new.”
Results
With the OSCP in hand, Mihai was able to secure his first penetration testing job, which led him to follow up with the OSWE certification to specialize in web application security. As a result of earning these certifications, Mihai:
- Started getting recruiter views on his LinkedIn profile
- Secured a contract penetration testing engagement
- Learned that any problem can be solved with persistence, a key part of the Try Harder mindset
Training with Offensive Security develops not only your information security skills, but also how you view and approach challenges. OffSec certifications open doors, both in the mind and with employers. Learn more about our courses and take a step toward securing your information security career.
“Being in this field means being willing to learn new things and constantly improving your knowledge.”
Have questions for Mihai? He welcomes conversation on Twitter as @yakuh1t0.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read