security

I just passed the eJPT — here's what actually surprised me

March 19, 2026 · 4 min read ·
#ejpt#certification#ine#pentesting#beginner

I didn’t come from a hacking background. I came from software development, and leaving it behind was one of the best decisions I’ve made.

Why I quit software development

It wasn’t a dramatic moment. It was a slow burn that took longer to admit than it should have.

I was studying at the 42 École — an intense, peer-based engineering school with no teachers and no lectures. Objectively, it’s a great environment. They simulate real company requirements well. But that was exactly the problem for me. I was being trained to execute, to deliver what was asked, to play the engineer. And I burned out hard.

I’m creative at my core. I could explore and build things outside the curriculum, but none of that was rewarded — only the required deliverables counted. When the system only recognises one mode of working and it’s not yours, you eventually stop showing up mentally. I needed a field where curiosity wasn’t just tolerated but was the actual job. Hacking is that field.

Finding my way in

I started where most people start: TryHackMe, YouTube rabbit holes, trying to map out what a career in cybersecurity actually looks like. Slowly I built awareness of the field and started figuring out what I actually enjoyed. The answer came pretty quickly — I love to mess around and figure things out. I love finding a path through chaos. The more I did hands-on labs on Hack The Box, the more obvious it became that pentesting was where I wanted to be.

When I found out about the SHC — the Sucuri HackerClub, a local CTF group — I joined immediately. That community pushed me to take things more seriously and go after my first certification.

The INE course: honest thoughts

I bought the eJPT bundle on INE and started working through the material. I’ll be honest: I got pretty bored. A lot of the foundational content I already knew from HTB. Watching someone explain things I’d already practised hands-on felt slow.

But it wasn’t useless. Two things stood out. Pivoting — I’d seen it mentioned before but never really grasped it. The INE videos made it click properly. And I got solid exposure to tools I’d glossed over before: Nikto, the Metasploit plugin ecosystem, msfdb. Those were worth the time.

What the course confirmed for me is that I learn by doing, not by watching. Videos are a starting point, not the thing itself. If the concept doesn’t have a lab attached to it, it barely sticks.

The exam

48 hours. I started excited — maybe a bit too excited. I went in expecting something close to a CTF: find flags, get root, job done.

That’s not what the eJPT is.

There were barely any flags. At first that threw me off. But then the mindset shift happened: pentesting isn’t about getting root. It’s about finding every vulnerability you can, prioritising the critical ones, and making sure a bad actor doesn’t get there before a patch does. The goal is coverage — low hanging fruit first, then higher if possible. Root access is just one data point in a much bigger report.

That reframing changed how I thought about the whole exam.

There were three questions where I genuinely almost gave up and submitted without answering. I’d tried everything I could think of and was going in circles. But instead of quitting I forced myself to slow down: what approaches haven’t I tried yet? I bounced ideas off AI, thought through the methodology again, and kept going. I found all three answers. That persistence mattered more than any specific technical skill I used.

Being organised also paid off more than I expected. Keeping track of what I’d found, what I’d tried, and what was left gave me clarity when I was stuck.

What changed

Passing the eJPT didn’t teach me a huge amount of new technical content. I want to be upfront about that. But it gave me something harder to find: confidence that I can run a proper pentest. Watching a professional work through simulated engagements during the course, then doing it myself under exam conditions — that combination made it real.

Now I’m looking ahead. I don’t like announcing plans — I’d rather just show up with the result.

← Back to writing