How I Went From Lyft Driver to Pentester in 13 Months

6 minutes

Learning to code so that you can land a job in tech can feel daunting. That’s why we’re sharing inspiring stories from Codecademy’s community — to show how people like you (yes, you!) can embark on a learning journey and end up with a totally new career. We hope these stories serve as a reminder that there’s no single path to a more fulfilling work life.

Today’s story is from Mario Roman, a 25-year old Pentester living in Oakland, California. Read more stories from Codecademy learners here — and be sure to share your story here.

Why I chose to learn to code

“I was an economics major at UC Berkeley, and I found myself in this internship where they wanted me to do data analysis. To do that, I would need to import Excel files into Jupyter Notebooks, clean it using Python Pandas, and format the data in a way where we could feed it into machine learning models. I didn’t know how to do any of that! 

I did some research and found Codecademy, and I started with the Python 3 course and Learn Data Analysis with Pandas. That was super helpful. Coding is a really great tool to have; to be able to take an idea in your head and build something is really cool. So that was my motivation. I started getting into programming, and then switched to cybersecurity. My whole senior year, I was just practicing getting certifications, and working on my skills.”

Learn something new for free

How I made time to learn

“I tried to spend at least two hours a day learning to code. I focused more on consistency over everything. I would try not to beat myself up if I didn’t do like four hours a day or something like that. I just did a little bit — an hour or 30 minutes — each day and that was enough* for me. I am a little bit of a night owl, so I did this after work mostly.”

* Curious how much time you need to spend learning to code each week? Read this blog to see how other learners in our community made time.

How I saved up money to switch careers

“My school offered a program where they would connect us with companies to intern for, and I chose a company in San Francisco. There was a scholarship that covered the actual program, but then I just drove Lyft.” 

How long it took me to land a job

“It took me about 13 months to land a job as a pentester, but my cybersecurity interest was separate from data analysis. I started Codecademy in May of 2022, and then I took this ethical hacking course, which was my introduction into cybersecurity, in October of 2022. Then six months after graduation, I got to the point where I was able to get a job.” 

How I got in the door

“I work for a bank in the city. I applied for this role just on LinkedIn, and one of the members on their team reached out to me for an interview. After the second interview, they ended up not choosing me for the role, but they said, ‘Hey, this other role would actually fit you better.’ And then I was able to apply for that job and get it.

I did a few things to get experience ethical hacking.* I did one capture the flag competition, and I’d do Hack the Box, which are these intentionally vulnerable machines that you can try to hack into. I also did this three-month OSCP (Offensive Security Certified Professional) training — that was a doozy. It involved so many different machines, and I had to learn so many different types of attacks. I haven’t passed the test yet to get the certification. I took it a couple times and got really close but not yet. Still learned a ton, and I don’t think I would’ve got the job I have now without the skills I developed during that time. I did bug bounties as well, which are public programs where security researchers try to hack companies.” 

* Want to get hands-on practice hacking without breaking any laws? Read this blog to learn the various ways you can practice ethical hacking safely.

How I nailed the interview

“First I had a technical interview. They asked me about a lot of cybersecurity concepts, and different attacks that we would normally do. In the technical interview, if I didn’t know an answer — which happened a couple of times — they would walk me through it and explain what the answer actually is. That was really encouraging. 

Then it was kind of a behavioral interview, with questions like, ‘Tell me about a time when you…’ So I had just two interviews for both of the roles that I applied for.” 

How I evaluated the offer

“The way that they handled my recruitment process was great. The recruiter was very nice, which is an underrated thing, and they kept me in the loop. I could tell they cared for the other person on the other end of the interview process. Their management was the same way; everyone was super awesome. 

When it came time to the offer, it was fair. One of the big things they do is pay for certifications for us to get if we want to invest in our own learning*. If you want to do a master’s program or get one of the million different certifications in security, they provide funding for that as well.” 

* If you’re learning to code because you want to up-skill in your current role and advance your career, go for a Codecademy Plus membership. You get access to skill paths, practice projects, and Codecademy certificates of completion.

How day one and beyond went

“First week wasn’t bad to be honest with you. It was a lot of the introductory training that you have to do to work at a bank. It’s very risk focused, so there’s obviously a lot of controls that they have. I had to kind of speed through all that learning. 

We do this meeting every morning with all the security testers where we go through attacks or tests we’re working on, new things we’ve figured out, or anything we need help with at all. My first week I was getting acclimated with everybody and learning what kind of topics we were talking about. I got my first test a few weeks later. If you find some vulnerabilities, then you report them, and then you send it off to your peer reviewer. I think it went well.”

What I wish I knew before I started learning

“Consistency is the most important thing. It’s not about coding for six hours, then taking days off. If it’s just a half hour a day, that’s fine. I think you have to allow your subconscious to kind of process the information later on when you’re not working. Projects are important, and Codecademy does a good job of implementing them. With projects, you can showcase your work, you can be creative, and you can modify things.

There’s kind of a debate in cybersecurity about whether you need to know how to code to be a hacker or in security. You don’t need to, but it really helps a lot. For example, we use a proxy tool called Burp Suite where you’re intercepting requests and forwarding them. It’s really helpful to be able to build an extension that can modify some of the Burp Suite functionality in the way that you want. Or if you’re going to do a proof of concept for how you want to script, you can run your attack and you get information. Learning and improving my skills is still something I’m working on.”

Learn like Mario

6 courses

Not sure where to start? Check out our personality quiz! We’ll help you find the best programming language to learn based on your strengths and interests.

Want to share your Codecademy learner story? Drop us a line here. And don’t forget to join the discussions in our community.

Related articles

7 articles

What is the Waterfall Model?

7 minutes
By Codecademy Team

T​​he waterfall model follows a linear sequential flow where each phase of development is completed and approved before the next begins. Here’s how it works.