Important things to know
For every aspiring and experienced cybersecurity professional enrolled on the platform
There's a question that comes up in almost every Amdari cohort, no matter the level.
New consultants ask: "How do I show employers I can actually do this when I have no experience?"
Experienced consultants ask: “How do I prove I'm worth more than my current role and move into serious security work?” Different starting points. Same answer: your portfolio.
A penetration testing portfolio is the most honest thing you can put in front of a hiring manager or client. It doesn't care about your background. It shows what you can find, what you understand, and how you think. And it's the one thing that separates people who study cybersecurity from people who do it.
This guide is structured for both of you.
If You're a New Consultant on Amdari
You're probably coming from a different field. IT support, software development, finance, or something completely unrelated. You know you want into cybersecurity, you've started learning, and now you need something concrete to show for it.
Here's the truth: you don't need years of experience. You need documented proof that you can approach a problem methodically, use the right tools, and explain what you found. That's exactly what Amdari is built to give you. When you enroll on Amdari for our Ethical Hacking/Penetration Testing work experience program, you're not handed a course and left alone. You get placed on real projects with real objectives, guided by experienced consultants who have done this work professionally. Every deliverable you produce is portfolio-ready from day one.
Here are the types of projects you'll work through and what each one builds for your career.
Project 1: Real-World Network Security Assessment
On Amdari, your first engagement puts you inside a simulated client environment where you carry out network reconnaissance and scanning the way a professional would. You identify live hosts, open ports, running services, and potential entry points, then document your findings in a structured report.
Why this matters for you: employers don't want to hear that you know what Nmap is. They want to see that you've used it in a professional context, interpreted the results, and communicated them clearly. Amdari gives you exactly that context from your first project.
Project 2: Web Application Vulnerability Testing
Web applications are the number one attack surface in modern organisations. On this project, you test a real-world web environment for the OWASP Top 10 vulnerabilities including SQL Injection, Cross-Site Scripting, Broken Authentication, and Insecure Direct Object References.
Why this matters: nearly every client engagement in penetration testing involves a web application. Completing this project means you can walk into an interview and say you have tested a web app in a structured, professional engagement. Not a tutorial. Not a practice platform. An actual project with a deliverable.
Amdari advantage: Your findings go into a real report reviewed by a senior consultant. You get feedback. You revise. You learn what a professional standard looks like before you ever face a real client.
Project 3: Exploitation and Post-Exploitation Engagement
This is the project where everything comes together. You work through a full attack chain inside an Amdari-managed environment: initial access, privilege escalation, lateral movement, and persistence. You document each phase the way a professional pentester would.
Why this matters: This is the project that makes interviewers lean forward. A complete, clearly documented attack chain written up in professional report format shows you understand how real breaches happen. Not from watching someone else do it. From doing it yourself, inside a real engagement framework.
Project 4: Client-Facing Pentest Report
Every technical engagement on Amdari ends with a deliverable. For this project, you take your findings and produce a full penetration testing report structured for a real client. That means an executive summary written for a non-technical audience, findings with severity ratings, evidence, and remediation recommendations ranked by priority.
Why this matters: technical skill gets you the interview. Communication skills get you the job. Being able to write clearly for both technical and non-technical readers is what separates good pentesters from great ones. And having a polished, reviewed report in your portfolio is something most candidates your level simply do not have.
If You're an Experienced Consultant on Amdari. You've been in the field. Maybe you've done IT security, network administration, or light security work. You know your way around a terminal. What you need now is a portfolio that reflects the level you're actually at and positions you for senior roles, client-facing engagements, or the specialisations you're targeting.
Amdari's experienced track gives you exactly that. You're placed on more complex engagements with less scaffolding, expected to lead, advise, and deliver like a senior consultant would.
Project 5: Active Directory Attack and Defence Simulation
You work through a real enterprise-style environment to carry out attacks including Pass-the-Hash, Kerberoasting, and BloodHound enumeration. You document the attack paths you discovered, map them to real-world misconfigurations, and write remediation guidance for the client.
Why this matters: Active Directory is present in the majority of enterprise environments, and AD attacks are some of the most common techniques seen in real breaches. Demonstrating this in your portfolio puts you in a different category from most applicants. It shows you can work at the level senior security teams actually operate.
Project 6: Credential Security and Access Control Review
This project goes beyond finding weak passwords. You analyse credential storage practices, test password policies, assess multi-factor authentication configurations, and produce a structured advisory for how the organisation should improve its access control posture.
Why this matters: senior consultants don't just find problems. They advise on how to fix them at an organisational level. Pairing technical findings with a clear, prioritised advisory brief is what client-facing security work looks like. This project gives you that experience and gives you something to show for it.
Project 7: Threat Modelling and Risk Assessment
You work with a simulated client brief to identify the most likely attack vectors against their environment, prioritise risks based on business impact, and produce a threat model that informs their security roadmap.
Why this matters: this is where technical skill meets strategic thinking. Senior roles and specialist engagements require you to advise, not just execute. Completing a threat modelling project on Amdari shows you can think at the level organisations actually need. It is a rare portfolio item that very few candidates at any level can demonstrate.
Project 8: Custom Tooling and Automation
You build a Python or Bash tool that solves a real problem inside an engagement: a custom scanner, a log analysis script, a reporting automation. You document it, put it on GitHub, and present it as part of your portfolio.
Why this matters: it signals that you are not dependent on existing tools. You understand what is happening underneath them. That is the mindset senior roles require, and it is the kind of initiative that stands out immediately to anyone reviewing your work.
Where to Host Your Portfolio
GitHub is non-negotiable. One repository per project, write-ups in Markdown, a clean README that links everything together. Amdari consultants who present their work clearly and publicly are consistently the ones who move fastest through hiring processes. If you want to go further, a simple personal site works well. The goal is simple: anyone should be able to find your work in two clicks and understand immediately what you did and what you found.
The Real Difference Between New and Experienced Consultants
It is not the tools. It is the narrative.
New consultants need to show they can learn, apply, and document. Experienced consultants need to show they can lead, advise, and deliver.
Your portfolio communicates which one you are before you say a word in an interview.
Amdari is built to support both. The platform places you on real projects designed to fill gaps in your portfolio at whatever level you are starting from. You are not ticking boxes. You are building the experience that gets you where you want to go, reviewed and validated by people who have already done it.
One Thing Both Levels Have in Common
Neither of you should be waiting.
The new consultant waits because they don't feel ready. The experienced consultant waits because they're too busy with their current role. Meanwhile, the person who gets the job is the one who started building six months ago. Start this week. One project. Document everything. Put it on GitHub.
And if you are not enrolled on Amdari yet, or you have not activated your projects, now is the time. We run the Work Experience program trusted by aspiring and established tech professionals worldwide to build real-world experience and land their dream job. Book a free clarity call here with our team here to know how you can get started.
