At the point of taking the CTP course, I was in the security industry for about 5 years. I started out in a service / help desk role and worked my way into a information security role. At the time, I mostly did administrative work like access reviews, preparing for audits, helping project teams understand our security policy and the like. I did not get into the technical bits of security, but I was sure craving it, especially after seeing our first penetration test. I wanted to understand what was going on.