Talon Placement
Cybersecurity Talent Placement
  • Home
  • About Us
  • Companies
  • Candidates
  • Blog & Resources
  • Contact
  • LinkedIn
  • Twitter
4

HUNTING THE PENTESTER

Chance Hoag Uncategorized cyber security, pentester, recruiting

Pentesting – demonstrating and documenting a company’s security flaws – sounds like a fairly routine gig. In reality, it’s a fascinating position that has been cast into the limelight of the fast growing, multi-billion dollar Cyber Security industry. Like surfing or Mixed Martial Arts, pentesting started as a hobby that a small group of people loved with enough passion to do for free. Then it started to take on additional interest and became a skill that could make money. The position has begun to evolve and the skill set it takes to do the job well is rare. A great pentester is one of the most difficult, and thus rewarding people to find. Here’s why:

  1. There is no set path. Good pentesters come from a very diverse background – I’ve seen everything from from Art History to Engineering degrees. Computer languages are obviously important (Java, PHP, JavaScript, etc) as well as scripting languages like Python. Understanding Networks, Systems, and Web Applications is critical, and, if you like certifications, I’d recommend the OSCP. The fly in the ointment of pentesting is that you can have all of the above in spades and be a terrible hacker. If I had to put a number on it, I’d say that good pentesting is 30-40% technical. Numbers 2 and 3 below are what separates average and great pentesters.
  2. The mindset is the key. The top traits I see in great pentesters are self-learning and consistent curiosity. Many pentesters became interested in the craft in their teens. They didn’t know it was a job – they just loved it. Good pentesters are usually involved in their security community in CTFs (capture the flag events), meetups, ongoing education, and Twitter. Second, good pentesters are highly methodical. Hacking involves hundreds of paths and rabbit trails. Figuring out the weaknesses is a very thorough process and good pentesters relish it. Third, good pentesters are highly ethical and have a strong sense of mission. The skills acquired by pentesters can easily be used for malicious purposes – good ones know the lines and stay away from playing with fire.
  3. They understand the 10,000 ft view. There are two types of pentesting gigs, 1. The basics client requirements and checklist work, and 2. The more exciting threat-led testing of technical plus social engineering and red teaming. A good pentest is always informed by a solid Threat and Risk Analysis first. Great pentesters can assimilate the high-level information so that it shapes their work on a particular project. They understand the kill chain and assets unique to each company, and consider the possible threat actors and the methodologies they might deploy. Great pentesters are able to silo their findings into what is possible, plausible and probable.

A great pentester has a unique combination of creativity, organization and dogged determination. If you find a great one, do what it takes to make the hire. And, if you have a great one, DON’T let ’em walk out the door! 

SOFTWARE DEVELOPERS AND SECURITY WHY IoT IS A FRIGHTENING SECURITY PROPOSITION

Related Posts

cute-dog-in-blanket_925x

Uncategorized

CONTRACT HIRING IS A NO-BRAINER FOR SECURITY PROGRAMS

TAL-Embrace-the-Adventure-i.01

Blog, Uncategorized

ENTERING THE TWILIGHT ZONE: ADVENTURES IN THE SECURITY LEADER SEARCH

3

Uncategorized

RECRUITING IN CYBER SECURITY: HOW BAD DO YOU WANT IT?

Search

Recent Posts

  • CONTRACT HIRING IS A NO-BRAINER FOR SECURITY PROGRAMS
  • NO MAN’S LAND: Why Companies Struggle To Hire The Right Security Leader
  • HOW TO SLAM DUNK YOUR CISO JOB DESCRIPTION
  • Some DO’s and DON’Ts for Hiring Your Security Leader
  • ENTERING THE TWILIGHT ZONE: ADVENTURES IN THE SECURITY LEADER SEARCH

Archives

  • February 2019
  • March 2018
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016

Categories

  • Blog
  • Uncategorized

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
Talon Placement
  • Home
  • About Us
  • Companies
  • Candidates
  • Blog & Resources
  • Contact
  • LinkedIn
  • Twitter
© 2017 Talon Cybersecurity Talent Placement | Made in Nashville, TN by Golden Spiral