Hi Ioanna, thank you for your question - I joined the penetration testing team from a non-technical background and I have had numerous opportunities to grow and expand my knowledge. One big opportunity is training and qualifications as well as learning in the role.
So, I have worked on mobile application penetration testing projects and I undertook some training to support this. In addition, I've studied for and completed the CREST CRT (Registered Penetration Tester) exam.
Hi Caitlin! If that helps you I have a degree in Computer Science and Engineering and I am currently doing an MSc in Cyber Security and Management.
Have you any experience in pen-testing itself? One of the great aspects that i've found is you get to view security from the first hand perspective of an attacker, which offers you a perspective on cyber security that many people don't have.
And I've had the opportunity to work on a very broad range of projects for many different clients, including web app testing, infrastructure testing, build reviews as well as the mobile testing I mentioned.
No I don't have and this is why I selected to apply for the specific position! I want to learn, be trained and experience new things. My goal is to experience exactly what you described in order to create better defensive systems!
Hi Ioanna! So I joined from a very non-tech background. But I think I've started to find my feet after just a few months. My advice, if you're keen to hit the ground running, start looking out for online CtF (capture the flag) challenges.
What is online CtF? Could you elaborate it a bit?
There are lots of great online resources where you can get stuck into, like vulnhub, where you can create virtual environments and get to know the pen testing tools (in a legal and safe way).
Hi Wenjing, online ctf's are challenges that revolve around different areas of exploitation and technical knowledge.
Thanks for your answer!
Thank you for your answer David! I already knew vulnhub but I am not informed about the ctf.
For instance, you will get a short brief about the challenge and a few files (whether that is source code, images or text files) and you have to solve the challenge and read an embedded flag.
It sounds really good! I am going to try it! David may I ask something else?
Deloitte hosts a semi-annual ctf event for university teams, which is really exciting to take part in, but if you can't make time for that, you can find a few vulnhub challenges based on CTF's like "hackday Albania" which happened a few months ago.
Ioanna, go for it!
Thank you! Where do you see your career going in the future? I just want to know how a choice like this can affect my professional future! If this is something that you can answer of course!
Personally, as I'm a bit of a nerd, I'm really happy digging further into the nitty gritty of machine-code exploitation, potentially even injecting malware into firmware. To get there, I'm studying for my CPSA / CRT, then I will focus on my studying for my OSCP and then hopefully go for the more advanced "simulated attack specialist" qualifications.
On the way, I'll build up my broader consulting skills, focus on my people-skills, build relationships, and invest into a more Chartered approach to being a pen tester.
I know what you mean, I really enjoy all these myself too! Do you think that risk management can be a choice for me after some years? I mean, is it possible to do that?
Are you referring to specific cyber-related risks?
So whilst our focus (in cyber attack) is to do everything we can to poke holes in software, infrastructure etc; an equally important part is how we guide our clients to a solution. Project by project, you'll gain insight into different real-world risks and have to research the solutions and recommendations to overcome them.
Thank you David! You've been really helpful!
5 readers find this useful!
Thank you for your feedback!