Home page logo

pen-test logo Penetration Testing mailing list archives

Re: What is being a pen tester really like?
From: Danny Fullerton <dfullert () brmoe1 bromont ibm com>
Date: Thu, 27 Jul 2006 19:57:45 -0400

Personally, I have lots of time to explore and keep up to date with new technologies. Since I perform penetration 
testing mostly for IBM Bromont (Canada), most of the time, I just sneak around what admin are doing and then test what 
may prone vulnerability. Otherwise, some coders just pass over my office and ask to test some stuff for them or simply 
to teach them how and want to do (when possible).

From my point of view this is no ordinary job, it's more like a vocation and a passion then anything else. There just 
too much things to learn about and to be one good ethical hacker you personally need to love investing time reading 
about mostly anything having to do with computer science and security or what ever you need to audit (i.e. from 
main-frame RACF security to wireless protocols and so on).

Since corporation are giving you the opportunity to explorer there deepest secrets and critical systems an important 
part of the job is to keep a perfect trust relationship with the executive. The career is mainly based on your 
credibility and every action you take can mark the end of it.

Depending on your exact role in the penetration testing process and departmental logic you may be ask to have lots of 
skill in communicating findings to executive in a, mostly, none technical language and create extensive report of the 

Hope this is the kind of info you waned.


Danny Fullerton
Spécialiste en Sécurité TI / IT Security Specialist
Contrôles et Sécurité TI / IT Controls and Security
IBM Bromont, Québec , Canada

Chris Serafin <chris () chrisserafin com> a écrit sur 2006-07-27 13:46:50 :

It's still a job

rahul.joshi2 () googlemail com wrote:
Hi Guys,

I am currently a Java developer but I'm seriously thinking of 
changing paths to a career in security and pen testing. 

What I would like to know is what is being a pen tester really 
like? I understand the functions a pen tester performs, but I would 
really love to hear what it is actually like on a day-to-day basis, 
on the coal face so to speak. What are the good things about the 
job, and what are the bad? 

Your experiences/advice would be hugely appreciated. 



This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]