Personally, I have lots of time to explore and keep up to date with new
technologies. Since I perform penetration testing mostly for IBM Bromont
(Canada), most of the time, I just sneak around what admin are doing and then
test what may prone vulnerability. Otherwise, some coders just pass over my
office and ask to test some stuff for them or simply to teach them how and want
to do (when possible).
From my point of view this is no ordinary job, it's more like a vocation and a
passion then anything else. There just too much things to learn about and to
be one good ethical hacker you personally need to love investing time reading
about mostly anything having to do with computer science and security or what
ever you need to audit (i.e. from main-frame RACF security to wireless
protocols and so on).
Since corporation are giving you the opportunity to explorer there deepest
secrets and critical systems an important part of the job is to keep a perfect
trust relationship with the executive. The career is mainly based on your
credibility and every action you take can mark the end of it.
Depending on your exact role in the penetration testing process and
departmental logic you may be ask to have lots of skill in communicating
findings to executive in a, mostly, none technical language and create
extensive report of the assessment.
Hope this is the kind of info you waned.
Regards,
Danny Fullerton
-----------------------
Spécialiste en Sécurité TI / IT Security Specialist
Contrôles et Sécurité TI / IT Controls and Security
IBM Bromont, Québec , Canada
Chris Serafin <chris@chrisserafin.com> a écrit sur 2006-07-27 13:46:50 :
It's still a job
rahul.joshi2@googlemail.com wrote:
Hi Guys,
I am currently a Java developer but I'm seriously thinking of
changing paths to a career in security and pen testing.
What I would like to know is what is being a pen tester really
like? I understand the functions a pen tester performs, but I would
really love to hear what it is actually like on a day-to-day basis,
on the coal face so to speak. What are the good things about the
job, and what are the bad?
Your experiences/advice would be hugely appreciated.
Thanks,
Rahul
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
