“Being a pen-tester does not mean being good at using tools either. It’s about being able to understand how things work, how things are configured, what mistakes people make and how to find those weaknesses by being creative. Being a pen-tester is not about launching Metasploit against the internet.”
– Corelan Team
As an information security recruiter, I’ve worked with countless numbers of professionals in this incredibly diverse industry. One question that I get asked time and time again is how do you get started in infosec? So, I decided to collaborate with a great connection of mine called Dawid Bałut, who is an experienced security professional who set up his own boutique security consultancy called, InfoSec Remedy. After working as an internal security professional – as a security engineer, moving up to principal security architect and executive board advisor – and then operating as a freelance penetration tester, Dawid gets to work with his ‘proven in battle’ colleagues, delivering outstanding penetration testing and security consultancy outcomes for customers. Both of us are often asked to proffer advice to those looking to get into penetration testing, so we decided to co-author this article on how to get started.
As a recruiter, I am asked to fill positions across the full spectrum of roles in this industry, all the way from the glorious heights of CISO down to finding the next generation of security professionals. Unfortunately, I have limited capabilities in helping those looking to get into the industry. Sometimes the best I can do is provide advice, especially regarding one of the most sought-after roles, that of the ethical hacker or penetration tester. For those wanting to get a great job like this, it’s probably one of the easiest. Why? Because you can upskill yourself without having to rely on an employer…Click HERE to read full article.