It seems like every aspect of cybersecurity and IT is about protecting yourself from threats, but sometimes the best defense is a good offense. A career in penetration testing—the art of simulating adversarial cyber and social engineering attacks on a target to see just how tight their security really is—might be for you.
While it might be tough to make a name for yourself, just like a computer network, there are many different ways to break into (get it?) the field. IT Brew spoke with four experts on their advice for anyone looking to pivot their career towards ethical subterfuge.
Thomas Richards, principal software security consultant at Synopsys’s Software Integrity Group
Richards told IT Brew his “first and honestly, worst pen test ever” was for a former employer planning to switch from Windows-based to mobile-based software to run their business, which he found had several protocol-level issues. He subsequently got certified in offensive security and has since published over a dozen vulnerabilities, at least half of which were critical severity.
Richards advises prospective penetration testers to apply their existing knowledge of networks and systems towards hands-on experimentation.
“Underneath, we all need the same foundation of knowledge of networks and how they work, and have experience building and managing and maintaining them,” Richards said. “That knowledge then allows us to really home in on, ‘Okay, well, this is probably a bad design, there’s a vulnerability here,’ or even, ‘From experience, I know no one ever flips this switch.’”
“There are so many trainings available, and labs, and capture-the-flag events, and conferences, where you can go and just start networking with people,” he added. “These are all the things I look for when I get a résumé for someone coming up.”
Keep reading here.—TM
Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.
