• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Everybody Wants to be a Pen Tester

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Chat

View previous topic :: View next topic  
Author Message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Fri Dec 19, 2008 6:04 pm    Post subject: Everybody Wants to be a Pen Tester Reply with quote

What is it that attracts people to want to become a pen tester? I have known so many people who want to do this as a career but nearly always fail because it requires too much work.

Is it the pay?
Is it the glory?

or is it because they want kudos for being a hacker?

Any ideas?

Matt_s
Back to top
View user's profile Send private message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Fri Dec 19, 2008 6:44 pm    Post subject: Reply with quote

Mainly because it is seen as the sexy side of the business. Personally I enjoy the best of both worlds ie: both offense and defense. That way it also allows you to balance your skillsets. To properly defend you must also learn how to attack, and other such pithy statements..... Laughing

Edit

The real grunts are the sys admins who for one reason or another aren't given the credit they deserve.
Back to top
View user's profile Send private message Visit poster's website
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Fri Dec 19, 2008 6:51 pm    Post subject: Reply with quote

I think it's seen as the glamorous side of compsec and the kudos of being a hacker I suppose. Mind you, it amuses me that you could say you penetrate for a living Laughing ok, I'll take my dirty mind elsewhere!
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Fri Dec 19, 2008 7:04 pm    Post subject: Reply with quote

It scares me at times when people post that they dream of being a pen tester and ask if the CEH course will get them a pen testing job.

There is very much an attitude of "X Factor" amongst these people,.

Mind you, that stupid advert for CompuTeach has me in stitches every time I see it. I mean what programmer gets a company car.
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Fri Dec 19, 2008 7:37 pm    Post subject: Reply with quote

matt_s wrote:
Mind you, that stupid advert for CompuTeach has me in stitches every time I see it. I mean what programmer gets a company car.
oh, don't get me started on those adverts! I love the one that says "the average salary in IT is £32,000" and hints you will just walk in on that. Laughing better to laugh at the adverts then get annoyed with them I suppose Smile
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Fri Dec 19, 2008 7:47 pm    Post subject: Reply with quote

I think its adverts like this one keep me employed. The more idiots they can churn out the better I look. Laughing

Matt_s
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Fri Dec 19, 2008 8:14 pm    Post subject: Reply with quote

lol that's a very good way of looking at it Smile

Actually I think the big asian looking lad on the advert is one of my junior admins here! Very Happy lol
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
RoboGeek
SF Mod
SF Mod


Joined: 13 Jun 2003
Posts: 16777166
Location: LeRoy, IL

Offline

PostPosted: Sat Dec 20, 2008 3:17 am    Post subject: Reply with quote

I doubt if any of them even know what it really entails.. how boring and tedious it is, and that most of your pay goes towards legal expenses and contract negotiations with your customer.

If you work for someone you'll be lucky to make $20/hr. Your only going to make big bucks if you get into a corporation and become a mind numbed robot doing repetitive tasks over and over - just what I quit when I started my biz up. Now when my brain is numb, its because I found wifes stash of vodka!! hehe
Back to top
View user's profile Send private message Visit poster's website
Tobywuk
Just Arrived
Just Arrived


Joined: 09 Oct 2006
Posts: 0


Offline

PostPosted: Sat Dec 20, 2008 10:44 pm    Post subject: Reply with quote

Im personal interested in penetration testing as well as general computer security. its not just the remote network pen testing im interested in or "hacking", but the other source of information such as social networking, dumpster diving or physical access and all the clever different ways information can be gathered and used against a person/organization.

Although i do understand it being a lot of work but I see it as rewarding and interesting. although it may sound very extravagant this is not the reason im interested in it.
Back to top
View user's profile Send private message Visit poster's website
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Tue Dec 23, 2008 9:42 pm    Post subject: Reply with quote

Matt,
Would you care to share your opinion of penetration testing? Wink

Why do you like it? Why do you hate it? Is the pay good? What happens on an average day for you? Perhaps some of the SFDC members would like to know what they need to become a good penetration tester.

I think a lot of people get excited when they hear "pen testing" because it gives them this aura of being able to show companies how insecure they are.

They feel more empowered because they can hypothetically "hack" the clients network and bypass all of the shiny, expensive technology in place that is supposed to protect the corporation.

Edit: Also, I think a lot of newcomers have the perception that to be a good pen tester, all you need to know is how to use GUI applications such as:

*Nessus
*MSAT
*NMAP
*ETC.

Why don't you tell them why this is not the case and what extra work is involved in becoming a successful pen tester? We can turn this post into a tutorial to steer people into the correct direction.
Back to top
View user's profile Send private message
Angoth
Just Arrived
Just Arrived


Joined: 07 Mar 2006
Posts: 0


Offline

PostPosted: Tue Jan 06, 2009 7:18 pm    Post subject: Reply with quote

I get the idea from a desire to be a pen tester that people seem to think it's the easy side of the job. For example, you run a few programs/scans/scripts, edit some reports and walk. Aside from the mind-numbingly boring part of repeating it on a regular basis, that seems to be the consensus I've found.

Now, taking that information and actually thinking about how to fix what was discovered seems to be the hard part. Any donk can fix the problem, but, I don't think it's a surprise that I take a lot of heat for breaking stuff in the process. As time has gone on, I've learned more and more and broken less and less. But, it's that flak that, I think, makes the fixing the hard part.

"Security broke my server." If I hear that one more time in a meeting, I think I'll kill someone. Just kidding. I'll just remodel all the combine troops in Half Life 2 with their head and pretend to kill them.

I personally think that the fix is hard and discovering the problem is easy, with today's technology.

Angoth
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Chat All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register