View previous topic :: View next topic |
Author |
Message |
Fire Ant Trusted SF Member
Joined: 27 Jun 2008 Posts: 3 Location: London
|
Posted: Fri Dec 19, 2008 6:04 pm Post subject: Everybody Wants to be a Pen Tester |
|
|
What is it that attracts people to want to become a pen tester? I have known so many people who want to do this as a career but nearly always fail because it requires too much work.
Is it the pay?
Is it the glory?
or is it because they want kudos for being a hacker?
Any ideas?
Matt_s
|
|
Back to top |
|
|
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Fri Dec 19, 2008 6:44 pm Post subject: |
|
|
Mainly because it is seen as the sexy side of the business. Personally I enjoy the best of both worlds ie: both offense and defense. That way it also allows you to balance your skillsets. To properly defend you must also learn how to attack, and other such pithy statements.....
Edit
The real grunts are the sys admins who for one reason or another aren't given the credit they deserve.
|
|
Back to top |
|
|
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Fri Dec 19, 2008 6:51 pm Post subject: |
|
|
I think it's seen as the glamorous side of compsec and the kudos of being a hacker I suppose. Mind you, it amuses me that you could say you penetrate for a living ok, I'll take my dirty mind elsewhere!
|
|
Back to top |
|
|
Fire Ant Trusted SF Member
Joined: 27 Jun 2008 Posts: 3 Location: London
|
Posted: Fri Dec 19, 2008 7:04 pm Post subject: |
|
|
It scares me at times when people post that they dream of being a pen tester and ask if the CEH course will get them a pen testing job.
There is very much an attitude of "X Factor" amongst these people,.
Mind you, that stupid advert for CompuTeach has me in stitches every time I see it. I mean what programmer gets a company car.
|
|
Back to top |
|
|
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Fri Dec 19, 2008 7:37 pm Post subject: |
|
|
matt_s wrote: |
Mind you, that stupid advert for CompuTeach has me in stitches every time I see it. I mean what programmer gets a company car. |
oh, don't get me started on those adverts! I love the one that says "the average salary in IT is £32,000" and hints you will just walk in on that. better to laugh at the adverts then get annoyed with them I suppose
|
|
Back to top |
|
|
Fire Ant Trusted SF Member
Joined: 27 Jun 2008 Posts: 3 Location: London
|
Posted: Fri Dec 19, 2008 7:47 pm Post subject: |
|
|
I think its adverts like this one keep me employed. The more idiots they can churn out the better I look.
Matt_s
|
|
Back to top |
|
|
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Fri Dec 19, 2008 8:14 pm Post subject: |
|
|
lol that's a very good way of looking at it
Actually I think the big asian looking lad on the advert is one of my junior admins here! lol
|
|
Back to top |
|
|
RoboGeek SF Mod
Joined: 13 Jun 2003 Posts: 16777166 Location: LeRoy, IL
|
Posted: Sat Dec 20, 2008 3:17 am Post subject: |
|
|
I doubt if any of them even know what it really entails.. how boring and tedious it is, and that most of your pay goes towards legal expenses and contract negotiations with your customer.
If you work for someone you'll be lucky to make $20/hr. Your only going to make big bucks if you get into a corporation and become a mind numbed robot doing repetitive tasks over and over - just what I quit when I started my biz up. Now when my brain is numb, its because I found wifes stash of vodka!! hehe
|
|
Back to top |
|
|
Tobywuk Just Arrived
Joined: 09 Oct 2006 Posts: 0
|
Posted: Sat Dec 20, 2008 10:44 pm Post subject: |
|
|
Im personal interested in penetration testing as well as general computer security. its not just the remote network pen testing im interested in or "hacking", but the other source of information such as social networking, dumpster diving or physical access and all the clever different ways information can be gathered and used against a person/organization.
Although i do understand it being a lot of work but I see it as rewarding and interesting. although it may sound very extravagant this is not the reason im interested in it.
|
|
Back to top |
|
|
PhiBer SF Mod
Joined: 11 Mar 2003 Posts: 20 Location: Your MBR
|
Posted: Tue Dec 23, 2008 9:42 pm Post subject: |
|
|
Matt,
Would you care to share your opinion of penetration testing?
Why do you like it? Why do you hate it? Is the pay good? What happens on an average day for you? Perhaps some of the SFDC members would like to know what they need to become a good penetration tester.
I think a lot of people get excited when they hear "pen testing" because it gives them this aura of being able to show companies how insecure they are.
They feel more empowered because they can hypothetically "hack" the clients network and bypass all of the shiny, expensive technology in place that is supposed to protect the corporation.
Edit: Also, I think a lot of newcomers have the perception that to be a good pen tester, all you need to know is how to use GUI applications such as:
*Nessus
*MSAT
*NMAP
*ETC.
Why don't you tell them why this is not the case and what extra work is involved in becoming a successful pen tester? We can turn this post into a tutorial to steer people into the correct direction.
|
|
Back to top |
|
|
Angoth Just Arrived
Joined: 07 Mar 2006 Posts: 0
|
Posted: Tue Jan 06, 2009 7:18 pm Post subject: |
|
|
I get the idea from a desire to be a pen tester that people seem to think it's the easy side of the job. For example, you run a few programs/scans/scripts, edit some reports and walk. Aside from the mind-numbingly boring part of repeating it on a regular basis, that seems to be the consensus I've found.
Now, taking that information and actually thinking about how to fix what was discovered seems to be the hard part. Any donk can fix the problem, but, I don't think it's a surprise that I take a lot of heat for breaking stuff in the process. As time has gone on, I've learned more and more and broken less and less. But, it's that flak that, I think, makes the fixing the hard part.
"Security broke my server." If I hear that one more time in a meeting, I think I'll kill someone. Just kidding. I'll just remodel all the combine troops in Half Life 2 with their head and pretend to kill them.
I personally think that the fix is hard and discovering the problem is easy, with today's technology.
Angoth
|
|
Back to top |
|
|
|