Pentester is not just a tester, so it’s better not to go this professional area directly after school, without having any experience as an employee of a regular or a vendor company.

You must go through the life school, for example:

• explain to the accountant that the printer is not working because the wire is not connected to the computer;
• explain to the finance director at the company that writing a password on a sticker on a computer is very bad;
• install software with minimum requirements of 4Gb on a computer with 256MB of RAM;
• set up the corporate network on home routers;
• wait a couple of months to agree on getting access to a simple information system;
• develop an information security policy in a couple of days by downloading it from the Internet;
• ask God to compile the program and, without changing anything in the code, get success;
• to make the work 2 times faster than planned, and instead of the prize, get even more work;
• etc.

Otherwise, your entire report without understanding the real practice and personality of the customer will remain a beautiful piece of paper and the recommendations will never be fulfilled.

It is usually not difficult to find one “hole” in a company of many thousands, but without life experience, it will be difficult to fully analyze and crack other systems without understanding:

• How was it built? (qualitatively or under drugs J )
• Why so? (laziness, budget, conditions, staff)
• What could the developer / architect / networker miss?
• Why is no one responsible for hacking the system? (it happens, yes)
• Why does no one want to fix your super important vulnerability? (it happens, yes 2)
• Why can’t a critical vulnerability be fixed in a couple of hours? (maybe people just ended their working day and no one pays for the overtime work)
• How easy is it to fix a discovered vulnerability? (maybe support is on the expired outsourcing)
• Etc.

Want to know more about penetration testing? Stay tuned for our new articles about pentesters life.