Pentester is not just a tester, so it’s better not to go this professional area directly after school, without having any experience as an employee of a regular or a vendor company.

You must go through the life school, for example:

  • explain to the accountant that the printer is not working because the wire is not connected to the computer;
  • explain to the finance director at the company that writing a password on a sticker on a computer is very bad;
  • install software with minimum requirements of 4Gb on a computer with 256MB of RAM;
  • set up the corporate network on home routers;
  • wait a couple of months to agree on getting access to a simple information system;
  • develop an information security policy in a couple of days by downloading it from the Internet;
  • ask God to compile the program and, without changing anything in the code, get success;
  • to make the work 2 times faster than planned, and instead of the prize, get even more work;
  • etc.

Otherwise, your entire report without understanding the real practice and personality of the customer will remain a beautiful piece of paper and the recommendations will never be fulfilled.

It is usually not difficult to find one “hole” in a company of many thousands, but without life experience, it will be difficult to fully analyze and crack other systems without understanding:

  • How was it built? (qualitatively or under drugs J )
  • Why so? (laziness, budget, conditions, staff)
  • What could the developer / architect / networker miss?
  • Why is no one responsible for hacking the system? (it happens, yes)
  • Why does no one want to fix your super important vulnerability? (it happens, yes 2)
  • Why can’t a critical vulnerability be fixed in a couple of hours? (maybe people just ended their working day and no one pays for the overtime work)
  • How easy is it to fix a discovered vulnerability? (maybe support is on the expired outsourcing)
  • Etc.

Want to know more about penetration testing? Stay tuned for our new articles about pentesters life.