From: Danny Fullerton (dfullert@brmoe1.bromont.ibm.com)
Date: Thu Jul 27 2006 - 19:57:45 EDT
Personally, I have lots of time to explore and keep up to date with new technologies. Since I perform penetration testing mostly for IBM Bromont (Canada), most of the time, I just sneak around what admin are doing and then test what may prone vulnerability. Otherwise, some coders just pass over my office and ask to test some stuff for them or simply to teach them how and want to do (when possible).
>From my point of view this is no ordinary job, it's more like a vocation and a passion then anything else. There just too much things to learn about and to be one good ethical hacker you personally need to love investing time reading about mostly anything having to do with computer science and security or what ever you need to audit (i.e. from main-frame RACF security to wireless protocols and so on).
Since corporation are giving you the opportunity to explorer there deepest secrets and critical systems an important part of the job is to keep a perfect trust relationship with the executive. The career is mainly based on your credibility and every action you take can mark the end of it.
Depending on your exact role in the penetration testing process and departmental logic you may be ask to have lots of skill in communicating findings to executive in a, mostly, none technical language and create extensive report of the assessment.
Hope this is the kind of info you waned.
Regards,
Danny Fullerton
-----------------------
Spécialiste en Sécurité TI / IT Security Specialist
Contrôles et Sécurité TI / IT Controls and Security
IBM Bromont, Québec , Canada
Chris Serafin <chris@chrisserafin.com> a écrit sur 2006-07-27 13:46:50 :
> It's still a job
>
> rahul.joshi2@googlemail.com wrote:
> > Hi Guys,
> >
> > I am currently a Java developer but I'm seriously thinking of
> changing paths to a career in security and pen testing.
> >
> > What I would like to know is what is being a pen tester really
> like? I understand the functions a pen tester performs, but I would
> really love to hear what it is actually like on a day-to-day basis,
> on the coal face so to speak. What are the good things about the
> job, and what are the bad?
> >
> > Your experiences/advice would be hugely appreciated.
> >
> > Thanks,
> >
> > Rahul
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:26 EDT