What it’s like to do cyber security penetration testing

Cyber penetration testing - what’s it all about?

“Cyber penetration testing involves lots of different engagements, so it’s a really varied role. Penetration testing is essentially ethical hacking. It’s all about trying to get full control of a network, by gaining access and privileges and then informing a business on how to improve their security measures. As a cyber security penetration tester, success is all about looking for weaknesses which someone working in an unethical way might be able to exploit.”

What’s your day-to day-role like as a cyber penetration tester?

“Day-to-day, you could be working on external or internal penetration tests either on site or remotely. So for example, at the moment I’m working in a red team which means i’m working with a group of ethical hackers to simulate attacks on businesses and test how equipped they are to deal with cyber attacks. It’s interesting because we often keep our work quite secret and don’t tell people within the business about it – this allows us to get a realistic overview of how a company’s security team is performing.

A typical day involves working in a team creating simulations. So, for example, we send out phishing simulations where we select a sample of employees and send a phishing email to see how people respond. From this, we can monitor clicks and see if people are downloading malware and picking up infections. We can then make suggestions on how to improve security measures”.

What are the common flaws that come up when performing cyber security penetration testing?

“People are complacent when it comes to cyber security, and the biggest weakness to a business’s security is usually the people they employ. For example, people not being aware and writing their passwords down in silly places or not being aware of how secure they are when they’re online. For that reason it’s quite a people-focused role – you’re always looking for holes in a company’s security and often human error plays a part in that.”

How did you get into cyber security penetration testing?

“I went to university and did a physics degree and then went on a grad scheme in cyber penetration testing. When I began my penetration testing career, I had no experience in the field but my enthusiasm for tech helped me land my dream role. I had no experience in it but I developed an interest and followed it.”

What’s the best part of the cyber penetration role?

“The variety. There’s lots of different types of work and different clients so it’s always changing. I work on a project for around a week or so, so I never get bored. Of course, the length of your post changes depending on the role you do – my engagements are typically around a week but the rest of the cyber security team’s projects would be a bit longer.”

What advice would you give to future ethical hackers?

“To be a good ethical hacker you need to be curious and persistent – those are the two secret ingredients. Also, there’s a lot to be said for being passionate about tech. I would recommend having a good grasp on cloud computing as it’s going to be big and is going to change how we do things in business in general and in cyber security. My advice would also be to do a lot of research into cyber security and keep up to date with the latest vulnerabilities and techniques.”

Would you recommend ethical hacking as a career?

Yes – it’s really fun. A career in cyber penetration testing offers a good variety of work and a chance to be a little bit geeky. There’s a big need for ethical hackers and penetration testers – it’s quite a small community and there is a strong demand for it. Especially in the current climate, there is always going to be the need for cyber security penetration testers and cyber security experts. It’s quite fulfilling too, when you’re successful on a project it’s really rewarding.

If you want to follow in John’s footsteps and gain the qualifications to become a pro ethical hacker, then take a look at our cyber security courses or speak to one of our specialist Career Consultants today.