Interviews

Day in the life of a penetration tester

by Mark Rowe

With the threat of cyber-attacks rising, IT security is fundamental to any business. To have a better chance of mitigating cyber threats, security teams should include Penetration Testers who are able to provide insight into the latest technologies and techniques being used by hackers. Gavin Dennis, pictured, a senior IT security consultant, works in Germany as a Pen Tester on security projects that protect companies around the world. Here, he shares his experience in the industry and gives advice to people considering a role within the field.

What do you do?

I am working for a consulting firm in Germany, my department provides IT security services, such as penetration testing, to corporate clients around the world. Penetration testing helps identify any gaps that may cause systems to become unavailable, reveal confidential material or corrupt the integrity of their data.
I’ve been in the security field for approximately four years and have worked with companies in industries such as telecommunications, banking and finance, education and technology. I have worked with various clients, from small companies to large organisations, some with a customer base surpassing 50 million.

How did you get into cybersecurity?

About five years into my role in audit and assurance, I realised I was unhappy where I was and far more passionate about IT. So, I decided to take my passion for IT seriously and pursue a career. I decided I was going to follow my dream, and while hunting opportunities in IT and security, I started studying to gain more knowledge of the field. I could have been anywhere in the IT field, but security interested me the most so I pursued particular training programmes, such as CompTIA’s PenTest+ certification, to help me get the job I wanted. And all the hard work paid off. My job is so rewarding and I get to travel the world assisting companies in protecting their digital assets.

What does a typical day look like as a security consultant and penetration tester?

On a typical day I will be working as part of a team, analysing a company’s network from the viewpoint of an internal or external attacker to identify security issues and vulnerabilities. Also, I spend time blogging about security, developing educational security content and remotely mentoring people around the world who are trying to transition into security or progress in their career.

How does penetration testing and IT consulting compare to other jobs?

Penetration testing provides the opportunity for someone to add value to a business by finding ways malicious parties may misuse a system, its users and its data. It also allows for the freedom to be creative and appreciate the value of being proactive, determined, diligent and wise. Many traditional business roles confine you to a set routine tasks that should be followed like a script. Working with multiple companies and their different technologies and implementations, however, allows me to be creative while continuously educated. The role really does fight away the boredom of a 9-5 job and gives me an edge when I share my knowledge to help others wherever I go.

Do you have any advice for people who are new to or considering a career in penetration testing?

Penetration testing requires determination, focus and a strong desire to learn and defy limitations continuously. Embrace and develop the skills people often neglect or underappreciate, such as being curious, taking initiative, being determined, understanding the psychology behind social interactions, continuously learning, tackling challenges, having integrity and avoiding distractions. Always align your studies and practice to maximise your professional growth while being consistent.

Anything else you would like to share about your experience in cybersecurity?

Never accept the limitations people set for you. Always stay focused on your goal and work toward it, despite the criticisms of others. Maintaining a good work–life balance and taking care of your health, family and well-being is also fundamental. Also, be positive, practice good habits and try to help others where you can.

About Gavin Dennis; he holds the CompTIA Advanced Security Practitioner and Cybersecurity Analyst certifications and was among those who helped develop the PenTest+ exam. Visit https://www.comptia.org.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing