We’re hiring pen testers at the moment at work, it’s an interesting experience. I’ve interviewed more pen testers than I can shake a smelly stick at and I can honestly say that pen testers are a unique breed of people. So you can imagine my urgent need to change underwear after reading this post on the securiteam blog. It’s funny because it’s true. I especially like this comment as it’s particularly relevant to the non-techie pen tester.
Take the other site of it:
- you wear nicely pressed shirts, and can fire up Newt, besides that, youâ€™re the master in copy-pasting the outputs into MS Word.
- you have a goatee
- if a network doesnâ€™t have dhcp, you have problems configuring it
- you get scared when a subnetâ€™s octet doesnâ€™t contain 0 or 255,
- you start a blog and critic everything and everybody, yet provide nothing useful
- you gather vulnerabilities – and rate the about:alertâ€¦ XSS vuln in IE a high risk
- you think â€œtlsâ€ is some type of â€œmouâ€ or â€œroiâ€
- you love the sound of â€œmitigating risk factorsâ€
- you aim for all certifications that end in â€œPâ€, as long as they are not technical
- every bug can be exploited â€œby sending a malicious specially crafted packet, it is possible to potentially compromise the entire networkâ€.
- you dont know how to program
- you get upset, because the weird looking nerds donâ€™t consider HTML as a programming language
- what you mean, thereâ€™s another linux besides fedora?
- you are techie enough, your motorola phone runs linux.
For all the great stuff that a really techie pen tester does; making obstructive project managers break down in tears, getting servers to implode by thought control and getting ‘mad w00t’ on boxes by looking at them funny, the non-techie guy is the one you can actually sit in front of a client, comfortable in the knowledge that he won’t start barking, whistling DTMF or just bitching at the client. Funny thing is, I’ve known people who think they’re in one category but firmly belong in the other, and it’s just as funny to watch.
If you come for an interview and get me as an interviewer, expect to be rated according to the above…