Pentesting (penetration testing) is a career unlike any other in a lot of ways. It will test your limits on an almost daily basis, spurring you on creatively and systematically as you test systems against a wide array of vulnerabilities and attacks. In this career, you will take on the role as an ethical hacker, hired to toughen security and harden systems within an organization. The job isn’t all action, however, as there is a massive documentation process that must be undertaken in parallel with all of this work.
Finding, testing and fixing these weaknesses must be accompanied by well documented, step-by-step guides, as well as thorough explanations. Tools used during the test must also be clearly defined and all of this information must be relayed to management.
But how do you get into such a specialized role, and how do you navigate the path towards this goal? In this article, we will take a look at a few tricks and tips to keep in mind when you are looking to land your dream job as a pentester.
What Should I Look For In a Pentesting Job?
There is no one-size-fits-all solution to finding your dream pentesting job, primarily because each candidate will have their own skill level, personal preferences and salary expectations that need to be taken into consideration. More senior roles will have additional responsibilities and tasks that may be more suited to a candidate with the relevant experience, while more junior roles will concentrate on much of the day-to-day repetitive tasks that are often associated with the role.
So, what should you be looking for in a pentesting job? Below are some questions to ask when you are speaking with the interviewer. This will give you a good idea of what the position could be like, based on the answers that you receive.
- Who will you be working with? Working with a solid, knowledgeable team is highly beneficial to you, regardless of your skill level or experience. Ask how many people you will be working with, and what their positions are. Having access to people with high level skills can help you to move up to the next level in your career, so finding out about who you will be working with is something you should definitely find out about. It also makes you look like a team player with an interest in your role, which is always a good thing in an interview.
- What does the company do? It really helps if the company you decide to work for is in an industry you find interesting or exciting, even if the core product or service they deliver has no direct impact on your role as a pentester. This can help with motivation further down the line.
- What is the job description and scope? This is perhaps the biggest item to be aware of when you are trying to land the perfect pentesting job. Get as much detail as you can about your role, and find out what your key responsibilities are going to be. It will do neither yourself nor your employer any good if you accept a position that has core functions and responsibilities you are not comfortable taking on. That’s not to say taking on a challenging role is out of the question; a difficult job can teach you a lot, and the skills you pick up will be of great benefit to you. However, always remember to be honest and realistic in the interview.
- What are the working hours and after-hours support requirements? Your role as a pentester might require certain attacks or routines to be carried out at peculiar hours, especially if you have international target sites that are in a different time zone to you. Find out about this early on in the interviewing process to avoid disappointment.
- Are training and development resources available? Find out if the pentesting role offers any opportunities for further studying and skills development. The more you learn, the more marketable you become as a pentester for future employers.
Should I Work With a Technical Recruiter?
Never go to a general employment recruitment agency. Rather look for specialized IT recruitment firms that have a better understanding of the role you are pursuing as a pentester. Once you have found the ideal recruiter to work with, make sure you follow some basic rules:
- Be more discerning: Resist the temptation to accept the first position that becomes available. You have a skillset that is in high demand, and the right employer will reward your patience.
- Brush up on your theory: Sometimes you will get a call from a recruitment agent and they will have some preliminary questions to ask before you even set foot in an interview. Make sure you are ready to answer general vetting questions like “what port number is X associated with?”
- Customize correspondence: Try not to use a template when dealing with recruiters. Always create an individualised response that shows that you have taken the time to consider your application.
- Showcase your skills and achievements: If you have specific skills you think would be beneficial to your application, then don’t be afraid to show them off. If you have had success in the past with projects and milestones, then mention those too.
- Make yourself available: Recruiters are usually dealing with multiple candidates at the same time, and not responding to an email or not answering your phone can sometimes be the difference between securing an interview and missing out on the opportunity altogether.
How Can I Make My Pentester Resume/CV Stand Out?
This is one of the few areas of the job hunting process you may consider outsourcing to a third party, depending on your word processing prowess. There is no shame in getting a professional CV or resume typed up by a professional. If you are going to overhaul your CV yourself, then there are a few basics you should always take into consideration. Keep in mind this type of CV can be a bit more elaborate than your traditional CV. There are a lot of extra skills and competencies that need to be mentioned as pentesting is a highly specialized role.
Here are a few tips to get you started:
- Mention all relevant pentesting experience, highlighting only the most relevant information and skills you have relating to the field.
- Don’t just add lists of pentesting tools to your CV, it is lazy and it doesn’t tell the employer much detail about your skills. Don’t just mention tools like Wireshark, Burp and Aircrack on your CV. Instead, list your pentesting capabilities like wireless traffic testing, packet inspection and web testing. This lets the employer know what you can do for them in the role of pentester.
- Any certifications that relate to pentesting or cybersecurity in general must be highlighted and emphasised clearly as a potential employer will be looking for specific certs like your CEH (Certified Ethical Hacker) v9 or MCPS (Metasploit Certified Pro Specialist).
- If you have managed to build your own pentesting/security tools, then this is the place to mention them.
- Do you have any projects on Github? Include links for your potential employer to review.
- Do you have a website or blog? Are you a contributor on any pentesting platforms? These can show a potential employer that you have a keen interest, and would be a good fit with their company.
- Include references and letters of recommendation from past clients and employers, if you have any.
What Is the Typical Pentesting Interview Process Like?
Each company is different, but the basic interview process usually takes place over two to three interviews, depending on the role you will be filling within the company. The first interview usually consists of a series of questions to help the interviewer gauge your level of knowledge and understanding of the pentesting role you are applying for. The first part of your interview will consist of typical questions that are designed to test your knowledge. These questions will vary in difficulty depending on the seniority of the role you are applying for.
Some basic example questions could include:
Q: What tools are used for analysing traffic on a network?
A: Packet sniffing utilities such as Wireshark are used for packet level analysis of network traffic.
Q: What are three basic precautions that protect against brute force attacks?
A: Automatic account lockout after a set number of login attempts, IP blocking via a script that detects a certain amount of failed login attempts and Firewall IP filtering to allow only trusted remote logins.
Q: What is the difference between a /23 and a /24 network?
A: A /23 network supports a maximum of 510 hosts and uses a subnet mask of 255.255.254.0, while a /24 network supports a maximum of 254 hosts and uses a subnet mask of 255.255.255.0. The /n refers to the number of network bits, and the number of subnets vary depending on the network class (A, B or C).
Will the Interview Include a Practical Assessment?
After you have answered some questions, the interview might require some hands-on pentesting simulations or exercises. This is because the nature of pentesting roles and the fact these positions require practical knowledge of how to execute real-world operations.
Additional Interview Considerations
Other than knowing the facts about networking principles, candidates are also usually expected to describe and explain verbally or in written form how a specific attack could take place to a non-technical person. This is an important skill, as pentesting requires excellent communication skills as well as the ability to explain complex concepts in plain language to non-technical executives or managers.
Mobile Device Penetration Testing
The interviewer might also want to see how you compile an incident report, or a vulnerability assessment, after the practical assessment has been completed to evaluate your written communication skills. They will likely also want to see a step-by-step report on how you achieved your results.
Pursuing a career in cybersecurity is a lifetime of learning and skills development. Getting to the level of pentester will often require knowledge on many fronts, including programming, database administration, network security, forensics, scripting and a whole host of specific skills. More information about becoming a pentester can be found here, as well as a list of related helpful training courses from Infosec Institute.