So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #3

It’s Story time πŸ™‚

For a few summers before I got into the industry I worked at a retail store. On my first day they locked me in the managers office (who was away on vacation) to do some online training. One of the big trainings was about cyber security. This was the funniest thing to me, considering I was locked in my managers office on his computer with no one around.

Yes I used to walk around with malware on my keychain all the time, because it was a rush to me that I could I go into places like a police station with MALWARE in my pocket. Obviously that is a red flag on how much our defensive cyber security lacks as a culture.

On top of that, I had a USB rubber ducky on my keychain next to my car keys ready to grab all the saved passwords from the browsers and drop a darkcomet executable (now would be meterpreter) on the system.

I could’ve owned the retail store that day and who knows where I could’ve pivoted…

Later on when I was performing an external penetration test against a 10 milllion dollar organization (pennys compared to who I attack now) I found their companys bank login information (user and password) on the CEOs machine saved as a png…

Did I do these things? No. The bigger question is, would you?

Being able to do it should be enough for you.

If you lack the self-discipline, self-control or moral compass when it comes to hacking, penetration testing, social engineering or whatever you want to call it, YOU WILL NOT LAST.

That’s okay if being a whitehat isn’t good for you, we aren’t all build for it.

It is an extremely undervalued and especially frustrating career to have.

That said, the biggest tip I have for you blackhats out there is to pay attention to your Operations Security (OpSec). If I had to bet, this will be your downfall.

Check out the entries in this series!


Leave a Reply