So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? (2020) #2

Most important thing to ask yourself if you’re thinking of pursuing any of these fields are

Your desire to learn…Just kidding!

This is a VERY common thing to hear or read in the industry…
Doesn’t matter how much you know walking in, just your desire to learn…
This is false and bullshit.

Why you ask?

Because a “desire to learn” is relative to the person.

For example, personally when I have a desire to learn I will get obsessed and I will lose sleep, I will spend all the time I can researching, reading and practicing.

Are most people like this? No.

Does that mean they don’t have a “desire to learn?” No.

This is why I have found a desire to learn to mean jack shit!

When someone says, the most important thing you can have is a “desire to learn” it means an obsession to succeed in this industry.

That said, the most important thing in actuality is…. Drum roll please!

Do you think like an attacker?

The closest thing I can relate this too was skateboarding.

When I learned enough skateboarding to roll comfortably and ollie over 13 years ago, I swear to god, I have never looked at another pair of stairs the same.

What I’m saying is, when you visit a website do you think, what’s the worst thing I can possibility do to this site?

When you think of a company and what they, do you think, what is the absolute worst thing that can happen to this organization? What is the thing that would close the company overnight?
When you lock the door at night, do you think about how an attacker could break past that lock? (Pretty easily if we’re being honest)

When you perform programming, coding, scripting or whatever do you think about everything possible way an end user could do something wrong?

There’s a reason that people deep in the industry tend to be paranoid, it’s because it’s constantly on our minds.

Here’s a great example of something I do, that I’ve never actually met someone who does it as well.

When you buy something and you have to type in your PIN, do you put the wallet over the keypad so someone behind or next to you or even the cashier can’t see your pin?

Remember if the goal of cyber security is confidentiality, integrity and accessibility, then thinking about how you can break those things is what an offensive cyber security professional is looking to do.

If you do, you’ll fit in just great.

Cyber Security is a lifestyle.

Offensive Security is a mindset.

The most important attribute you can bring to the table as a penetration tester (or other cyber security professional especially offensive security) is not coding, is not having a methodology memorized, is not the desire to know more, is the ability to think like a malicious attacker and of course, the self-control and moral compass to use your knowledge for good.


Leave a Reply