Latest news
Thomas Wilhelm is an associate professor at Colorado Technical University and also employed at a Fortune 20 company performing penetration testing and risk assessments and has spent over 15 years in the Information System career field. In this interview he discusses the interesting world of penetration testing as well as his latest book - Professional Penetration Testing: Creating and Operating a Formal Hacking Lab.Many entering the field of computer security are fascinated with the prospect of working as penetration testers. In your opinion, what are the prerequisites one has to posses in order to become good at this job?
From a personal perspective, an inquisitive mind and thirst for knowledge are critical to perform penetration testing. An inquisitive mind will want to discover how things work and how they can be broken, while a thirst for knowledge will make the long hours of research possible.
From a Human Resource perspective, it used to be that penetration testers had to have years of experience to compete for a spot on a pentest team. Recently, I have seen requests from companies that are looking for college students with zero practical experience to fill security positions. This shift indicates two possibilities: One, that security professionals are in short supply; and two, penetest engineers can be trained. Not too many years ago, the methodologies behind penetration testing were considered obscure and simply not understood by corporate management. Today, companies are understanding the need for "red team" attacks, and able to grasp the processes behind such assessments.
In terms of the future, it is probable that the prerequisites for a position as a professional penetration tester will include college and certifications. And speaking of college, I cannot emphasize enough the value of writing and communication. Students interested in becoming penetration testers will spend a lot of their time documenting their findings and explaining the results in a manner that must be persuasive and understandable by those not familiar with information technology. English classes are your friend - trust me.
Spotlight
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
