Unfortunately, if a criminal wants access to a network, he will find a way in. A claim which many now accept as fact as evidence by the hackneyed expression, “It’s not if but when.” If an enterprise is lucky enough to find the hole before the criminal does, they can put off that invasion while they continue to build their security defenses.
That’s why pen testers remain in high demand, and because PCI compliance requires annual pen testing, more companies are going to be looking to bring qualified candidates to their security teams. So, what do you need to do if you want to be a sought after pen tester?
In a paper from the SANS Institute, Penetration 101 - Introduction to becoming a Penetration Tester, David Burrows wrote,“Time has come where we need to protect ourselves from everyone out there be it our company rivals, the seasoned hacker or just Joe Bloggs teenager down the road. We need to protect our company’s infrastructure like we do with our homes and personal property.”
Burrows wrote, “Penetration testing involves performing various reconnaissance scans against your perimeter defenses, boundary routers, firewalls, switches, network devices, servers and workstations to allow you to see which devices are within your environment and to determine the overall plan of the network and topology.”
Assembling the results of those tests will allow you to see vulnerabilities, “and then look at an attack vector to try and penetrate identified systems to see if they can be compromised by using known vulnerability scans, attacks and denial of service attacks,” Burrows continued.
You can use a program like Pest Patrol to set up a test environment, said Burrows who also wrote, “Using a test environment is key to penetration testing. This way you can avoid scanning, attacking or creating denial of service attacks on production network devices within your company when getting to grips in learning how to penetration test.”
As the lingering question for many security professionals, CSOs, CISOs, and boards is “Am I going to be hacked in 2016?” pen testers are becoming more critical to cyber security. Stealth Worker, a marketplace for cybersecurity talent, aims to address the staggering shortfall for most companies looking to hire, calling themselves the Uber of cybersecurity.
Ken Baylor, founder, StealthWorker, said, “Everyone needs penetration testers—the ‘good’ hackers—to make sure their product or network is secure, from a Fitbit to a credit card. ”
So, if you are new to security and you see a path in pen testing that you might want to explore, Baylor and others want to see that you are a Certified Ethical Hacker. There are a few other certifications in the niche that you can explore, but more than anything a hiring manager will want to know how you think.
“We generally look at how they think in terms of how they break things open. Baylor recommended the book, Hacking Exposed, which gets into the methodology behind the hacking and is the impetus for many of the questions that he asks in an interview.
“I want to know how you think about hacking—what’s your target, how would you normally get in? What exactly are you looking for?” said Baylor who has heard a myriad of responses.
“Some people go to social engineering right away. Oh it’s a bank, it’s hard to get in, so I’m going to send them a link in an email,” he said while others will ask about what machines they own that they probably don’t know they own.
Baylor said, “Some of our pen testers are former top secret military people, and they tend to think differently. They are more narrowly focused. What is the mission? They see a brief overview of all possibilities, and determine a very detailed way of getting in,” said Baylor.
If you are looking to impress in an interview, you have to possess the skills to demonstrate that you can do more than think. Baylor recalled an impressive candidate who stood out by taking only 15 minutes to break into a dummy company they had set up on the Internet.
Baylor said, “It should have taken a few hours to break in, but this guy broke in and extracted data while we were talking to him. It took him 15 minutes, and if you looked at the logs, he had not come in from the USA. He had made himself come from a different country, so he was fast and able to cover his tracks.”