Talking of Offensive Individuals – Penetration Testers
My love of hacking systems came from way back, before penetration testing was ever coined as a profession or term. With a timeline that looked something like: zx80, Vic20, BBC Micro and then onto early IBMs (XT, AT, PS/2) and SPARC system, I’ve hacked them all. It was around 1996 that I officially became a penetration tester, a job title that for many years has left people looking at me blankly, until you say ‘hacker.’ Then they get excited for a few seconds, before glazing over again. To be fair, jokes in binary are very dry (00100001.) To put things into perspective, this was a time of the Phrack, with hacker antics punctuated by articles such as ‘Smashing the stack for fun and profit’, written by aleph1. It was also the era of the hand-rolled Linux 1.X kernel, with flaky support, in a time when it seemed PCMCIA support would forever require source code modifications and compilation, especially if you wanted a wireless network card to work.
Jumping forward twenty years, I think I’ve now established my credentials and that I’ve worked with penetration testers just about all my working life, and yes, while I’m older and greyer (acknowledge what’s left of my hair, that is), one thing has always irked me about our craft is why so few testers can write a decent report, discussing all the fun they’ve had.
Just the other day, whilst reading through a less-than-average report, fortunately not produced by one of my team, I mused, “What combination of skills and quirks make for an exceptional penetration tester?” And when you find someone with all the skills, how do you manage them, given they are often complicated individuals with very specific needs?
Looking at skills first, this is not an easy question to answer and until an autonomous ice-cream tub takes over the reins and competently tests your networks and applications, it’s a question that most of information, risk and compliance managers, or indeed hiring managers, should be considering, because not all pen testers are born or created equal…Click here to read full article.
