I remember when I was about 14 years old in the days when you had to access the Internet using a dial-up modem (a Racal Datacom ALM 3223 to be precise) and mobile phones barely existed. The Internet was a fascinating new world to explore, and this was where I first came across the term hacker and the associated (sometimes illegal) hacking activities of the computing underground.
At about this time, the existence of the esteemed 2600: The Hacker Quarterly Magazine appeared on my radar, and a subscription was eagerly sought. Being headquartered in New York, USA it took a while for the first issue to make its way to my door in the UK, however it was worth the wait. The content inside was captivating and full of ideas, with a good mixture of computing and electronics information, and some political commentary thrown in for good measure. It never occurred to me that ‘hacker’ could be a job title, however, as is often the case, real life took over and this initial excitement faded and was largely forgotten.
Fast-Forward 15 years and I am a CCTV engineer, working in customer service, travelling around the UK to customer sites, more often than not, replacing hard drives and rebuilding RAID arrays, however, little did I know, I was developing some valuable life skills here (but more on that later).
It wasn’t long before the limits of being a CCTV engineer were reached and I was looking for something more fulfilling, wanting to go back to my ‘roots’ and a more pure computing role, the job of ‘penetration tester’ sounded fancy and just the sort of challenge I needed.
The next few years were spent building up the necessary skills to get some qualifications that I hoped would be enough to land me a pentesting job despite not having worked in the ICT sector at all. Not wanted to return to my old job was a strong motivator to succeed and after a lot of hard work I passed the exam.
With my OSCP certificate in hand I went on the hunt for my first job, again, I wondered, who is going to employ me with no experience? It’s at this point where I want to return to the ‘life skills’ I mentioned earlier and let you in to a secret. You see, it wasn’t the technical knowledge that I learned during my studies that got me my first cyber security job, it was perseverance and people skills!
The job of a penetration tester is not only a technical one, no, it’s much more than that, it’s about understanding people, communication, working as a team, with colleagues and customers towards an outcome where both are satisfied. Yes, you need to have a good level of technical knowledge, but that’s not where the story ends.
Success means different things to different people, but I’m pretty sure for most people they want a job that is reasonably interesting and for the most part enjoyable, and this is where the job delivers. The job is as wide as it is deep and there is always something new to learn, it is not for everyone and different to what you might imagine, in a good way. Satisfaction for me is delivering a high quality, bespoke report and getting some good feedback from the customer, knowing I have done my job well and the customer is happy because we have exceeded their expectations.