What makes a truly great Penetration Tester?
Here is what I think that makes a truly great Penetration Tester:
It’s not about how many certifications or degrees that you have hanging from your wall. It’s about the way in which you think. Being able to put your thoughts to the keyboard. Thinking outside the box, critical thinking. It’s about having a clear mindset to accomplish the task at hand. It’s about experience.
Often times this is unfortunately lost on most would-be Penetration testers. This is mostly due to the level of training they receive. Sure, people can read a book, take a few cram sessions and with good memorization sit for and pass a Certification Exam. But does that really spell out just what they know or what they are capable of? Not usually. In fact almost never.
You see, I think it’s more important to have hands on experience. Having real battle scars from being in the trenches, so to speak. Often times (and I speak from 20 years experience), what you learn in a book is not practical in the real world at all. It’s the experience you gain putting in the time working in the field, or even studying on your own labs. The thing is, you should never stop learning. This industry changes so rapidly that if you were to stop learning, you would be just as good as last weeks newspaper.
Dedication is key. This isn’t just another job, it’s a highly skilled craft. But unfortunately I also feel that is lost on most people. They get comfortable and stay there. They refuse to be challenged, even being challenged from within themselves.
TLDR; Never stop learning. Never stop training to perfect your craft. And most importantly, don’t stop pushing yourself and your limits. Get out of your comfortable zone, and get moving.