Why Pentesting?
Pentesting and Ethical Hacking is something I've been interested in for years. I always wanted to get into this field, and now that I've started doing it with sites like TryHackMe and HackTheBox, as well as constantly improving resources, I've been reminded why I wanted to actually learn to code in the first place.
The PEH course lists some of the Mentors' own reasons, but below are some of mines added too as to why this is a great field to get into.
- Able to work from home - or anywhere in the world with a laptop and internet access!
- Great salary.
- Working and life balance is amazing.
- Personal note: Constantly learning and growing. It fits with my approach to life and study.
- Digital Skills Gap: MANY MANY roles open in this industry, and not enough bodies on seats for it yet.
- It's something I enjoy doing! I got into coding for this!
Possible Activities in a Day
This seems like it can vary wildly depending on what the client needs, or what is being studied and learnt. However, some common classes can include:
- External or Internal Network testing.
- Web Application Exploitation Analysis.
- Wireless hacking.
- Social Engineering, Physical (breaking in!) penetration testing, Phishing attacks.
- SOC (Purple Teaming) - Joint attack and defense team methodology.
- Writing Pentesting Reports (seems boring, but is essential!).
- Debriefing - walk the client through the Pentest report, talking through issues, vulnerabilities, possible exploits, and how to harden their network, applications and services against these.
This is of course a very varied set of activities and areas of Cyber Security, but it does help to be well rounded! Know enough to be dangerous, literally.
Technical Skills Required