Having only been introduced to the cybersecurity scene in February, this year, I was in over my head, surrounded by high-tech megaminds and smart-talking eggheads. Obviously, Samurai have their own penetration testing service so all of this information is well-known. Being thrust into such a company was relatively difficult for me, being nineteen and only having scraped a GCSE in computer science.
There are many reasons why penetration testing (and cybersecurity in general) can seem a little intimidating to the untrained eye so let us beginners have a dig into it, see how it works and see if we can’t reach an understanding.
So, what is penetration testing?
Penetration testing, also known as a pen testing or ethical hacking, is when someone simulates a cyberattack on a computer system to assess the security of it. The test is performed to identify strengths and weaknesses.
What does the average test involve?
- Meet the client.
- Engage with the client to design a test that fits their situation.
- Confirm access to the right systems and application.
- Confirm the scope of the job (for example; ‘our network has 10 servers and 200 computers so we want you to test these 9 servers and 2 computers and the wifi’). If any changes are made to the scope, they can be noted in the report produced later.
- Perform reconnaissance on the company and technologies.
- Start testing all the things mentioned on the scope.
- At the end of the test, report back to the client and bring up any highlights during the test.
- Retreat to Samurai and write up a report.
- Have a follow-up meeting with the client to discuss the findings and help them understand how to implement the fixes without affecting functionality.
When is penetration testing done?
Penetration testing is best to be done regularly (preferably annually) to ensure that security is in tip-top shape. A yearly pen test, also, brings to light any new threats or vulnerabilities that may have popped up in the meantime.
Why is penetration testing important?
Much like penetrant testing, in casting, forging and welding, penetration testing is important as it finds the cracks and defects in networks that put them in danger. Without knowing about the vulnerabilities in your network, it could fall apart without you even knowing. With the application of penetration testing, you have time to rectify those vulnerabilities before anything bad happens.
Is it a good career?
Well, I asked some of the guys in Samurai and came back with these responses.
“It’s very well paid. Cracking career choice IMO. Fast-growing field as well.”
“I enjoy it and it pays decently. You get to travel. Sometimes to places like Slough, sometimes cruises around the Canaries, sometimes awesome places like Denmark. Always new things to do/see/learn as no company runs the same. You get to do good for companies like the NHS.”
“It’s not for everyone but if you like tech, it can be for you. Positives are it’s well-paid, interesting and it’s always changing. Negatives are travel and that things are always changing.”
So, there we go. Hopefully, we managed to clear some things up and gave you a look into the world of penetration testing. If you’re feeling adventurous, of course, there’s the Wikipedia page. Other than that, make sure you have a pen test done every year to keep you and your company safe.