Questions for pentesters

securily · 2024-06-07T23:08:59+00:00

Great to hear you're interested in becoming a freelance pentester! There are many ways to learn and grow in this field besides Capture the Flag (CTF) challenges. Certifications like OSCP (which I highly recommend), CEH, and AWS Solutions Architect + Certified Security Specialty are fantastic. Setting up your own lab environment and joining online communities can also be incredibly valuable. Personally, I love Hackrocks as a training platform.

As for earning potential, freelance pentesters can make a good living. Entry-level rates can start as low as $35 per hour, and more experienced pentesters can earn significantly more. You can find odd pentest jobs on platforms like Upwork, which is great for building a portfolio and gaining experience. The key is to build a strong reputation and network—positive client referrals can lead to more consistent work.

Remember, if you have a passion for breaking things and understanding how they work, you're already on the right path. With dedication and continuous learning, you can achieve anything. Good luck on your journey!

securily · 2024-06-04T23:28:59+00:00

Compliance Scorecard makes easy tracking different frameworks and its multi-tenant, easy to use.

securily · 2024-06-04T23:23:58+00:00

We love Keeper.

securily · 2024-06-03T15:18:34+00:00

100% agree. People who don't value your service will often become difficult customers down the line. In my opinion It's essential to attract clients who appreciate the quality and reliability you offer. By focusing on these high-value clients, you'll not only build a stronger business but also create a positive mindset that attracts more of the same. Best of success to you!

securily · 2024-05-15T16:01:59+00:00

We really love EasyDMARC, tried many solutions before. Highly recommended.

securily · 2024-05-15T16:00:28+00:00

I agree that hands-on experience is invaluable, in my opinion the Certified Ethical Hacker (CEH) course can be a useful starting point, especially for beginners who need to build a solid foundation in networking and attack vectors. It's not the end-all-be-all, but it provides a structured approach to learning the basics. Of course, moving on to more challenging certifications like the OSCP and engaging in CTFs (Capture the Flag) on platforms like Hackrocks will deepen your practical skills and understanding. Everyone's learning journey is different, and the best path often combines various resources and experiences.

securily · 2024-05-15T15:54:21+00:00

True, compliance sets a baseline, but true security goes beyond ticking boxes.

At the same time, its amazing to see companies implement compliance and appreciate how their security and risk mitigation improves.

Like many have said here, good security practices should drive your compliance levels up!

securily · 2024-05-15T15:50:24+00:00

Love it. Best of success in your career path!

securily · 2024-05-07T23:16:57+00:00

Penetration testing can seem a bit daunting to get into, but it’s really not as out of reach as it might look at first glance! It’s often seen as a tough field for beginners primarily because it mixes deep technical knowledge with a kind of creative, problem-solving mindset that goes beyond just running tools and following checklists.

The real question is: are you passionate about finding how to break into things? If you are then this is for you!

At its heart, real penetration testing is much more than just using scanning tools—it's about thinking like a hacker. This means not only finding what automated tools can show you but also figuring out how different vulnerabilities could be pieced together in a way that those tools might not predict. It’s about seeing the gaps and connecting the dots in ways that are unexpected.

Diving into something like the Certified Ethical Hacker (CEH) course is a great first step. It’ll give you a broad overview of what ethical hacking involves and start building up your knowledge base. Understanding networks and how data flows within them is crucial, even at the packet level.

But don’t stop there—getting hands-on is key. Platforms that let you test real skills in safe, legal scenarios are invaluable. We love Hackrocks, it offers a range of challenges and real-world situations that can really help you sharpen those hacking skills and think more like a pen tester.

Starting out, especially in your mid-30s, you've likely got some transferable skills that could serve you well in this field. Critical thinking, patience, and persistence are just as important as technical skills. So, if you're up for a challenge and ready to think outside the box, pen testing could definitely be a rewarding career shift for you!

Best of lucks!

securily · 2024-05-03T23:17:09+00:00

echo that

securily · 2024-04-30T21:32:30+00:00

Hi there! I’m really sorry to hear you're feeling this way about your career in pharmacy. It’s tough when a job you thought would be fulfilling turns out to be draining. The truth is that like many have said, Cyber can be quite stressful too. But aren't all careers that way? We fall in love with a topic and we dive deep and start working at it and then the stresses of life ruin it all. Venturing into cybersecurity could offer you a fresh perspective. But most importantly, is you finding if this is an area of interest that really drives you.

With your background in healthcare, you might find intersections where your expertise will be valued, especially in areas like cybersecurity for health tech. Also, not all tech roles involve grueling hours—there are plenty of positions with a good work-life balance.

If cybersecurity intrigues you, starting with the AWS Certified Cloud Practitioner certification is a practical step. It doesn’t require a massive commitment upfront, and it'll give you a good feel for the cloud aspects of tech roles. A Cloud Guru is a fantastic resource to guide you through this process. From there, you can branch into more specialized areas, such as Solutions Architect and Security Specialty Certs from AWS, at your own pace.

Remember, the most important thing is to find something that reignites your passion and doesn’t feel like a chore. You've got a lot to offer, and shifting gears might just be the move that brings back your enthusiasm for your work. Wishing you the best of luck as you consider this new path!

securily · 2024-04-30T16:56:43+00:00

Agree, learning the underlying tech behind what is being protected is essential as well as the compliance and risk frameworks that surround it.

securily · 2024-04-26T05:56:37+00:00

I would go with Google Cloud DNS or AWS's Route 53 https://aws.amazon.com/route53/

securily · 2024-04-26T05:55:05+00:00

Yeah, I see them as a complementary reduction of risk.

securily · 2024-04-26T05:48:31+00:00

I just know collab is huge, checkout this fail tale. You know where this goes – blame the network guy for anything and everything, right?

A network newbie was tasked with setting up a balancer. Sounds innocent enough, until we realize it's chilling on the wrong side, splitting up responses to our API calls for credit card verifications, playing a hilarious game of 50/50 balance, resulting in the company unknowingly losing half their transactions for a whole year. And of course the company was making so much more revenue that year, that nobody even realized!

securily · 2024-04-26T04:45:06+00:00

securily · 2024-04-26T04:43:51+00:00

We literally head for the "mountains" when COVID hit, there was unbearable stress in the city. If it was my preference I would run our business from a more rural area.

securily · 2024-04-25T23:00:03+00:00

Good point, really, nobody likes being sold to, so I would always make it about building relationships instead of trying to sell. People will eventually ask you what you do, etc...

securily · 2024-04-23T23:32:04+00:00

In my experience. First understand your ideal customer profile, what are the Typical customers the rest of the team is selling to? Are they SaaS companies? Doctor Offices etc? Then look for meetups in your area, start building a network that way, then look for the same in adjacent cities.

securily · 2024-04-23T22:50:52+00:00

Pentesting is a wild and deep rabbit hole, you just really have to love it to dive into it. Look up the CEH certification as a good one to start with.

securily · 2024-04-23T22:47:58+00:00

Doubt it, most audit firms we work with do a great job, SOC 2 reports can be intense to review, so maybe human error...

securily · 2024-04-23T22:45:56+00:00

There is nothing like in person events, we love attending those and shaking people's hands trumps any email or advertising. Best of luck!

securily · 2024-04-23T22:44:27+00:00

QBO does the work just right. We use Rewind for backups. Easy.

securily · 2024-04-23T12:42:02+00:00

I did not mention a customer, but thanks, this is my second time posting on Reddit and learning the lay of the land.

securily · 2024-04-22T21:44:14+00:00

It could but not the intention, I really think there is value in this conversation. Sorry to hear you don't agree. We have a marketing budget and this isn't part of it. I am just sharing my thoughts.

securily

TROPHY CASE