We caught up with penetration tester, John Treen, to chat about his cyber security career and why it's good to be geeky.
Having been a penetration for over 2 years, John gives the low down on a career in cyber security.
How would you describe what you do?
I currently work as a penetration tester. Penetration testing involves lots of different engagements, so it's a really varied role. Pen testing is essentially ethical hacking. It's all about trying to get full control of a network, by gaining access and privileges and then informing a business on how to improve their security measures. As a penetration tester, success is all about looking for weaknesses which someone working in an unethical way might be able to exploit.
What's your Day to day role like?
Day to day, you could be working on external or internal penetration tests either on site or remotely. So for example, at the moment I'm working in a red team which means i'm working with a group of ethical hackers to simulate attacks on businesses and test how equipped they are to deal with cyber attacks. It's interesting because we often keep our work quite secret and don't tell people within the business about it - this allows us to get a realistic overview of how a company's security team are performing.
Day to day, I will usually be working in a team creating simulations. So for example, we send out phishing simulations where we select a sample of employees and send a phishing email to see how people respond. From this, we can monitor for clicks and see if people are downloading malware and picking up infections. We can then make suggestions on how to improve security measures.
What are the common flaws in security that you see?
People are complacent when it comes to cyber security and the biggest weakness to a businesses security is usually the people they employ. For example, people not being aware and writing their passwords down in silly places or not being aware of how secure they are when they're online. For that reason it's quite a people-focused role - you're always looking for holes in a company's security and often human error plays a part in that.
How did you get into cyber security?
I went to university and did a physics degree and then went on a grad scheme in penetration testing. When I began my penetration testing career, I had no experience in the field but my enthusiasm for tech helped me land my dream role. I had no experience in it but I developed an interest and followed it.
See also: how to break into cyber security
What's the best part of the role?
The variety. There's lots of different types of work and different clients so it's always changing. I work on a project for around a week or so, so I never get bored. Of course, the length of your post changes depending on the role you do - my engagements are around a week but the rest of the cyber security team's projects would be a bit longer.
What advice would you give to future ethical hackers?
To be a good ethical hacker you need to be curious and persistent - those are the two secret ingredients. Also, there's a lot to be said for being passionate about tech. I would recommend having a good grasp on cloud computing as it's going to be big and is going to change how we do things in business in general and in cyber security. My advice would also be do a lot of research into cyber security and keep up to date with the latest vulnerabilities and techniques.
Would you recommend ethical hacking as a career?
Yes - it's really fun. A career in penetration testing offers a good variety of work and a chance to be a little bit geeky. There's a big need for ethical hackers and penetration testers - it's quite a small community and there is a strong demand for it. Especially in the current climate, there is always going to be the need for penetration testers and cyber security experts. It's quite fulfilling too, when you're successful on a project it's really rewarding.
If you want to follow in John's footsteps and gain the qualifications to become a pro ethical hacker, then take a look at our cyber security courses or speak to a specialist learning consultant today.