3. Early Career Options?

Early Career Options?

6 guys working 40 hour weeks is just under two months of man hours each week, which is proving my point. During that time, how many tasks were menial tasks that could have been done by an entry level person that has a solid background from self study? If it takes your entry level person twice as long to do a task as the senior level tester, you're still going to save 30k an hour.

The entry level person isn't meant to actually attempt the pentest. They're job is to perform the recon and to help with the reporting. They don't need to answer on the spot questions from clients, they need to be able to understand the question and then the response from the senior consultant. If you're only hiring people that know everything about everything, you're not going to have many people available. Most questions asked during a pentest are asked during every other pentest, so an entry level person would have plenty of time to learn how to handle questions fielded by the client.

Bullshit. If they are on site and are a "consultant" they are suppose to be "CONSULTING". They shouldn't even be there. It sounds like you are one of those noobs and are trying to argue why you should be pentesting. It's just sad. If a customer asks a question about anything security related, they should know the answer. And it truly shows you don't know what you are talking about when you say most quesitons asked during a pentest are asked during every pentest. No their not. If they are, you are doing it wrong and aren't actually finding real risks. Running a vuln scanner and popping that into a report isn't a pentest. Trying to learn how to answer questions without actually learning the material is like studying for the questions on a test without actually know the material. But hey, I guess that's how your shop runs things. Maybe that's why you only have 6 guys who are probably all like you, noobs.

If it is a one week assignment that is 1.5 months. Not multiple months. That is extremely rare to even see 6 guys on one test. We've done class B networks for companies that are huge and still only have 3-4 guys at most and it was plenty enough. Additionally, you won't have entry level people with ZERO experience doing any tasks. It's retarded as any senior level guy who actually knows how to test and multitask can handle that. That means you actually save money and you won't have some moron with no experience bringing down networks because they thought they knew something. Sounds like you waste a ton of time. Entry level pentesters that have ZERO experience shouldn't even be hired much less on a customer site even if they are doing stupid tasks they have no idea about. Training on some "home network" doesn't qualify you for shit.

Also secureworks is shit. Have a friend who was in charge of their pentesting team for a short time and laughed it off after getting there, then he left. KPMG lost all of their guys minus 2 testers less than a year ago. They also don't do it that way just a FYI. Nobody is going to send you and 10 other noobs to a customer site. That customer would be pissed if they knew how much they got screwed because 10+ guys who don't know anything about customer enterprise networks aren't going to find shit by blindly running tools.

It's actually quite sad but hey, keep telling yourself whatever you want, it's obvious from others on here that they aren't getting jobs with no experience. Actually maybe your team is the exception as you clearly know what you're talking about with all your experience from your home lab. lol.

/r/AskNetsec Thread Parent
Previous
Next

Recently removed from /r/AskNetsec

Pentesters, what web vulnerability scanner do you use? Web App Pentesting Career Path Is a "security engineer" = a software dev focused on security or is it something uniquely different? What subjects would you take in hackerschool? Most reasonable way to protect Windows laptop from BadUSB? Your recommendations, I have an opportunity to learn netsec but I am at the starting line. I will be traveling to one of the countries hosting a great firewall, will only be using my phone to access anything. What kind of modifications and precaution should I be taking to protect myself from both of privacy and security perspective? Anyone interested in Advanced WiFi Pentesting Webinar? if net neutrality fails, could an online company provide a "neutral net" loophole? GCIH - using braindump questions to test my knowledge. Good or bad? Let's say you find an exploit in a vendors application. What's the best way to inquire about a bug bounty if one isn't already listed? Minimum Requirements For Entry Level Pentesting Job Can someone recommend how I can get into malware research/reverse engineering? Security clearance question What can a script kiddie do?

More Random Comments

is this a scam? Activision’s active player base falls below 100 million for the first time since 2019 02 August 2022 - Daily Chat Thread Q: Rude Customers California declares state of emergency over monkeypox outbreak Tag your favourite or hated r/nepal member here Conservative veterans, how do you feel about continuing to vote for republicans after their rejection of the burn pit legislation? exorcising disorder How to be petty to family. Would you chose Bernie or a different progressive in a potential 2024 primary? I’m completely over meditation. Scientists reveal distribution of dark matter around galaxies 12 billion years ago–further back in time than ever before Women marines, how common is sexual assault in the marines? Shocked to learn about daily reccomended amount of sugar maybe this sub would be better if half the content wasn't relegated to a dead superthread.