Latest news
Raul Siles is a senior security analyst with more than 10 years of expertise performing advanced security services. He is a SANS Institute author and instructor of penetration testing courses, a regular speaker at security conferences and contributor to research and open source projects.In this interview, Raul talks about unusual and interesting situations he encountered while working as a penetration tester, outlines practical tips for those interested in a penetration testing career, lists his favorite tools, profiles his upcoming training workshop at SANS Secure Europe 2012, and more!
A great deal of newcomers to the information security field are fascinated by penetration testing. What advice would you give to those interested in making this their career path?
Penetration testing is one of today's cutting-edge information security topics, to some extent influenced by Hollywood, where the main movie character's goal is to break into some IT infrastructure or critical systems to save the world, and also somehow influenced by human nature, considering most people prefer breaking things (if they are given the opportunity to do so) versus fixing them.
After so many years as a professional penetration tester, I am glad I can feel still the excitement of breaking into a new network, system, application, or device, and still have the enthusiasm of discovering new vulnerabilities, and keep my interest on understanding and building new tools. However, newcomers must know this is the grateful part, and penetration testing also involves lots of, sometimes boring, repetitive tasks. You will face multiple disheartening situations where you spend many hours or even days trying to find a vulnerability to get in, and you do not succeed. Almost as you have lost hope of finding anything interesting, you end up finding that key element or flaw that compensates all the tough work.
In order to be a good professional penetration tester (and leaving social engineering apart) it is crucial to possess an in-depth technical background. You must love the technology and always be willing to learn about new things, that is the reason why I like to self-dubbed myself "the apprentice". The more you know and have played and tested how technologies work, the better. It is only through a thorough understanding of how things work, and an insatiable desire of learning all the details, that you will be able to find ways to manipulate them to make them work or behave in an unexpected way they were never designed for. This is the real out-of-the-box thinking and philosophy behind the original and positive hacking term.
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
