insights

A day in the life of a Penetration Tester

February 9, 2020

Working as a tester really keeps you on your toes. The technology used in the apps and infrastructure being tested can vary wildly, requiring a comprehensive knowledge spanning all the technologies out there. This can add some engaging variety to the role, and demands the development of separate skill sets for different types of testing, such as the differences between working on infrastructure versus applications. It is key as a tester to keep on top of the current security landscape and always seek to advance your skills and knowledge in all areas related to the field. Although challenging at times, I find it to be a very rewarding aspect of the job as I need to understand the workings of a client’s app as well as, if not better, than those who originally built it if I’m to effectively identify vulnerabilities within its structure. This often involves trying to think of ways to use its functions in an unintended manner. I’ve always found this similar to trying to solve a complex puzzle. It is one of my favourite parts of the job. It challenges me to think creatively if I am to identify all potential vulnerabilities within the scope of the testing.

At 6point6, we have a dedicated and experienced team of testers, and we regularly engage with each other to provide assistance if required. I enjoy the collaborative nature of how the team operates in and outside of a client engagement. We work closely with the Cyber Lab too. They have developed tools for the testing team to use in the field, as well as working together to build out additional penetration testing infrastructure. This helps give us an edge over some of our competitors. I think we’ll be able to leverage the Cyber Lab’s research in the future to ensure our testing methods stay ahead of the game, which will help me as a tester and our client’s too.

I would say the most important aspect of my role as a Penetration Tester is client engagement, as this is the part that is often undervalued or overlooked compared to the technical skills required to perform the role effectively. As a Penetration Tester for 6point6, I generally spend the majority of my time on the client’s site for whom the test is being performed. It is my responsibility to liaise with the client, to understand their requirements and set expectations, as well as establish the scope and parameters of the test. Once I have performed the test, another key part of the job is the reporting process during which I generate a detailed document in which I present my findings to the client stakeholders and technical staff, including recommendations for remediation. I enjoy this aspect of the role. It is where 6point6 Penetration Testers are encouraged to add value to the client.

For more information about starting a career in as a Penetration Tester with 6point6, get in touch with recruitment.

Ryan Devitt

Ryan Devitt
Penetration Tester