Filter

How did you become a Penetration Tester?

19 Aug comments

I am Chintan Gurjar working as Assistant Manager of Cyber Security division for an MNC (consulting firm) in New Zealand.

My job role is to focus on penetration testing, red team testing and vulnerability assessments and cyber security maturity assessment projects.

I am passionate about IT and cyber security and with this passion I have been publishing articles in a range of high profile global cyber security publications such as PenTest, Hakin9, e-forensics magazines.

 

What steps did you take to land in your present job?

steps Chintan to land as a penetration tester in KPMG
How I found a job via LinkedIn?

 

Who is a Penetration Tester?

In simple definition, an authorized person who can penetrate everything that falls under IT and IT security directly or indirectly is a penetration tester.

In other words, penetration tester is the guy who breaks into system, web applications, hardwares, human mind, etc., to gain access of it.

 

What motivated you to become a hacker?

All of it got started during my graduation, where few information security celebrities came to take seminar and workshop on ethical hacking. I was totally amazed to see the magic behind hacking and felt how cool it was. Therefore, that motivated me to become a hacker.

 

What do you do and how do you do it?

Being on a managerial level, there can be range of variety tasks I have to perform. In single sentence, all I can say is I have to fulfil client’s requirement with best quality delivery. A client can come to us with any kind of security requirement and being a well known vendor in the world, we have to fulfil it. Majority of my work area is mentioned below:

  • Plan, manage and deliver a range of penetration testing and red team testing exercise.
  • End to end project delivery to client.
  • Coach, develop and support other team members.
  • Contribute to the cyber security team and wider IT advisory practice development and foster cooperation.
  • Web application security assessment
  • Infrastructure penetration testing
  • Mobile application security assessment
  • VAPT (Vulnerability Assessment and Penetration Testing)

 

What’s your advice to your younger self?

  • To start your career with cyber security, you must have basic knowledge of networking, web application and server functioning.
  • You must develop destructive mindset to think about all possible cases of breaking something (system, network, web, etc.)
  • Enter into this field with positive attitude of learning every day. Range of new things, knowledge, news will come every hour and possibly minutes.
  • You will have to require lot of reading to cop up with the world of security.
  • Be patient. Most of the times when you try something and don’t succeed hacking them, do not lose your patience. Therefore, keep trying, harder and harder.

 

What do you love about your current role?

  • Demand in future.
  • Contact with new people (clients and competitors) in the industry.
  • Meeting good hackers in the world wide conference.
  • Satisfactory payout.

I love this field, because this has given me status in the society including money.

 

What are the challenges you face in your career?

Challenges are the part of any job role.

They vary from company to company, project to project and client to client. Hence, that cannot be formalized.

 

What type of security analysts will be high in demand in the near future?

Malware researchers and security researchers who wants to work in Artificial intelligence and machine learning will be in very high demand in the near future.

 

Can you please summarise your career journey?

 

What sort of experiences helped prepare you most?

Choosing a post graduation from London helped me to gain the real world technical skills of penetration testing.

Course content and professors were highly technical and with the best industrial experience in security.

Therefore, that knowledge helped me to crack the first interview of my security career. As we all know, in information security industry it’s hard to get your first breakthrough being a fresher. Hence, I utilized and enhanced my post graduation knowledge in such a way that it helped me to get a first breakthrough in the industry. From there it was never stopping back for me.

 

How do you like to spend your free time?

Reading about latest news and trends in security through twitter and some other web resources. I also like to play with hacking toys followed by a good write up on my blog regarding it.

 

What are the skills and education required to be a Cyber Security Analyst in 2020?

It is too hard to assume the cyber security market of 2020, because every minute there is something new coming up in this industry. However, few things which never died as of now will still continue to be the most important basic education by 2020. Few of them are:

  • encryption
  • maths
  • cloud computing
  • big data
  • machine learning
  • artificial intelligence
  • assembly language

 

What are some alternate career options for a Cyber Security Analyst?

There are range of job roles depending upon companies and their needs. Few of the common around the world are:

  • Penetration tester
  • IT security auditor
  • Security engineer/architect
  • Security analyst/consultant
  • Chief information security officer

 

What do you think potential recruiters look for in a fresh Cyber Security Analyst?

There are two aspects here.

Product based firms – It depends on the company product, the nature of product and how they want security to be implemented in that. Hence, recruiters will analyse the need of the security for that company and if it matches they will be shortlisted.

 

Consulting firms – Recruiters in consulting firms are keen to know whether you are jack of all trades or master of one. Involving consulting nature with clients and other vendors, it is always a good quality to be able to do more than one thing.

 

For example, a guy with best web application security hacking skills and another guy with average web application security skills with network and mobile app security skills and having background knowledge of IT security audits. Hence, considering these two candidates, the 2nd candidate will be shortlisted than first.

 

How do I know if a career as a Cyber Security Analyst is for me?

There are no eligibility criteria.

If you feel you are capable of thinking out of the box and capable of learning so many things at one time, you are welcome to this field.

Degree adds value to your work, however it is not mandatory. I do not hold a single security certification in my career as of now.

 

Any recommended resources for students who are interested in Cyber Security?

Few of the good resources are mentioned below.

 

What do you think everyone leaving higher secondary school should know?

  • Play with codes.
  • Keep a grip on python language.
  • Have basic amount of knowledge of every language, their structure and their server.
  • Learn about OSI layers, security, networking TCP/IP.

On the other side, it’s all about your interest and passion.

If you have interest in cleaning, then you won’t feel any regret doing that because you will do with your all passion and that’s something you are liking it already. Therefore, if we start a business or pursue career in something, there are no solid ways to calculate your future regrets.

Hence, ups and downs come your way, but you have to overcome and keep on walking your path. That’s the only tip off.

 


Thanks for reading! 🙂 If you enjoyed this article, leaving your comment below would mean a lot to me and it helps other people see the story.

If any of your friend is considering a career in a similar area share this with him/her.

You can read more real career stories here.

 

explore careers


Comments