To assist you find clever, practical, trustworthy, and inventive people to penetration test and Hiring Pen Testers your company, ZDNet spoke with some of the best pen testers, organizations, and teams in the business.
To help you find sharp, practical, reliable and innovative professionals to test your business, ZDNet has spoken to some of the best pen testers, organizations and teams in the industry – and we’ve provided their advice on ten rules to find out when it’s time to attract professionals.
Intrusion testing is an important part of strengthening and maintaining network, IP, and physical security, but as we’ve found in many interviews, it’s not easy to set up. Petering allows professional pen testers to test and verify that new and existing systems, networks, applications, and security measures prevent malicious hackers from gaining unauthorized access. sold, irresponsible and negligent.
Today’s attackers are cunning, creative and out of control. Here are ten things you need to know to hire the right pen testers.
Table of Contents
STRONG COMMUNICATION Skills
SPECIAL FUNCTION
Computer security in the Snowden era
Computer security in the Snowden era
Edward Snood’s revelations shook the world of government, global corporations and technology. If we look back on ten years, we expect it to be the biggest story of 2013. Here we look at the residual impact as well as IT security and management best practices. Risks.
The Neohippies security advisor explained why. “Technical skills can always be taught and improved, but good communication skills are difficult to acquire. ”
During the interview, I ask the candidate to explain the various weak points to me as if I were not a technician. He must be able to explain concepts in different words and orally.
The tester can find critical application in the penetration test, especially technically, but if he cannot fully explain and explain the risk, the customer will have no idea of its value or significance.
Network, IP, and physical security are all vitally important, but hiring penetration testers isn’t easy. Allowing professional pen testers to test and verify that new and existing systems, networks, apps, and protections don’t allow malevolent hackers illegal access varies from razor-sharp, thorough, and useful to oversold, reckless, and careless.
1. Excellent Communication
The Edward Snowden revelations shook governments, businesses, and technology. We expect this to be the biggest story of 2013 in a decade. Here’s our take on the consequences and best practices for IT security and risk management.
In fact, Ronnie Flathers, associate security consultant at Neohippies, told ZDNet that communication was a pen tester’s “most vital attribute.” The ability to easily switch from detailed, technical discussions to high level concepts depending on the audience is the most valuable talent a penetration tester can have.
2. Secret Sauce Consultants
Examine your prospects’ technical knowledge. The Trustwave’s Dixit said, “We look for pen testers with extensive understanding of enterprise development framework, networking protocols (MIT, ARP spoofing), database systems, scripting (ruby, python, Perl, etc.) and important security toolsets.”
Mr. Amit of Bioactive underlined the need of asking about technique. “A pen test isn’t a one-time deal based on chance and magic.”
Pen testing is a peculiar gift, but blind faith is not. “If the report does not provide clear information on how to replicate the issue, and recommendations on how to limit the risk connected with the issue, better find another service provider,” Mr. Amit said. “A finding that isn’t repeatable is most likely a false positive.”
3. Participate In Security Community
What do all these hacker conferences in the news have to do with your company? Everything. And it’s where the people are who can save your firm from becoming the next major security breach of the week.
For a number of reasons, you should engage the security community before hiring a pen tester in Antwerp.
Trustwave’s Sameer Dixit told ZDNet that employers should join local information security chapters and open-source security tool development groups like GitHub or OWASP. The InfoSec community can help organizations identify top pen tester talent and create relationships with possible recruits.”
4. Reputation Matter
Recruiting pen testers may feel like hiring the most dangerous people and providing them a map of your company’s weaknesses. That’s why reputation matters. The different community conferences are the best place to measure the reputation of the individuals and teams in pen testing.
5. Technical Acumen:
Technical interviews (or lab tests if available) are crucial to verifying a candidate’s expertise.
The Senior Manager of Dell’s Red Team hires pen testers. His advice is to ask if a candidate has technical qualifications and if they are entry, mid, or advanced level. “Candidates with an Offensive Security OSCE or SANS GXPN certification immediately gain my interest,” he stated.
“For candidates who spend most of their time defending assets, their knowledge with tools is generally limited to launching scans and analyzing data,” Robitaille said. A smart penetration tester, on the other hand, employs tools to speed up testing yet can do it without them since they understand what the tools are doing.”
6. Recent Experience
Neither the companies nor the individuals we interviewed encouraged hiring pen testers without prior experience. No one coming out of hacker school is going to acquire a top job here. Dell’s Red Team Senior Manager disagreed. When employing a pen tester, Robitaille advises hiring someone who has “prior penetration testing experience.”
Several directors felt a pen tester with “administrative experience” is essential.
In attack simulations, Robitaille believes that seasoned defenders (the “blue team”) produce superior attackers. “The finest pen testers at Dell SecureWorks and other companies have managed networks, systems, or developed apps.”
7. Hire Passionate Hacker
Hiring a consultant who isn’t passionate about their field, or the culture, is a formula for catastrophe. “I start at the bottom of the résumé because it most often informs me what someone chooses to spend their time on, vs what their employment urges them to do,” Robitaille tells ZDNet. “Knowing they value penetration testing alters how I regard them for the rest of the process.”
8. Ready to Go Off Script
Most organizations ranked “creativity” as the best pen tester trait. “No two engagements are ever the same,” said Ronnie Fathers, a Neohippies associate security consultant. Even the same vulnerability in two situations can be vastly different, yet the attack method rarely is.”
