27 August 2019

Pentest career myth-busting

Are you looking to develop a pentest career? One of our latest additions to the IRM technical team, Matthew Twells, has put together some advice for those looking at joining the pentesting industry.

“Don’t you guys earn, like, £45k straight off the bat?”

Pentesting has a better starting salary than other career choices (around the £30-35k mark for little experience/clearance) but it’s a trade like any other. Higher salaries are realistic, but will have to be earned through experience and future certification attainment. You need to put time and effort into the job to get better and earn your potential.

“When do I stop learning?”

Literally never. If the idea of going home and learning to do something cool on your laptop or trying something you saw and half-learned off YouTube and potentially frying your VM (I definitely haven’t done that before multiple times…), then a pen test career is the wrong career for you. Spending your spare time learning, practising and researching is expected. As you grow in seniority, this should be something that attracts you, rather than something you tolerate.

“I got X, Y & Z certification, but I can’t get a job!”

There’s a good chance that there’s a heavy lean on your CV towards certifications or non-pentesting specific experience on your CV and that is what’s making employers a little jumpy. You can close that gap by learning to do the stuff your job won’t let you do by setting up home lab equivalents. Put time into one of the many CTF/pentesting practice websites like Immersive Labs or HackTheBox – this experience all counts now!

“I have no idea how to write a technical CV!”

Honestly, me either. My advice to everyone is to have a professional company write yours for you to make sure it sails through Applicant Tracking Systems (ATS). These are the robots that some HR departments use to slice down the amount of applications that they get by keyword searching amongst other filters. Your mate might have a really cool-looking one he copied off a website, but does it have the right content?It’s sometimes worth shelling out the money to hire a pro to write your CV along with a solid cover letter.

“I haven’t got clearance!”

It doesn’t matter. Most companies that need it are aware clearance is somewhat of a rarity and will likely put you through it.

“I can’t program!”

That’s fine to start off with, but I would highly recommend jumping on a free service like Sololearn, Codecademy or a cheap Udemy course in Python to start learning as soon as you can. Even a basic command of a scripting language will make your job easier in the future.

“What salary do I ask for?”

This is one guys and girls make way more complicated than it needs to be. Put the job you’re applying for into GlassDoor and compare it with what you want to make and take an average = there’s your number! If they give you a salary range, then just ask for the top end and you can always negotiate down. If you think you’re worth it, or you think you’re not….you’re probably right.

Are you looking to develop a pentest career? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.