Time
48 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
So now we're getting into a little bit of the hard skills, the technical scales and these air. This is a broad list. This is not by any means exhaustive, but again, I've italicized a couple things that I want to touch on
00:11
and the broad technical skills for pen testers. If you need to be thinking about creating new testing methods to identify vulnerabilities, why is that? Because hackers always thinking of new ways to get into assistance. And you need to be thinking thinking about new testing methods to identify the vulnerabilities that exists in the systems that you're fantastic,
00:30
pinpointing methods and entry points that Attackers used to exploit vulnerabilities or weaknesses
00:37
That kind of ties into the first element that I talked about.
00:40
The next piece of I'm gonna jump down to is identify areas where improvement is needed in security, education and awareness for user's. This is an important piece of what you're going to be doing as a pen tester or ethical hacker. You're gonna be taking a look, finding the holes and the potential going back to management or other people that you're working with other departments
00:59
where you're going to be letting them know where training needs to happen,
01:02
especially for end users and staying updated on the latest Mauer and security threats. So, Shane, I'm gonna ask you a quick question here.
01:11
What do you what locations do you recommend on the Web or what other tools you recommend looking at when you're looking for updates on the latest threats for malware?
01:22
Yeah, Thanks. Thanks, Gina. There's ah, always ah, large, vast amount of information available online to everybody for doing security research and staying up to date on everything.
01:34
Uh, the new national vulnerability databases. Ah,
01:38
is one to keep an eye on to stay at the date with new vulnerabilities and music security threats being released exploit dbs another one for finding exploits that are available in the wild. And then, you know, of course, cyber is always a good resource, is well through
01:55
collaboration and working with other other people to stay at the data on the most recent trends.
02:00
One of the other points toe jump out that jumps out on this slide is the second last point about being sensitive. Thio corporate considerations in one of the big things Thio definitely highlight when talking about penetration testing the difference between I guess you could say, a hacker and a penetration tester. Is that
02:20
that authorization piece? So
02:22
when working a pen testing engagement,
02:24
either internal or external, is 1/3 party that that authorization pieces is very important to have prior to doing any type of work. Just so you're covered in just so everything's hashed out to begin with?
02:37
Yes. Fantastic. I know. When we were chatting prior to the women are today you were mentioning that and that is such a wonderful piece to bring to light. You know that you have
02:46
the authorization, the right legally to be pen testing versus a hacker, right? So good. Thank you very much.
02:53
Let's take a look here. Our next piece.
02:58
Soft skills. So we talked about technical skills, a k a hard scales, talk a little bit about soft skills
03:05
and in all cyber careers that we're taking a look at. We looked at the sock analyst weapon are a couple of weeks ago, and now we're taking a look at pen testing will be doing some more in the future. Always gonna need some soft skills and some of the sob skills that we found specifically for pastors are a willingness to continually learn
03:23
public speaking and communication.
03:24
And I don't mean necessarily giving a speech to a large crowd of people. But you're gonna be able. You need to be able to communicate directly with management and the department's or even within your own department report writing. You need to be tracking what you're doing and put it in a format that's gonna be understandable. Not only the technical folks, but some non technical folks that maybe
03:44
out there that you're working with
03:46
being a team player is gonna be important. And there's another piece I wanted to bring to light here. We've done some research here. It's library, and we found that many cyber the students who are part of the inside of pro program
03:58
her honor site in general also body soft skills such as discipline, focus and a desire to assist others. So again, Chino, I'm gonna come back to you. You're on soft skills. Can you tell me a little bit about what you've seen? And Marchal also tap into your knowledge as well? So be ready. What have you seen in the market with soft skills?
04:16
Jane,
04:17
have you seen
04:18
these types of things and more for pen testers?
04:23
Yeah, for sure. I mean, you just reiterate a couple of points that you made. Being a team player is huge. Uh, me. Nine times out of 10 when doing a specific engagement, you'll be working on
04:33
working on a specific team, whether it's internal or external, just collaborating with everybody, doing the specific testing and then working through various positions off pen testing the engagement.
04:44
And some will be more technical roles so that people that are actually doing the,
04:48
you know, testing of a system or your social engineering. But the,
04:54
uh, two points the middle of public speaking communication and report writing our or break points toe to notice. Well, because you have to be able to,
05:02
uh, used to be able to clearly, uh,
05:06
portray and define what what you've done to that specific engagement, how you did it and what you learned and then some recommendations moving forward. So not just
05:15
putting that into a technical report to finalize a pen testing engagement, but also being able to
05:20
talk intelligently about that on Sometimes your audiences
05:26
is not the most technical group it could be some higher level executives or upper management. So you have to be able to
05:32
appropriately communicate that thio sometimes nontechnical audience just so they can,
05:39
uh, completely understand what you've done. Flats to engagement and their steps for moving forward.
05:45
Very good, yeah, love what you say about being a team player, and that's that's huge, I think, in this type of work. Also, obviously, in the stock analysts half a swell mark. Can you add anything? Would you like to add anything regarding soft skills that you've seen?
06:00
Yeah, I just kind of, you know, piggyback on which Jane said. I mean, one of the things that that pen testers do that I think it's tough for a lot of people are interested in. This is because a lot of the people that air technically independent action you're hacking are your typical introverts. So sometimes it can be tough toe talk to the small group of people or a large group
06:20
people.
06:21
For me, it's one of the things that I've always been able to do is just just talk as you guys can tell you're here.
06:29
But you know, one of the things that you know when you're indeed with these executives, and when you're chatting with these higher upset our technical. Sometimes you have to understand what's important to them, which a lot of the times is. How does this affect our bottom line? How does it affect the business? So you have to kind of translate those vulnerabilities and exploits so that they understand that by not catching this,
06:48
you know,
06:49
there is a chance that somebody couldn't find his vulnerability, and it may not cost him anything. However, if somebody does find, as here's, what can happen in here is what they can own, here's what it could potentially cost you some kind of providing that risk management piece of it as well as a lot of the executives and stuff for looking for.
07:04
But a report writing That's a good one. Having technical writing skills the way that you talk
07:13
isn't how you probably want to write a report unless you're like me. I've been told I like to talk this time, which is strange, but,
07:18
you know,
07:19
and I think that cyber he does all that because within this black channels you have the opportunity to balance things off of other students and back and forth of the sense that system in tours and
07:30
no shame. Jane and I. And you know now Joe's involved. So you have a lot of people to run things by hand
07:36
and kind of feed off up. But, you know, and you could go in the soft because I know for me, I'm always available to chat. Even simply wanted to jump on Skype for what's happened. Just practice some of the soft skills. You know, I'm always available for that kind of stuff, too.
07:50
Fantastic. Yeah, that's great. I mean, again, we see we all see this as mentors here on side Jerry,
07:58
the slack tool and other interactions that we have. We find a lot of the students are building the soft skills over time, which you've shared. Wonderful. Thanks, guys. So let's move over. There are up to our next That information

Up Next

Launching Your Penetration Tester Career

In this course on “Launching Your Penetration Tester Career” presented by Cybrary’s own Gina Palladino, you will hear directly from the experts on what it takes to boost your career to the next level. From interview prep to resume writing, expect a thorough overview on how to achieve one of the industries most prestigious titles in cybersecurity.

Instructed By

Instructor Profile Image
Gina Palladino
Adjunct Instructor at Carroll Community College
Instructor