Thursday, June 11, 2015

I Have the Best Offensive Penetration Testing, Ethical Hacking Jobs in the Industry

Yes, that is an aggressive title and I'll live up to it!

If you currently do penetration testing work in a business environment and your assignments are driven by regulatory compliance, you’ll want to keep reading.  Yesterday, I went to a key person within my client’s company to ask him a few questions. I know that he is sitting on the best Penetration Testing Jobs in the industry but I wanted to know more about what I could share with prospective candidates.  Here you go:

What drew you to the company?

I had a good job and was in the middle of a promotion to a director position, and didn't think I was open to new opportunities. But, when I heard what this company had to offer, I couldn't resist. I had been working primarily with clients who cared more about compliance and checking a box than about achieving real risk reduction and making it harder for adversaries to break in. This company offered a chance for me to up my game and simulate a higher class of adversary.

What Keeps You At This Company?

This company thrives because our clients expect us to provide best-in-class offensive security services.  This means that our team is constantly forced to innovate and come up with new exploits, tool sets, and attack methodologies that enable us to stay on the cutting edge. This means that there's an ever-present drive to improve, and our team is made up of people who succeed in that environment. I thrive on challenges and being in just a little bit over my head.  My current role pushes me to improve and keeps things interesting. It's not uncommon to turn to a colleague in the middle of a project and say:

"Can you believe we get paid to do this?"

What makes Your Company Unique?

"Penetration testing" means a lot of different things to different people, and the introduction of penetration testing requirements into various compliance standards such as PCI has resulted in the overall commoditization of this service. The majority of the industry is racing to the bottom line and attempting to deliver the cheapest penetration test, and sacrificing quality along the way. 

What Is Your Company’s Mission?

We take the opposite approach. Our mission is to deliver the best offensive security services in the industry, with a focus on sophisticated adversary simulations that allow our customers to improve their ability to prevent, detect, and respond to real-world attacks. This focus on quality means that we only work with clients who really care about protecting their organization; if a prospective client just wants to check a box, they'll go somewhere else. As a result, every person on our team needs to be able to execute at this level -- and we've built an all-senior team capable of doing just that. Most of our people are here because they got tired of being the "smartest person in the room" at a lower-tier company.

Where Is Your Company Headed In Your Opinion?
We've found over and over again that the right clients are willing to invest to get the best available service.  We’re experiencing rapid growth due to the high demand for our unique style of scenario-based red team exercises. Our leadership team is fanatic about maintaining the expertise of the group and the quality of the service as we grow. Our only limiter at this point is how quickly we can find great people to join us!'s Security Recruiter Blog