Welcome back to Pentester Diaries. For this week, we wanted to take a moment to look back at the past six episodes and explore some of the main takeaways from those sessions.
From day one, Pentester Diaries has set out to start a conversation around the world of pentesting. Over the course of our first six episodes, we have touched on a variety of topics and resources related to this profession, which have ranged from exploitation techniques to daily routine tips. One key element that has been present in each episode is the importance of continuous learning.
As the growth of technology continues to expand the threat landscape, the playground for attackers only increases. For pentesters, this means there is a need to keep a pulse on new developments and continually push their skills. With this in mind, Pentester Diaries is here to keep feeding that knowledge by introducing different perspectives and learnings to help professionals on their pentesting journey.
Let’s explore the importance of continuous learning by looking at a few takeaways covered in the podcast:
Learn something new every day.
In one of the first episodes, Harsh Bothra walked through different 2FA Bypass Techniques that he developed during his Learn365 challenge, a repository that he has built on his mission to learn something new every day. Harsh encourages fellow pentesters to develop their own learning systems and never stop tinkering. Learn more about 2FA Bypass Techniques and his Learn365 challenge in the full episode here.
Implement time management into your routine.
As a pentester, the amount of information to learn can seem endless, and it’s crucial to manage your time in an effective yet healthy approach. If you try to learn everything there is about pentesting you likely burn out. In Ep3, Matt Buzanowski offered tips on how to optimize one’s routine by automating repetitive tasks and using scheduling apps like Trello. Leveraging these kinds of tools gives your time back to focus on what is really important— pentesting. Check out more time organization tips and how to avoid burnout in the full episode here.
Understand how applications work from a business logic perspective.
Maintaining a proper schedule builds a stronger understanding of how an application works that can give you creative ideas on how you may be able to exploit it in a way that truly impacts the business. Dan Beavin explained that in order to find some of those business logic impacts, it’s important to build strong communication skills with the users, who can be a great source for improving the application. Learn more in Ep1 about Understanding Business Logic here.
Stay up to date with the growing threat landscape.
Technical knowledge sets the foundation for pentesting, but it shouldn’t stop at the fundamentals. It’s important that pentesters harden their technical knowledge by learning the latest attacks as the landscape is always changing. In Ep4, Shashank Dixit explores going Beyond Security Hygiene in the full episode here.
Sharpen your soft skills.
Pentest learnings are not limited to just technical abilities, it’s also about growing your “soft skills.” Pentest Research Manager Robert Kugler and Sr. Technical Writer Grahame Turner explained how pentesters can approach report writing with a new perspective and to think of it as another way to showcase expertise. Strengthening report writing skills creates a more well-rounded profile that can add value to a pentester’s growth. Learn more about the pentest report process and writing tips here.
Learn through collaboration.
Continuous learning is not a solo act but a collaborative effort. Pentesters at Cobalt see the ability to work with other pentesters and customers as an essential building block in their professional growth. In Ep5, Joan Bono talked about the importance of understanding severity scores and why communication with teammates and customers should be part of the process when making that determination, check out the full episode here.
The action items mentioned above: managing your time in a healthy manner, honing your technical skills, working on your soft skills, growing with others, and learning something new all contribute to the development of becoming a more well-rounded pentester. This maturity builds over time and culminates in a professional profile that we are proud to say embodies our community. Interested in learning more about our Core Community? Explore more on our website.