The Mindset of a Penetration Tester
“We break computers, making them do stuff that their designers, implementers, deployers, and system administrator didn’t plan on them doing.”
– Noted penetration tester
A penetration tester job and task, is discovering flaws and weak spots that could let attackers to do malicious things on target machines, so that vulnerabilities can be fixed and resolved before mayhem ensues. However, to effectively accomplish that goal, penetration testers must continue to keep a mindset that includes two ofter-contradictory concepts.
First, a penetration tester must be flexible and pragmatic, thinking outside of the box. To be successful, you’ll require to think differently that most traditional and standard system administrators or network administrators, making the effort to solve problems in often-untraditional ways.
Yet, at the same time as you wield your pragmatic style, you have to be detailed, methodical, and very careful. Your work, to be helpful and useful, must be comprehensible and reproducible so that the target organization can understand its vulnerabilities and risks and take action to mitigate the flaws. You need to take great notes and generate a high-quality report that shows your findings in a understandable form for people who don’t perform penetration testing or ethical hacking professionally – people who may not share your pragmatic, think differently mind-set.
Some people struggle with this mindset, erring by letting one side to dominate over the other. However, many people are able to resolve this conflict between these two mindsets, levelling and balancing them. To be a effective penetration tester, we need to strive for this balance.
Remember successful penetration testers must maintain a mindset that involves two contradictory concepts:
- Think outside of the box, be pragmatic, do things differently
- But, at the same time, be detailed, methodical, and careful, take good notes, make your work repeatable
Balance between these two concepts is crucial for success.