• Cornelius_Wangenheim@lemmy.world
    link
    fedilink
    arrow-up
    157
    ·
    3 days ago
    1. No one’s hiring you unless you have an OSCP or similar certification.
    2. A real pen test will set off all kinds of alarms.
    3. You don’t get paid until you deliver a 100+ page report detailing what you did and your findings.
    • ameancow@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      ·
      2 days ago

      You’re implying that people who post on 4-chan have no clue how the real world works and no idea what business is like and how people make money!

    • Echo Dot@feddit.uk
      link
      fedilink
      arrow-up
      30
      ·
      2 days ago

      You hope it’ll set off alarms. Sometimes it doesn’t, mostly because they don’t have monitoring setup.

      • Cornelius_Wangenheim@lemmy.world
        link
        fedilink
        arrow-up
        21
        ·
        2 days ago

        Pen tests aren’t cheap. Even basic ones are ~$20k. There’s only 2 types of companies that bother with them: ones that care about cybersecurity and ones that have to do it for compliance (PCI/CMMC/etc). Both will have some kind of IDS and a SIEM.

        • Echo Dot@feddit.uk
          link
          fedilink
          arrow-up
          1
          ·
          2 days ago

          That’s what happens when you do off the book stuff on company time. Got to organize yourself better.

    • Captain Howdy@lemm.ee
      link
      fedilink
      arrow-up
      23
      ·
      2 days ago
      1. Most folks dgaf about certs, and I agree with them. Certs are BS. I only have certs because employers paid for them and in tech (especially security) there’s a LOT of free time if you know what you’re doing. Certs only prove you can pass a test.

      2. Bold of you to assume most companies have intrusion detection systems and that their monitoring isn’t muted half the time.

      3. Findings come from an automated report generated by a scanner that does literally all the work.

      OP post is really not that far off. It’s an easy gig.

      Source: I’ve worked on both sides.