Case study

Penetration tester — Sam Perkins

Sam describes how a passion for cyber security and a proactive nature led him to his dream job as a penetration tester

How did you get into penetration testing?

I knew of the profession from a young age, but assumed it was only the kind of job that exists within the movies and not something I could accomplish. After working as a computer developer for several years after graduation, I took a leap of faith, studied for a penetration testing role and applied for relevant work.

Bigger companies wanted more experience, but I persevered and began emailing smaller companies from a list of UK CREST-approved organisations. I soon received numerous job interviews and got a job offer from my first interview.

What are your main work activities?

My main work activities include testing clients' applications for security issues, which can be remote testing of their network, or an onsite test of their infrastructure.

Besides testing, I work to further my knowledge in the field and to keep on top of new and emerging techniques. I also help out colleagues with their work.

What do you enjoy most about the job?

I enjoy the people and the hacking! To me there is nothing more interesting than finding a cool way to get into a system, or discussing strategies and techniques with my colleagues who share this passion.

What are the challenges?

It's challenging trying to keep up to date with all the knowledge that is out there, as technology moves quickly.

Timeframes are challenging too - I'm given a maximum of two weeks to plan and perform an 'ethical hack', whereas a malicious hacker could plan their attack for months, or years.

How relevant is your computer science degree to penetration testing?

Computer science wasn't specifically relevant, but it was useful for getting my computer developer work, which led me into this role.

I got my first job six months before graduation and needed a predicted grade of a 2:1. However, when applying for penetration testing roles, employers focused on my interest and enthusiasm in cyber security. That being said, my degree did help to demonstrate my technical competence, which was essential for securing the role.

What are your future ambitions?

I'm relatively new to the industry, but feel I have personally and professionally developed a lot. I quickly realised that the more qualifications and experience I gain, the more trust and independence I receive.

My ambitions are to continue working on fun projects, gaining new qualifications and earning money doing a job I love.

Do you have any advice for someone hoping to become a penetration tester?

Show a passion for the role and get networking. Talk to as many people in the field as possible and hone your skills by getting involved in games and competitions. With the right skills and enthusiasm, there will be a job for you.