Feb 10, 2014

Penetration Testers - The Good, The Bad, The Kiddie

As a company you may want to conduct a penetration test once in a while to test your security posture. Nowadays there are many companies in the market offering penetration testing services. Suddenly you find yourself in the position to evaluate different penetration testing companies. You'll probably have to check which penetration testing company best suites your needs and you'll have to distinguish between those who are competent and those who are not. But how can you recognize the good pentesters and what are signs that unmask low-skilled pentesters?

In this article I will introduce you to factors that differentiate good penetration testers from bad ones or even worse - from Skriptkiddies. I will talk about  (1) obvious stuff like things to look out for on a CV or website, (2) certifications and (3) things to ask in an interview or company review.
You may also find this article interesting when you think about hiring a penetration tester for your team and are not sure how to assess his qualifications and skillset.