Redundancy, this as is pivatol aspect when it comes to the subject of efficiency in any process or protocol but you'd be surprised of the things I've seen in my 10 years in the IT industry ... Just recently i realized that the company i worked for did not have updated back up image copies uploaded to a flashstick securely stored in case their SCCM server took a shit on them or an outage where to take place so we are being asked to stock pile dell laptops with a preloaded image to leverage our position when an outage is expected next week ... This is a waste of time for us and takes us away from our daily responsibilities where I'm already managing logistical aspects of a company wide refresh and everything in between ... Our director simply told us that the server is "hardened and that the likely hood of something going wrong is unlikely and if it where to happen we would just wait for it come back up" i couldn't help but laugh my ass off ... imagine if our network admins on site approached everything with the same mentality ... all hell would break loss if something went wrong.

İst this every job in the world?

@@burkanalpkale5703 hahaha indeed.

May you never sleep on a rough pillow

saved me 13 minutes thank you

Just some generic things that appear in every job. Thanks for saving me my time instead of falling for this trash

Me to just started . in online hope you will guide me in this.

What's your opinion on becoming a pen-tester with automated pen-testing emerging. Companies would want to purchase a.i testing as it's faster, makes less mistakes than humans and is a 1 off cost in some cases. Is the future of pen-testers doomed like factory workers?

@@sd3116 good question!!

@@sd3116 I don’t know if they’re doomed but the job will definitely change. It’ll take pentesters to write the code for automation so penetration testers will need to adjust their methods. Just like network engineers need to learn programming as many network maintenance tasks have been replaced with automation. The engineers need to know how to update, execute, and troubleshoot the code. Same will happen with penetration testers. The human will not be doing the testing but will be executing and updating the program. That is why it’s important to always stay sharp with your programming

@@Lukas-mu2tw python good enough? Nd powershell.. But there's already automation software Testers use anyway?

No. Reports will be as long as the amount of vulnerabilities you find. My reports are typically 5 pages long only because I work in a team of pentesters so we all together find a bunch of vulnerabilities. Really reports will be 2 pages if you work by yourself. But do be prepared to spend 4 hours speaking to the manager, sys admins, and others if it's a white box test.

@@outlaw8379 True, if you do something like red teaming then you actually don't have much reporting to do! In red team assessments there actually isn't a lot of reporting to do *at* all, so if you join a corp that focuses on red teaming then you don't even need to worry about reports all you do is have fun :')

@@x-alias3405 Hi, can you explain why Red Teams don't focus as much on reports?

Hey, Don't you think CEH is enough to start the Career at pentesting !

@@billionairebrother7036 You're right! I currently work as a security analyst looking to advance, and I don't like the CEH in all honesty! The pentest+ covers more practical and it even covers scripting in 4 languages so I like it way more. Over here employers don't care that MUCH about certs, they are more leaned towards experience and skill. :^)

@@x-alias3405 Thanks for the reply BRO 🤓

@@billionairebrother7036 No need to thank me! :D

@@x-alias3405 interesting comment, where have you started your it career? I was always thinking I’m to dumb for it, but I’m tech minded person. I went to construction and became gas and electrical engineer, however I hate it and I was still imagining how would that be to work in it. Last month I made my move, I’m currently doing a+ and ccna, but whenever we are doing anything network related I’m always excited on security bit.my next cert I guess will be Linux + and then not sure. Hopefully I will find my by then.

But how do you practice to get better?

I could not agree more! That's why I love this job, it's challenging and it forces you to learn, adapt and overcome and I love it.

@@ruarkpotgieter7891 Labs, blogs, certs, build your own stuff (tools, environments, etc.).

Hmmm interesting

I couldn't agree more dude. My phone is a digital leash.

I was thinking the same thing

so QA more easy then pen testing right ? and QA test engginer need to keep learn like in cyber ?

Thank you man, and thanks for coming back!

To what domain did you move on later then?

@@draco24able I'm still in the industry, but in a Training role now, enjoying it alot though.

@@onthewall425 can you please tell me the skills that you have acquired to get into the job that you are currently in. I am doing a cert on CEH, basic knowledge in network and Linux

@@draco24able I started with A+ many years ago, then studied Networking defense, and also got CEH, after some experience I got my OSCP, which is my most recent certification.

Great question

I thought the same thing and searched the comments for "Longbottom" 😄 No hate, just a funny resemblance.

I so feel this comment!! I'm the same way!! I need the whole picture!! 😆😆😆

Thanks for the feedback! And I'm really glad you enjoyed the video

DemmSec Hey Dale is there part time positions in pentesting?

Is there part time positions in pentesting?

Really glad you enjoyed the video, and I've got more videos in the pipeline!

@@DemmSec I'd like to contact you. Is there a way?

Opa, ainda tô me preparando pro A+ mas não consigo deixar de assistir vídeos e pentest e red team. Sou louco por isso. Tbm sou brasileiro e tenho afinidade com a área, tenho um caminho longo pela frente até chegar a ser pentest, talvez uns 3 anos mais ou menos. Enfim. Boa sorte pra vc irmão.

@@FaLkraydz então cara, conhece alguém no ramo? Papo reto tu acha que isso de 300 mil dólar ano é real? Da 150 mil reais mês velho, tu acha que do 0 ao pro estudando 3 horas dia passo 2 anos?

@@willownot se estudar de verdade passa. Tbm tô no zero. Me preparando pro CompTIA A+ ainda. Trabalhando 12 horas por dia e tals, complicado de ter tempo pra estudar. Mas essa parada de 300K vc tem que se perguntar quanto recebe no Brasil. Pq no br ele não devem pagar em dólar.

@@FaLkraydz sou fluente em inglês, então vou buscar trabalho remoto tlg? Que curso é esse que tu vai fazer? Mas tu acha que é real ou balela de vendedor de curso esses salários?

@@willownot num acho que seja balela não lek, mas 300k nunca vi não. Mas já vi até 250k máximo. Tu conhece o canal do Gabriel pato? Ótimo canal. Tem o IT career questions, John Hammond, professor messer, IT Pro TV. Networkchuck. Pesquisa no KZbin sobre as certificações CompTIA. Sobre conteúdo blue team e red team pra vc ember qual caminho vc se identifica mais.

Try development.. I know it's trendy right now but I find web development super fun and the community is cool. However a lot of the same stuff here will apply, aside from dealing with customers (as much).... But in anything in IT you have to love learning.

@@codecleric4972 thanks man 👍🏻👌🏼

Same here!

Nope, I work full time for a company

@@DemmSec then what was the whole spill about money and being a 1000 pds in the hole??

Like I said.. you go on-site for jobs and you need to cover everything you need whilst you’re there. So your hotel, trains, food

@@DemmSec got it! Thanks

I don't think it would be for me. At least not a pentesting company. However I do like the idea of running a managed service/cloud service for pentests

I’m a student CySec still and thought of setting up a company later in my life. I’d go down the consultancy or specialists route though, I don’t think pentesting is a viable market. Sites like Hacker101 offer these web app pentesting for like mostly free until someone finds a vuln.

@@v380riMz Like a cyber lawyer, me too. the chilled route man

it's like everything he said, but times by 10. you need to worry about the people you'll be working with / employing but also where the next job is coming from to pay said people. not for the faint hearted.

Why's that?

You’ve misunderstood - I’ve listed reasons why SOME people might not want to work in the field. I’m still a full time penetration tester and security consultant

Love react is appreciated but would want you to throw some light on it if possible mate🙂

I'll make a video :) easier to explain that way

I will take a stab at this.. Pentesting has a more rigid restrictive scope, usually 1-2 week engagement (time-boxed), announced, and you're looking to identify vulnerabilities, sometimes exploit them, maybe not.. depends on the ROE w/ the client, etc. also, lots of times orgs just doing it for compliance reasons (checkbox security), like mentioned in video. Redteaming OTOH, there's often little to no rules/scope, the engagement can be anywhere from a week to 6 months, its not announced, and you're testing programs, policies, people, skills, and tools. Then ofc, blue team, well, you're defending all the things :) Then, might as well cover the new(er) hotness, which is Purple Teaming, and that's a hybrid of Red/Blue, where the (2) teams are working in tandem, together. Blue makes Red better, and vice versa. "Offense informs Defense" concept, "the sword that hones the shield".. HTH?

@@jdubbz9368 bruh, you didn't mention PURPLE Team tho.. In 2020 we no longer jus exist in the shadows..

@@phabeondominguez5971 I think you missed the section at end of comment, where I did mention Purple --- "Then, might as well cover the new(er) hotness, which is Purple Teaming, and that's a hybrid of Red/Blue, where the (2) teams are working in tandem, together. Blue makes Red better, and vice versa"

Is that better?

phising dude

Didn't say it was.. I was just giving reasons people might not want to become a pentester

Thanks a lot Dai!

I think it's more about finding a place where you have less stress put on you. At the moment I make decent money and I'm at a place where they have a better handle of responsibilities etc. At my previous job I was on similar but less money, but they also required the tester to take more responsibility over other day-to-day business requirements. You can do freelance work and make very good money but you also take on all of the risks associated. Needing to make sure you're not about to get owned in a lawsuit etc. You're not really capped on what you can earn, in the UK I've seen salaries from 20-30k up to 100+. There are always opportunities for development etc. As well as earning additional cash outside of the 9-5. Overtime and out of hours work is usually paid quite well, then you've got bug bounties etc outside of regular work. I think the job in general benefits those who have a bit of hustle. If you're the type of person to seek out opportunity and take stuff into your own hands you'll do well. Hope this helps

@@DemmSec Really well replied, thank you good sir!

Apologies that it took a while, just needed an opportunity to write a proper response 😁

@@DemmSec Haha appreciate it man no worries there, it's better you took your time, because I've been spending months almost a year, preparing my self to obtain the OSCP and then eventually wish to go for a 9-5 job as a start to my pentesting / cyber career. I already have gone through the ropes with helpdesk and some other stuff, but I wanted to settle on something that I enjoy, and I really enjoy pentesting and the critical thinking that it requires. That being said, I just want to make sure that all the hard work that I'm putting in doesn't go to waste and even to regret down the line when I'm doing real hard work and not getting enough for it in return, but ROI basically... As side work, I have clients that I make websites for and even DBMS's and I plan on a youtube channel as well down the line, so I can get the multiple streams of income, but my current primary focus is OSCP and OSCP only, as it has been a long desired dream of mine to prove to myself that I am capable and then obviously employers.

I'm obviously a little biased. But I don't think you'll have any regrets. The salaries are good and more cash is always within reach. Especially compared to help desk roles there's a lot more autonomy etc