The company losing two years worth of data is 100 percent their fault. They should be backing everything up in three places. End of story. Anyone who doesn't do that is just ignorant.
Redundancy, this as is pivatol aspect when it comes to the subject of efficiency in any process or protocol but you'd be surprised of the things I've seen in my 10 years in the IT industry ... Just recently i realized that the company i worked for did not have updated back up image copies uploaded to a flashstick securely stored in case their SCCM server took a shit on them or an outage where to take place so we are being asked to stock pile dell laptops with a preloaded image to leverage our position when an outage is expected next week ... This is a waste of time for us and takes us away from our daily responsibilities where I'm already managing logistical aspects of a company wide refresh and everything in between ... Our director simply told us that the server is "hardened and that the likely hood of something going wrong is unlikely and if it where to happen we would just wait for it come back up" i couldn't help but laugh my ass off ... imagine if our network admins on site approached everything with the same mentality ... all hell would break loss if something went wrong.
What's your opinion on becoming a pen-tester with automated pen-testing emerging. Companies would want to purchase a.i testing as it's faster, makes less mistakes than humans and is a 1 off cost in some cases. Is the future of pen-testers doomed like factory workers?
@@sd3116 I don’t know if they’re doomed but the job will definitely change. It’ll take pentesters to write the code for automation so penetration testers will need to adjust their methods. Just like network engineers need to learn programming as many network maintenance tasks have been replaced with automation. The engineers need to know how to update, execute, and troubleshoot the code. Same will happen with penetration testers. The human will not be doing the testing but will be executing and updating the program. That is why it’s important to always stay sharp with your programming
Awesome video! I'm currently finally doing my CEH alongside pentest+, and somehow those 5 reasons to 'NOT' be a pentester are the reasons I love it :') I'm just a weirdo lol, I just love challenging stuff.
@@billionairebrother7036 You're right! I currently work as a security analyst looking to advance, and I don't like the CEH in all honesty! The pentest+ covers more practical and it even covers scripting in 4 languages so I like it way more. Over here employers don't care that MUCH about certs, they are more leaned towards experience and skill. :^)
@@x-alias3405 interesting comment, where have you started your it career? I was always thinking I’m to dumb for it, but I’m tech minded person. I went to construction and became gas and electrical engineer, however I hate it and I was still imagining how would that be to work in it. Last month I made my move, I’m currently doing a+ and ccna, but whenever we are doing anything network related I’m always excited on security bit.my next cert I guess will be Linux + and then not sure. Hopefully I will find my by then.
Spot on points....on the flip side, it's reasons why I LOVE being a pentester. Also, the better you get, the more fun it is and also the more rewarding. That helps make it even more motivating to continuously improve skills.
No. Reports will be as long as the amount of vulnerabilities you find. My reports are typically 5 pages long only because I work in a team of pentesters so we all together find a bunch of vulnerabilities. Really reports will be 2 pages if you work by yourself. But do be prepared to spend 4 hours speaking to the manager, sys admins, and others if it's a white box test.
@@outlaw8379 True, if you do something like red teaming then you actually don't have much reporting to do! In red team assessments there actually isn't a lot of reporting to do *at* all, so if you join a corp that focuses on red teaming then you don't even need to worry about reports all you do is have fun :')
Thanks for this. I'm really keen on becoming a Pentester, and you discussing some of the practicalities really does help me prepare. Much appreciated, and I hope you can manage the challenges of the role :)
This is kind of what is true for IT sysadmin jobs, especially in a company that offers 5nine, 6nine etc fancy SLAs to customers. They literally suck blood out of you with calls coming at any time of the day no matter where you are and even during vacations, family eventually gets tired of all this. This is true of everyone I know who is in this field. And there is always this pressure of learning new technologies to stay relevant in the market, especially given the extreme speed at which IT is changing these days.
Ugh man, I can relate. I watched your videos for many years, starting around the time I went to college. I worked for many companies, including Microsoft. I just left my job at a managed services company a few months ago. Customers (aka lead network engineers that COME TO YOU FOR HELP because they can't figure it out) drove me away. They think they're so fuckin smart, yet come to you for help, bitch the entire time and tell you how you could do it better. We did a bit of everything, pen testing included. All of it was enough to drive me away from the systems/network side of things and into the development realm. This industry has changed so much, and soon I see it so commonplace the salaries won't be worth the work anymore.
I'm new to IT in general with some serious motivation to work towards pentesting and luckily none of your points put me off. This is good news lol. My only concern is getting a late start and not having an IT related college degree.
This isn’t the career for someone that doesn’t make time to properly decompress and intentionally relieve their internal stress. I mean like eating healthy yoga etc not watching Netflix. You have to keep your blade Sharp if you want to continue on that’s why I’m interested in this career field. I love learning I love working as a team I’m fine with work stress if this is a career you’re interested in. Make time while on your journey to cut back on bad habits so you can hit the ground running and embrace the suck with confidence
Why would you even need a reason for it? The only reason you need is having passion for the field. If you love hacking then fuck it, just get into it and forget about everything else.
Oh man, I spent my 20's painting cars for used car lots. I owned the shop. The customers part was much the same. The big issue was expenses. Most large car lots here in the US pay once a month a few are even quarterly. Each car might have a bill of $200-$600 and I could do 5-8 repairs a day. Just my paints and supplies were around 3/4ths of that. Plus one job in a dozen will always go horribly wrong and take a couple of days to get right. After all of the expenses, I didn't walk away with much money, but had to float a massive amount of expenses. Of course, it always seems like I ran out of all the expensive stuff at once. You're young, I get it, but be aware, most businesses have a massive amount of funds to float. The amount of risk you take on is a major factor in your ultimate financial value.
i been as developer for 4 years later 4 years on testing...now doing pen testing..what can i say 1.developement is redudent and once your confortable there is no scope other than copy paste logic. 2.testing is not redudent but consume time on testing repeatedly and u will become bore after some year. 3.then comes pen testing.it's what like life can't predict what's happen next.if your able to love it.even if 500 reason out there not to become.we go for it.
QA Test Engineer here moving towards pen-testing. I think what's interesting is the things you point out are pretty normal for testing in general. Each client has what's important to them or not, but I'm still going to test that new prog quite a bit even if they are only concerned with one area. I also put in extra time after work because often it's hard to prove something worth investing in and why put me to training when there's work available. Thankfully, on that front Udemy is not regularly coming out of my pocket anymore. I've also had to hit the card for travel. It gets reimbursed, but can take time. If with a consulting company they'll probably have a company card for your trip, but if freelance or small, yeah, you're going to either need to have a credit line or a starting cash buffer saved to use until you can be reimbursed and it washes. If I had to do it myself, I'd try and get a $5-10,000 small business loan and use that as the buffer instead of a card (unless the card has really low interest and you can reimburse quickly).
Does a pen tester have a set work schedulle and can you pen test as an indipendent contractor? If so how much could you make average per job, excluding your regular salary.
Thanks for the vid. Great content mate. We have so many vids f3om youtubers from other countries so it's nice to see someone from the UK as it's slightly different than other countries e.g. salary and benefits package etc. Would love to see a vid on salary expectations in the field as well as how to start in this field from scratch. Thanks mate
You should rename the video because these are "Important Things To Consider" when pursuing a career as a cybersec professional. Anyone who is in the industry regardless of their position or motivation at the end of the day is a Researcher. These are the reasons I love this field, its always changing, you have to remain teachable at any age. There is constant opportunity, the knowledge is never wasted, Some people get into the desired space and realize its not for them, but the foot in the door made it easy to transition easily to a different job in tech completely. If you want it to work it will, simple as that like most things in life.
Thank you for making this video. Nice to hear someone point out real pain points of this work. Expenses are one of my most hated parts of the work too.
What's your opinion on becoming a pen-tester with automated pen-testing emerging. Companies would want to purchase a.i testing as it's faster, makes less mistakes than humans and is a 1 off cost in some cases. Is the future of pen-testers doomed like factory workers?
Great video and insights DemmSec, I have experienced the same during my small time in PenTesting. Being a hacker may sound good, but the daily work is tough and the clients environments can be challenging.
@@onthewall425 can you please tell me the skills that you have acquired to get into the job that you are currently in. I am doing a cert on CEH, basic knowledge in network and Linux
@@draco24able I started with A+ many years ago, then studied Networking defense, and also got CEH, after some experience I got my OSCP, which is my most recent certification.
to be able to do web app pentesting at what level do you need to know programming languages, to the point were you are creating apps/websites or do you just need to learn the basics/beginner level? Thanks in advance.
man, as owner of 70k followers - YT-channel in the it-sec niche, if you want to have less stress , you really should do some social marketing / influencing... much stresslesser and even fun as long as you stay in the itsec niche
Thank you for this video! I was looking at different areas of computer security that I could move into and thought pentesting was something that interested me. However I am not in a position to be able to travel frequently. I think that I will continue to learn pentesting but with the goal of working within an org or for a large service provider where I don't have to travel often.
hey that video was not too negative at all in my opinion! i also work as a pentester and the only thing that was mentally draining for me was the way (rhetoric questions, sarcasm, etc.) feedback was delivered to me when my testing was reviewed. But to be honest that could happen in any job. Luckily I have learned to deal with that feedback and also my testing has improved so there is less to complain about XD. My advice with the reporting issue you have is to set up a separate calendar in outlook that is just for security assessments and block out enough time for all jobs and add a bit of extra time incase there's tons of findings.
I know it's probably a question you get asked alot I apologize if it's a inconvenience or something that irritates you I'm trying to learn how it works with why it works and how the methods of hacking not just ethical hacking but all types and methods of hacking were created how they were developed and how they work and who originally created each method and how the methods and tools, equipment evolved and what is the next generation of hacking software,tools, and methods are predicted to be I know it's alot but it's not enough for me to learn to do something I want to learn everything about the subject how it works how it was created and the creations intentions and original purposes.
every single point you described is same in any job role what pays. Not sure how many different jobs you had, or how is your attitude at work, but all that is completely normal for a person who does not want to work in McDonald for minimum wage.
I'm sorry I know this is a serious video but I'm losing it at the fact that the auto-captions translated the introduction as "Why people shouldn't get into Manchester"
That's the best part mate! When you're stressed out, that basically means that you're fucking curious to work, learn and possibly excel at pen testing. No pain no gain right?
Is investing your own funds in the project/job standard operating procedure in the United Kindgdom? (making a small presumption) Are these big companies? small?
hello, i want to get into the cyber security business, i'm brazilian and would like to and i have a lot of affinity with the area, are there really any salaries that go from 100k to 350k per year? is there space to undertake?
Opa, ainda tô me preparando pro A+ mas não consigo deixar de assistir vídeos e pentest e red team. Sou louco por isso. Tbm sou brasileiro e tenho afinidade com a área, tenho um caminho longo pela frente até chegar a ser pentest, talvez uns 3 anos mais ou menos. Enfim. Boa sorte pra vc irmão.
@@FaLkraydz então cara, conhece alguém no ramo? Papo reto tu acha que isso de 300 mil dólar ano é real? Da 150 mil reais mês velho, tu acha que do 0 ao pro estudando 3 horas dia passo 2 anos?
@@willownot se estudar de verdade passa. Tbm tô no zero. Me preparando pro CompTIA A+ ainda. Trabalhando 12 horas por dia e tals, complicado de ter tempo pra estudar. Mas essa parada de 300K vc tem que se perguntar quanto recebe no Brasil. Pq no br ele não devem pagar em dólar.
@@FaLkraydz sou fluente em inglês, então vou buscar trabalho remoto tlg? Que curso é esse que tu vai fazer? Mas tu acha que é real ou balela de vendedor de curso esses salários?
@@willownot num acho que seja balela não lek, mas 300k nunca vi não. Mas já vi até 250k máximo. Tu conhece o canal do Gabriel pato? Ótimo canal. Tem o IT career questions, John Hammond, professor messer, IT Pro TV. Networkchuck. Pesquisa no CZcams sobre as certificações CompTIA. Sobre conteúdo blue team e red team pra vc ember qual caminho vc se identifica mais.
Thank you for this. What other roles would you advise with in I.T that is less stressful and worthwhile. I want to to do a career change and I’m in my mid 30s
Try development.. I know it's trendy right now but I find web development super fun and the community is cool. However a lot of the same stuff here will apply, aside from dealing with customers (as much).... But in anything in IT you have to love learning.
Sir i graduated my BE in electronics in 2018 and got the job in 2019 has a System engineer, Currently i left my previous job has it was not my cup of tea, I did Cehv10 certification and currently i am confused whether to start my journey has SOC or Pentester ?
Hi Dale,i found this interesting.I think u have to enjoy being challenged.I do to a degree but dont think i could be a full time pentester. u have soooo much to think about and like u say, u have to be on the ball with whats going on in this industry.Good to see u back doing some videos..
already at number 5 the first one him saying you never stop learning bruh first of all you in IT what were you thinking and if you been in the pentesting for a couple of years and talk like you think it's the worst why not leave it and do something else that you like
You’ve misunderstood - I’ve listed reasons why SOME people might not want to work in the field. I’m still a full time penetration tester and security consultant
The biggest pain point is the neverending learning I think. When you have kids your time is limited on a whole other level and doing quite demanding certifications on the side can wear on you a little. I also need some relaxing time where I do nothing some evenings. I did the OSCP and am now doing the CRTP from penteser academy (both highly recommended) but then there are more difficult things like CRTE, OSCE, eCPTXv2 and it's just the screw without end I feel sometimes :)
Question, do you think the money you make in pen-testing worth all the stress that it comes with? Second question, do you think you can do freelance work or even remote work as a pentester and still make good money? Third question, are you capped as to how much you make as a pentester, will I be able to make more money while I'm learning more and implementing newer ideas?
I think it's more about finding a place where you have less stress put on you. At the moment I make decent money and I'm at a place where they have a better handle of responsibilities etc. At my previous job I was on similar but less money, but they also required the tester to take more responsibility over other day-to-day business requirements. You can do freelance work and make very good money but you also take on all of the risks associated. Needing to make sure you're not about to get owned in a lawsuit etc. You're not really capped on what you can earn, in the UK I've seen salaries from 20-30k up to 100+. There are always opportunities for development etc. As well as earning additional cash outside of the 9-5. Overtime and out of hours work is usually paid quite well, then you've got bug bounties etc outside of regular work. I think the job in general benefits those who have a bit of hustle. If you're the type of person to seek out opportunity and take stuff into your own hands you'll do well. Hope this helps
@@DemmSec Haha appreciate it man no worries there, it's better you took your time, because I've been spending months almost a year, preparing my self to obtain the OSCP and then eventually wish to go for a 9-5 job as a start to my pentesting / cyber career. I already have gone through the ropes with helpdesk and some other stuff, but I wanted to settle on something that I enjoy, and I really enjoy pentesting and the critical thinking that it requires. That being said, I just want to make sure that all the hard work that I'm putting in doesn't go to waste and even to regret down the line when I'm doing real hard work and not getting enough for it in return, but ROI basically... As side work, I have clients that I make websites for and even DBMS's and I plan on a youtube channel as well down the line, so I can get the multiple streams of income, but my current primary focus is OSCP and OSCP only, as it has been a long desired dream of mine to prove to myself that I am capable and then obviously employers.
I'm obviously a little biased. But I don't think you'll have any regrets. The salaries are good and more cash is always within reach. Especially compared to help desk roles there's a lot more autonomy etc
Hi DemmSec, appreciate the video as I'm looking to get into the cyber security world soon. Just wanted to ask you if most of your work is freelance? Is that why you talk about your expenses and hotels and stuff, thanks
AMIGO's, If the goal is INFOSEC, particularly red/purple team. Do I need Net+ or CCNA? i.e. jus got Sec+ Now should I do Linux/Python next or should I focus Net+/CCNA? What are your thoughts on all that? oNe
I would get really strong with Linux. As strong as you can. You would also need to know at least the basics of how Windows works. Then, CCNA is so so much stronger than Net+. You may end up not actually NEEDING it, but you can be sure that it will give you a pretty good foundation on networking (and some network security). Cheers.
@@sep7im535 cRAZIEST thing happened, and boy do I mean crazy.. I just landed an entry level PEN-TESTER position off a 2 month old forum job post, even tho it was old I still reached out and they apparently loved my energy, hunger, and drive so much they brought me onboard!! So now I'll be learning Networking on the job.. Along along with Security.. so for the time being, no more certs!! Woot, woot, I start MONDAY.. can't wait!!! oNe
@@phabeondominguez5971 Bro, you're not gonna believe me but I just got started on my first pentester job two days ago. Perfectly synched, right? Lol. Take care, and best of luck!
@@sep7im535 NOICE, haha what a coincidence at that!! What have you been doing so far, what's your day to day like? I'ma use this weekend to bone up on Wireshark and nMap.
@@phabeondominguez5971 Nice, get as much practice as you can. These days I haven't been given much to do, but I got introduced to my first project today and it's pretty nice. If you've been doing CTFs and TryHackMe or something similar, I'm sure you'll be golden
Please tell me what is the difference in Red teaming vs Blue teaming vs pentesting comparison on the basis of daily tasks and intensity. I have a fair bit of idea of blue teaming since I'm a SOC analyst but would like to know more from you guys.
I will take a stab at this.. Pentesting has a more rigid restrictive scope, usually 1-2 week engagement (time-boxed), announced, and you're looking to identify vulnerabilities, sometimes exploit them, maybe not.. depends on the ROE w/ the client, etc. also, lots of times orgs just doing it for compliance reasons (checkbox security), like mentioned in video. Redteaming OTOH, there's often little to no rules/scope, the engagement can be anywhere from a week to 6 months, its not announced, and you're testing programs, policies, people, skills, and tools. Then ofc, blue team, well, you're defending all the things :) Then, might as well cover the new(er) hotness, which is Purple Teaming, and that's a hybrid of Red/Blue, where the (2) teams are working in tandem, together. Blue makes Red better, and vice versa. "Offense informs Defense" concept, "the sword that hones the shield".. HTH?
@@phabeondominguez5971 I think you missed the section at end of comment, where I did mention Purple --- "Then, might as well cover the new(er) hotness, which is Purple Teaming, and that's a hybrid of Red/Blue, where the (2) teams are working in tandem, together. Blue makes Red better, and vice versa"
I don't think it would be for me. At least not a pentesting company. However I do like the idea of running a managed service/cloud service for pentests
I’m a student CySec still and thought of setting up a company later in my life. I’d go down the consultancy or specialists route though, I don’t think pentesting is a viable market. Sites like Hacker101 offer these web app pentesting for like mostly free until someone finds a vuln.
it's like everything he said, but times by 10. you need to worry about the people you'll be working with / employing but also where the next job is coming from to pay said people. not for the faint hearted.
we've got ourselves a badass here, this guy is a pen tester, he's on the ball and he's gonna tell you why you aren't good enough to be a pen tester. lol.
The company losing two years worth of data is 100 percent their fault. They should be backing everything up in three places. End of story. Anyone who doesn't do that is just ignorant.
Redundancy, this as is pivatol aspect when it comes to the subject of efficiency in any process or protocol but you'd be surprised of the things I've seen in my 10 years in the IT industry ... Just recently i realized that the company i worked for did not have updated back up image copies uploaded to a flashstick securely stored in case their SCCM server took a shit on them or an outage where to take place so we are being asked to stock pile dell laptops with a preloaded image to leverage our position when an outage is expected next week ... This is a waste of time for us and takes us away from our daily responsibilities where I'm already managing logistical aspects of a company wide refresh and everything in between ... Our director simply told us that the server is "hardened and that the likely hood of something going wrong is unlikely and if it where to happen we would just wait for it come back up" i couldn't help but laugh my ass off ... imagine if our network admins on site approached everything with the same mentality ... all hell would break loss if something went wrong.
5. You never stop learning
4. Using your own time
3. Stress
2. Customers
1. Mental Health
İst this every job in the world?
@@burkanalpkale5703 hahaha indeed.
May you never sleep on a rough pillow
saved me 13 minutes thank you
Just some generic things that appear in every job. Thanks for saving me my time instead of falling for this trash
Thank you, I am currently studying to be a pentester, glad to see a down to earth person that i can relate to
Me to just started . in online hope you will guide me in this.
What's your opinion on becoming a pen-tester with automated pen-testing emerging. Companies would want to purchase a.i testing as it's faster, makes less mistakes than humans and is a 1 off cost in some cases. Is the future of pen-testers doomed like factory workers?
@@sd3116 good question!!
@@sd3116 I don’t know if they’re doomed but the job will definitely change. It’ll take pentesters to write the code for automation so penetration testers will need to adjust their methods. Just like network engineers need to learn programming as many network maintenance tasks have been replaced with automation. The engineers need to know how to update, execute, and troubleshoot the code. Same will happen with penetration testers. The human will not be doing the testing but will be executing and updating the program. That is why it’s important to always stay sharp with your programming
@@Lukas-mu2tw python good enough? Nd powershell.. But there's already automation software Testers use anyway?
The money thing, bad customers and annoying reports is the same for basically every corporate job.
Awesome video! I'm currently finally doing my CEH alongside pentest+, and somehow those 5 reasons to 'NOT' be a pentester are the reasons I love it :') I'm just a weirdo lol, I just love challenging stuff.
Hey,
Don't you think CEH is enough to start the Career at pentesting !
@@billionairebrother7036 You're right! I currently work as a security analyst looking to advance, and I don't like the CEH in all honesty! The pentest+ covers more practical and it even covers scripting in 4 languages so I like it way more. Over here employers don't care that MUCH about certs, they are more leaned towards experience and skill. :^)
@@x-alias3405 Thanks for the reply BRO 🤓
@@billionairebrother7036 No need to thank me! :D
@@x-alias3405 interesting comment, where have you started your it career? I was always thinking I’m to dumb for it, but I’m tech minded person. I went to construction and became gas and electrical engineer, however I hate it and I was still imagining how would that be to work in it. Last month I made my move, I’m currently doing a+ and ccna, but whenever we are doing anything network related I’m always excited on security bit.my next cert I guess will be Linux + and then not sure. Hopefully I will find my by then.
Spot on points....on the flip side, it's reasons why I LOVE being a pentester. Also, the better you get, the more fun it is and also the more rewarding. That helps make it even more motivating to continuously improve skills.
But how do you practice to get better?
I could not agree more! That's why I love this job, it's challenging and it forces you to learn, adapt and overcome and I love it.
@@ruarkpotgieter7891 Labs, blogs, certs, build your own stuff (tools, environments, etc.).
Demmsec: real talk
I had a mental health issue... I feel it is good to challenge myself
Is it common that reports are that long? Somehow what scares me is writing long reports because I normally express myself in a short manner
No. Reports will be as long as the amount of vulnerabilities you find. My reports are typically 5 pages long only because I work in a team of pentesters so we all together find a bunch of vulnerabilities. Really reports will be 2 pages if you work by yourself. But do be prepared to spend 4 hours speaking to the manager, sys admins, and others if it's a white box test.
@@outlaw8379 True, if you do something like red teaming then you actually don't have much reporting to do! In red team assessments there actually isn't a lot of reporting to do *at* all, so if you join a corp that focuses on red teaming then you don't even need to worry about reports all you do is have fun :')
@@x-alias3405 Hi, can you explain why Red Teams don't focus as much on reports?
Thanks for this. I'm really keen on becoming a Pentester, and you discussing some of the practicalities really does help me prepare. Much appreciated, and I hope you can manage the challenges of the role :)
This is kind of what is true for IT sysadmin jobs, especially in a company that offers 5nine, 6nine etc fancy SLAs to customers. They literally suck blood out of you with calls coming at any time of the day no matter where you are and even during vacations, family eventually gets tired of all this. This is true of everyone I know who is in this field. And there is always this pressure of learning new technologies to stay relevant in the market, especially given the extreme speed at which IT is changing these days.
Hmmm interesting
I couldn't agree more dude. My phone is a digital leash.
The black hoodie is strong in this one 🌑🐺💻
Saw some of your old backtrack videos, didn't expect you to be active to this day. Very enjoyable content.
Thank you man, and thanks for coming back!
dude, seriously, thank you so much for some decent and realistic insight to pentesting this video has allot of real advice.
Ugh man, I can relate. I watched your videos for many years, starting around the time I went to college. I worked for many companies, including Microsoft. I just left my job at a managed services company a few months ago. Customers (aka lead network engineers that COME TO YOU FOR HELP because they can't figure it out) drove me away. They think they're so fuckin smart, yet come to you for help, bitch the entire time and tell you how you could do it better. We did a bit of everything, pen testing included. All of it was enough to drive me away from the systems/network side of things and into the development realm. This industry has changed so much, and soon I see it so commonplace the salaries won't be worth the work anymore.
I'm new to IT in general with some serious motivation to work towards pentesting and luckily none of your points put me off. This is good news lol. My only concern is getting a late start and not having an IT related college degree.
This isn’t the career for someone that doesn’t make time to properly decompress and intentionally relieve their internal stress. I mean like eating healthy yoga etc not watching Netflix. You have to keep your blade Sharp if you want to continue on that’s why I’m interested in this career field. I love learning I love working as a team I’m fine with work stress if this is a career you’re interested in. Make time while on your journey to cut back on bad habits so you can hit the ground running and embrace the suck with confidence
Why would you even need a reason for it? The only reason you need is having passion for the field. If you love hacking then fuck it, just get into it and forget about everything else.
great video dude. i definitely think pentesting is too stressful for me, im just happy how nicely you laid everything out.
The guys that lost 2 years worth of stuff should have had some sort of redundancy. I never understand why people just expect data to never vanish.
I was thinking the same thing
Oh man, I spent my 20's painting cars for used car lots. I owned the shop. The customers part was much the same. The big issue was expenses. Most large car lots here in the US pay once a month a few are even quarterly. Each car might have a bill of $200-$600 and I could do 5-8 repairs a day. Just my paints and supplies were around 3/4ths of that. Plus one job in a dozen will always go horribly wrong and take a couple of days to get right. After all of the expenses, I didn't walk away with much money, but had to float a massive amount of expenses. Of course, it always seems like I ran out of all the expensive stuff at once.
You're young, I get it, but be aware, most businesses have a massive amount of funds to float. The amount of risk you take on is a major factor in your ultimate financial value.
I quit pentesting to work as a fullstack dev. everything is falling back in place
i been as developer for 4 years later 4 years on testing...now doing pen testing..what can i say
1.developement is redudent and once your confortable there is no scope other than copy paste logic.
2.testing is not redudent but consume time on testing repeatedly and u will become bore after some year.
3.then comes pen testing.it's what like life can't predict what's happen next.if your able to love it.even if 500 reason out there not to become.we go for it.
That what makes it more interesting ;)
I've learned from this video to request the customer runs a backup before testing begins lol.
QA Test Engineer here moving towards pen-testing. I think what's interesting is the things you point out are pretty normal for testing in general. Each client has what's important to them or not, but I'm still going to test that new prog quite a bit even if they are only concerned with one area. I also put in extra time after work because often it's hard to prove something worth investing in and why put me to training when there's work available. Thankfully, on that front Udemy is not regularly coming out of my pocket anymore. I've also had to hit the card for travel. It gets reimbursed, but can take time. If with a consulting company they'll probably have a company card for your trip, but if freelance or small, yeah, you're going to either need to have a credit line or a starting cash buffer saved to use until you can be reimbursed and it washes. If I had to do it myself, I'd try and get a $5-10,000 small business loan and use that as the buffer instead of a card (unless the card has really low interest and you can reimburse quickly).
so QA more easy then pen testing right ? and QA test engginer need to keep learn like in cyber ?
Does a pen tester have a set work schedulle and can you pen test as an indipendent contractor? If so how much could you make average per job, excluding your regular salary.
I didnt know that Neville Longbottom knew hacking
I thought the same thing and searched the comments for "Longbottom" 😄 No hate, just a funny resemblance.
Thanks for the vid. Great content mate. We have so many vids f3om youtubers from other countries so it's nice to see someone from the UK as it's slightly different than other countries e.g. salary and benefits package etc. Would love to see a vid on salary expectations in the field as well as how to start in this field from scratch.
Thanks mate
:me just trying to learn and find youtube videos on the topic
CZcams recommendations:
You should rename the video because these are "Important Things To Consider" when pursuing a career as a cybersec professional. Anyone who is in the industry regardless of their position or motivation at the end of the day is a Researcher. These are the reasons I love this field, its always changing, you have to remain teachable at any age. There is constant opportunity, the knowledge is never wasted, Some people get into the desired space and realize its not for them, but the foot in the door made it easy to transition easily to a different job in tech completely. If you want it to work it will, simple as that like most things in life.
Thank you for making this video. Nice to hear someone point out real pain points of this work.
Expenses are one of my most hated parts of the work too.
What's your opinion on becoming a pen-tester with automated pen-testing emerging. Companies would want to purchase a.i testing as it's faster, makes less mistakes than humans and is a 1 off cost in some cases. Is the future of pen-testers doomed like factory workers?
Great question
Great video and insights DemmSec, I have experienced the same during my small time in PenTesting. Being a hacker may sound good, but the daily work is tough and the clients environments can be challenging.
To what domain did you move on later then?
@@draco24able I'm still in the industry, but in a Training role now, enjoying it alot though.
@@onthewall425 can you please tell me the skills that you have acquired to get into the job that you are currently in. I am doing a cert on CEH, basic knowledge in network and Linux
@@draco24able I started with A+ many years ago, then studied Networking defense, and also got CEH, after some experience I got my OSCP, which is my most recent certification.
Dude, great video! Such good points and very on par. Looking forward to you whipping up more videos again.
Really glad you enjoyed the video, and I've got more videos in the pipeline!
@@DemmSec I'd like to contact you. Is there a way?
to be able to do web app pentesting at what level do you need to know programming languages, to the point were you are creating apps/websites or do you just need to learn the basics/beginner level? Thanks in advance.
man, as owner of 70k followers - YT-channel in the it-sec niche, if you want to have less stress , you really should do some social marketing / influencing... much stresslesser and even fun as long as you stay in the itsec niche
Mole telling me not to be a pentester
Most of this just sounds the same as it is in Games/VFX - except, the pay is higher in CyberSec. MUCH higher.
Too late bro I'm in way too deep
Only put neccessary expenses on credit. Gas groceries etc
Thank you for this video! I was looking at different areas of computer security that I could move into and thought pentesting was something that interested me. However I am not in a position to be able to travel frequently. I think that I will continue to learn pentesting but with the goal of working within an org or for a large service provider where I don't have to travel often.
hey that video was not too negative at all in my opinion! i also work as a pentester and the only thing that was mentally draining for me was the way (rhetoric questions, sarcasm, etc.) feedback was delivered to me when my testing was reviewed. But to be honest that could happen in any job. Luckily I have learned to deal with that feedback and also my testing has improved so there is less to complain about XD. My advice with the reporting issue you have is to set up a separate calendar in outlook that is just for security assessments and block out enough time for all jobs and add a bit of extra time incase there's tons of findings.
I know it's probably a question you get asked alot I apologize if it's a inconvenience or something that irritates you I'm trying to learn how it works with why it works and how the methods of hacking not just ethical hacking but all types and methods of hacking were created how they were developed and how they work and who originally created each method and how the methods and tools, equipment evolved and what is the next generation of hacking software,tools, and methods are predicted to be I know it's alot but it's not enough for me to learn to do something I want to learn everything about the subject how it works how it was created and the creations intentions and original purposes.
I so feel this comment!! I'm the same way!! I need the whole picture!! 😆😆😆
every single point you described is same in any job role what pays. Not sure how many different jobs you had, or how is your attitude at work, but all that is completely normal for a person who does not want to work in McDonald for minimum wage.
Very interesting insight to someone who is not in this industry. Wasnt aware of the client side aspect.
How likely is it get a pentesting job without have an OSCP certification?
So bedides pentest and bugbounties, how one could be paid to hack ??
Do you always have to be able to get security clearance to become a pen tester?
I don't understand what he mean about the expenses
Thanks for the honesty
Do we need Certification to become bug hunter?
Where do you get your cyber news? Any helpful resources for cyber news you can give us?
Everything he’s explaining applies to any job that requires specific skills or education.
im looking to get in the pen testing looking for friends intreasted in the same thing ?
I'm sorry I know this is a serious video but I'm losing it at the fact that the auto-captions translated the introduction as "Why people shouldn't get into Manchester"
That's the best part mate! When you're stressed out, that basically means that you're fucking curious to work, learn and possibly excel at pen testing. No pain no gain right?
Is investing your own funds in the project/job standard operating procedure in the United Kindgdom? (making a small presumption) Are these big companies? small?
Thank you so much for your insight.
hello, i want to get into the cyber security business, i'm brazilian and would like to and i have a lot of affinity with the area, are there really any salaries that go from 100k to 350k per year? is there space to undertake?
Opa, ainda tô me preparando pro A+ mas não consigo deixar de assistir vídeos e pentest e red team. Sou louco por isso. Tbm sou brasileiro e tenho afinidade com a área, tenho um caminho longo pela frente até chegar a ser pentest, talvez uns 3 anos mais ou menos. Enfim. Boa sorte pra vc irmão.
@@FaLkraydz então cara, conhece alguém no ramo? Papo reto tu acha que isso de 300 mil dólar ano é real? Da 150 mil reais mês velho, tu acha que do 0 ao pro estudando 3 horas dia passo 2 anos?
@@willownot se estudar de verdade passa. Tbm tô no zero. Me preparando pro CompTIA A+ ainda. Trabalhando 12 horas por dia e tals, complicado de ter tempo pra estudar. Mas essa parada de 300K vc tem que se perguntar quanto recebe no Brasil. Pq no br ele não devem pagar em dólar.
@@FaLkraydz sou fluente em inglês, então vou buscar trabalho remoto tlg? Que curso é esse que tu vai fazer? Mas tu acha que é real ou balela de vendedor de curso esses salários?
@@willownot num acho que seja balela não lek, mas 300k nunca vi não. Mas já vi até 250k máximo. Tu conhece o canal do Gabriel pato? Ótimo canal. Tem o IT career questions, John Hammond, professor messer, IT Pro TV. Networkchuck. Pesquisa no CZcams sobre as certificações CompTIA. Sobre conteúdo blue team e red team pra vc ember qual caminho vc se identifica mais.
How much does it pay?
Thanks I appreciate this post.
If I went into pen testing I would like to work like a dog for experience and eventually open my own business.
Thank you for this. What other roles would you advise with in I.T that is less stressful and worthwhile. I want to to do a career change and I’m in my mid 30s
Try development.. I know it's trendy right now but I find web development super fun and the community is cool. However a lot of the same stuff here will apply, aside from dealing with customers (as much).... But in anything in IT you have to love learning.
@@codecleric4972 thanks man 👍🏻👌🏼
thank you. CS third grade. I don't know what I will do in the future.
Sir i graduated my BE in electronics in 2018 and got the job in 2019 has a System engineer, Currently i left my previous job has it was not my cup of tea, I did Cehv10 certification and currently i am confused whether to start my journey has SOC or Pentester ?
Hi Dale,i found this interesting.I think u have to enjoy being challenged.I do to a degree but dont think i could be a full time pentester. u have soooo much to think about and like u say, u have to be on the ball with whats going on in this industry.Good to see u back doing some videos..
Thanks for the feedback! And I'm really glad you enjoyed the video
DemmSec Hey Dale is there part time positions in pentesting?
Is there part time positions in pentesting?
Good video mate, is the money not that good in pentesting then? What's average salary and is there plenty of jobs in it for uk market. Thanks
6:57 - WHAT?!
The credit card/money problem should be in the contract you sign.
already at number 5 the first one him saying you never stop learning bruh first of all you in IT what were you thinking and if you been in the pentesting for a couple of years and talk like you think it's the worst why not leave it and do something else that you like
You’ve misunderstood - I’ve listed reasons why SOME people might not want to work in the field. I’m still a full time penetration tester and security consultant
What do you do when stuff breaks, but your disclaimer already said some things could break?
Very real man, great video :)
Thanks a lot Dai!
Being a pentester, you stressing me out
Why's that?
ohhhhhhh you stop me from that
oh what i do know i was swith of here from machine learning
Hope you're doing well Dale, good to see you again.
The biggest pain point is the neverending learning I think. When you have kids your time is limited on a whole other level and doing quite demanding certifications on the side can wear on you a little. I also need some relaxing time where I do nothing some evenings. I did the OSCP and am now doing the CRTP from penteser academy (both highly recommended) but then there are more difficult things like CRTE, OSCE, eCPTXv2 and it's just the screw without end I feel sometimes :)
I do Cyber security on the side as a hobby when I feel like delivering a little bit of cyber justice. My main job is being a Software Developer.
Become a Security or Functional Tester instead.
Is that better?
I understand very hard your english pronunciation
i like fishing as well.
phising dude
i love the video but the gate on that mic :'''''''''''''(
Question, do you think the money you make in pen-testing worth all the stress that it comes with?
Second question, do you think you can do freelance work or even remote work as a pentester and still make good money?
Third question, are you capped as to how much you make as a pentester, will I be able to make more money while I'm learning more and implementing newer ideas?
I think it's more about finding a place where you have less stress put on you. At the moment I make decent money and I'm at a place where they have a better handle of responsibilities etc. At my previous job I was on similar but less money, but they also required the tester to take more responsibility over other day-to-day business requirements.
You can do freelance work and make very good money but you also take on all of the risks associated. Needing to make sure you're not about to get owned in a lawsuit etc.
You're not really capped on what you can earn, in the UK I've seen salaries from 20-30k up to 100+. There are always opportunities for development etc. As well as earning additional cash outside of the 9-5. Overtime and out of hours work is usually paid quite well, then you've got bug bounties etc outside of regular work.
I think the job in general benefits those who have a bit of hustle. If you're the type of person to seek out opportunity and take stuff into your own hands you'll do well.
Hope this helps
@@DemmSec Really well replied, thank you good sir!
Apologies that it took a while, just needed an opportunity to write a proper response 😁
@@DemmSec Haha appreciate it man no worries there, it's better you took your time, because I've been spending months almost a year, preparing my self to obtain the OSCP and then eventually wish to go for a 9-5 job as a start to my pentesting / cyber career.
I already have gone through the ropes with helpdesk and some other stuff, but I wanted to settle on something that I enjoy, and I really enjoy pentesting and the critical thinking that it requires.
That being said, I just want to make sure that all the hard work that I'm putting in doesn't go to waste and even to regret down the line when I'm doing real hard work and not getting enough for it in return, but ROI basically...
As side work, I have clients that I make websites for and even DBMS's and I plan on a youtube channel as well down the line, so I can get the multiple streams of income, but my current primary focus is OSCP and OSCP only, as it has been a long desired dream of mine to prove to myself that I am capable and then obviously employers.
I'm obviously a little biased. But I don't think you'll have any regrets. The salaries are good and more cash is always within reach. Especially compared to help desk roles there's a lot more autonomy etc
What about FuzzTesting like a Boss ? 😎
Hi DemmSec, appreciate the video as I'm looking to get into the cyber security world soon. Just wanted to ask you if most of your work is freelance? Is that why you talk about your expenses and hotels and stuff, thanks
Nope, I work full time for a company
@@DemmSec then what was the whole spill about money and being a 1000 pds in the hole??
Like I said.. you go on-site for jobs and you need to cover everything you need whilst you’re there. So your hotel, trains, food
@@DemmSec got it! Thanks
AMIGO's, If the goal is INFOSEC, particularly red/purple team. Do I need Net+ or CCNA?
i.e. jus got Sec+
Now should I do Linux/Python next or should I focus Net+/CCNA? What are your thoughts on all that?
oNe
I would get really strong with Linux. As strong as you can. You would also need to know at least the basics of how Windows works. Then, CCNA is so so much stronger than Net+. You may end up not actually NEEDING it, but you can be sure that it will give you a pretty good foundation on networking (and some network security). Cheers.
@@sep7im535 cRAZIEST thing happened, and boy do I mean crazy.. I just landed an entry level PEN-TESTER position off a 2 month old forum job post, even tho it was old I still reached out and they apparently loved my energy, hunger, and drive so much they brought me onboard!! So now I'll be learning Networking on the job.. Along along with Security.. so for the time being, no more certs!! Woot, woot, I start MONDAY.. can't wait!!!
oNe
@@phabeondominguez5971 Bro, you're not gonna believe me but I just got started on my first pentester job two days ago. Perfectly synched, right? Lol. Take care, and best of luck!
@@sep7im535 NOICE, haha what a coincidence at that!! What have you been doing so far, what's your day to day like? I'ma use this weekend to bone up on Wireshark and nMap.
@@phabeondominguez5971 Nice, get as much practice as you can. These days I haven't been given much to do, but I got introduced to my first project today and it's pretty nice. If you've been doing CTFs and TryHackMe or something similar, I'm sure you'll be golden
Build Reviews and build reviews
Please tell me what is the difference in Red teaming vs Blue teaming vs pentesting
comparison on the basis of daily tasks and intensity. I have a fair bit of idea of blue teaming since I'm a SOC analyst but would like to know more from you guys.
Love react is appreciated but would want you to throw some light on it if possible mate🙂
I'll make a video :) easier to explain that way
I will take a stab at this.. Pentesting has a more rigid restrictive scope, usually 1-2 week engagement (time-boxed), announced, and you're looking to identify vulnerabilities, sometimes exploit them, maybe not.. depends on the ROE w/ the client, etc. also, lots of times orgs just doing it for compliance reasons (checkbox security), like mentioned in video. Redteaming OTOH, there's often little to no rules/scope, the engagement can be anywhere from a week to 6 months, its not announced, and you're testing programs, policies, people, skills, and tools. Then ofc, blue team, well, you're defending all the things :) Then, might as well cover the new(er) hotness, which is Purple Teaming, and that's a hybrid of Red/Blue, where the (2) teams are working in tandem, together. Blue makes Red better, and vice versa. "Offense informs Defense" concept, "the sword that hones the shield".. HTH?
@@jdubbz9368 bruh, you didn't mention PURPLE Team tho..
In 2020 we no longer jus exist in the shadows..
@@phabeondominguez5971 I think you missed the section at end of comment, where I did mention Purple --- "Then, might as well cover the new(er) hotness, which is Purple Teaming, and that's a hybrid of Red/Blue, where the (2) teams are working in tandem, together. Blue makes Red better, and vice versa"
Lmao i want to never stop learning, otherwise it would be boring.
Same here!
How come always learning new stuffs is a bad thing?
Didn't say it was.. I was just giving reasons people might not want to become a pentester
When you order Elon Musk off of Wish.
what do you think about creating own cybersec company?
I don't think it would be for me. At least not a pentesting company. However I do like the idea of running a managed service/cloud service for pentests
I’m a student CySec still and thought of setting up a company later in my life. I’d go down the consultancy or specialists route though, I don’t think pentesting is a viable market. Sites like Hacker101 offer these web app pentesting for like mostly free until someone finds a vuln.
@@v380riMz Like a cyber lawyer, me too. the chilled route man
it's like everything he said, but times by 10. you need to worry about the people you'll be working with / employing but also where the next job is coming from to pay said people. not for the faint hearted.
in other words you got to do the job first then they pay you.you need to work for your self.
These reasons is available for so many jobs soo humm why not ?!
we've got ourselves a badass here, this guy is a pen tester, he's on the ball and he's gonna tell you why you aren't good enough to be a pen tester. lol.
i have already mental issue with doing anything.at least i can get money in pentester lul
That's exactly why i'm not too sure to go for it, but i really like pentesting so i don't know what else i could do
I swear I need subtitles to understand his English. When did they stop teaching this language in the UK and its former colonies?
That was a good one cos im using my own money for a month when i finaly get paid i havet made any money at all lol lol hahaha.
Reviewing AWS configs is boring as shit. First hand account.