{ "media_type": "text", "post_content": "How’s work life balance of Pentesters in services/consulting? Want to understand as I am looking to transition into cyber security role and have to consider this as an important criteria. Also, is this job with very high expectations, as I’m afraid if I would live up to the expectations due to learning curve..", "post_id": "5f6a8bba8fbd54001a02ff8a", "reply_count": 10, "vote_count": 1, "bowl_id": "58f94e5ab298570010451c66", "bowl_name": "Cyber Security Bowl", "feed_type": "bowl" }

How’s work life balance of Pentesters in services/consulting? Want to understand as I am looking to transition into cyber security role and have to consider this as an important criteria. Also, is this job with very high expectations, as I’m afraid if I would live up to the expectations due to learning curve..

like
Posting as :
works at
You are currently posting as works at

Best friends in pen testing.

They usually rotate between red and blue team with blue team rotations requiring specific days/weeks where you’re on call 24/7 (but get paid “OT” for the hours you do work). Red team is less demanding but depends on client/case load.

Highly technical job where you code your own tools and publish it on the internal GitHub repository + interviews, articles, etc for a big hack/breakthrough.

like

Similar to regular firms (40hrs a week) during standard weeks with variable hours based on clients and projects (shorter client/projects means more variability).

Most jobs from what I’ve heard are done through a common flaw/leak that hasn’t been patched (EX: friend found a password.txt file after 70 hours of combing through logs) so not everything’s technical but the hours are definitely less predictable than other cyber work out there.

Answer: it depends.

Some customers like you pentest during biz hours and some don’t. It is one of the more technical areas of cybersecurity. Some testers write their own exploits. But I know a few that are very successful using stuff you can find in the wild.

like

Exactly. Great points

like

If I recall correctly a lot of pentesting is done outside of normal business hours, but don’t take my word for it, I never had a primary source confirm this, just talk with coworkers in the cyber space

like

I do pen testing for some engagements. All during work hours.

What skills are required to become a pen tester? I’ve only ever worked in programmatic and compliance areas but would love to learn these skills

Depends on what you're testing. There's generally two main areas. 1) network and 2) applications (and applications have several types which require slightly different skills sets)

Learn the OWASP top 10 and the mitre att&ck chain.

And a bunch of other stuff.

Hit the CWE database and read through findings to understand what vulnerabilities are out there and then learn how to exploit those vulnerabilities.

Related Posts

Any opening for customer and marketing? Or any marketing related role in ZS?

like

Fishes, from your personal experience, what are the exit options at the SA grade post working with EYP/S&. If currently at 55k, with 4YOE, what kind of exit I can look at and role types? Will I have to take some cut?

like

I’ve got an informal discussion with a partner at a regional big firm set up through a cousin whose company is a client of the firm. Purpose is to ask about culture etc. with the idea that I am applying there for a specific lateral position in my practice area. I do not have top grades but not awful, from a nationally recognized school graduated over 5 years ago. Is it possible this could lead to a recommendation or some help getting hired or is it impossible to break into even regional big law?

like

Recently offered the Datorama Support Engineer role in Salesforce. Can anyone tell me about the wlb, rotational shift schedule and the work for this role? What is the learning scope in this role?

like

Are there any open positions for associates? I am a recent grad and have 1 year of ERP consulting experience (based in FL, but work remote). I am open to any role and would love suggestions. Thanks!

like

Hi Sharks!
Question for Data Engineering project managers. And applying for the same role as above.
I come from only Project Management and scrum background. I have a client interview and expected to ask stuff on Azure. Could someone help me out what level should i prepare? DP-900?

like

How is a Release manager role?
I'm new into IT (non tech background) On bench for a long time. Looking for a role which can give me good learnings so not sure if I should accept it. Also I have heard that such roles have nightshifts and weekend workings. Please provide details.

like

I recently applied for an Inside Digital Sales Rep position within VMware. It has been a couple of weeks since applying and I have heard nothing and the application page just says my application status is “Under Review”. Does anyone know the usual wait time to hear back? Or know anyone within recruiting I might be able to contact? Thanks for your time!

like

Anyone in industry looking to give a referral? My experience: 10months audit, 7 months FDD, looking to transition into an FP&A role in LA. Goal salary 85+

like

Is anyone acting in an AI translator type role as defined in HBR ? If so experience and and thoughts ?

like

Which private equity firms are most open to hiring from consulting backgrounds?

like

I got a message on LinkedIn from a Microsoft recruiter inviting me to do a video call of 20-30 minutes to get to know me. She did not tell me for which position. Just told me that is for Microsoft Dublin. What kind of questions can I expect from this first video call/Any advice? Thanks!!

like

What if I reject Accenture's offer (13+3) LPA and go with Nagarro (on-going interview, 20 LPA)?
* Will Accenture Hiring Team blacklist me?
* Or is it possible, that Accenture will re- negotiate?

Background:
Current: 10 LPA fixed, no variable
Current company retention hike: 18 LPA
YOE: 4.5 years
Technology: Microsoft Azure, C#, Powershell etc.

like

Interviewing for a direct admit partner role (audit) and I’m curious as to the key points the partners in this group would value and want to hear from a candidate. Coming from a firm where I spent 10 years and wanted to gain a broader view. Appreciate any insights.

like

Can anyone let me know if there’s any talks of hiring a senior associate in corporate accounting at PwC? Probably my dream job

like

I’m a Consultant at Deloitte and IBM is offering me a Managing Consultant role. Is a Managing Consultant at IBM equivalent to a Manager at Deloitte?

like

Hello fishes.

I am join ps in next 20 days for L2 position and I applied for 15 day early joining and request for join bonus so anyone how much joining bonus expected from them.

Also they offer increase CTC or joining bonus so which is good.

Thanks in advance

like

Accenture M&A strategy in NYC for a manager role.. what is expected salary?

like

Anyone currently working Danske IT and Support Services India Pvt Ltd ? How is work, India team and job security? How does promotion work, I was offered Information Risk Analyst position for 6 years of experience.

There are mixed reviews everywhere and I don't know anyone who knows this company. I am unable to decide if I should join. Any insight will be really helpful.

like

Which role is most challenging
Software engineer
Or HR (human resources)

likefunny

Additional Posts in Cyber Security Bowl

Any referral for a good automation tester for a Sr.Analyst position in USI, Hyderabad. Please DM. Looking for exposure in UFT/QTP or Selenium tools. Bonus if have some knowledge in basic finance.

like

Sometimes I join meetings a minute or two late on purpose, to take a mental health minute

likeupliftinghelpfulfunny
like

Anyone have a resource to share that lists must have/best practice website components (things such as an error page, image alt text, etc?)
I need this for one of my teams because... (continue below)

like

How much of a pay cut would you be willing to take to be happy?

(I thought I was going to take this offer, I got a pretty sizable counter. There’s a lot I don’t love about where I work right now but I think compared to the general public I have it pretty well. I would be happier in this new place but not sure how much value it’s worth ☹️)

like

DM for refferals

Post Photo
likeuplifting

I am facing issue while login to Accenture portal..after entering OTP it is redirecting to login page.. any idea when it will be fixed..or whom can I connect to resolve the issue?..
I am having discussion scheduled tomorrow..

Had a back-and-forth w teacher from another state and it has been tumbling around in my brain ever since. So this is a clarification for those who might still be misunderstanding the purpose of keeping kids’ sexuality/gender issues away from parents.

2 years ago, mentioned to parent about how her kid identified as trans. Because hey-parent should know. School social worker quickly schooled me why it’s NYC policy to NOT do that. It made perfect sense after she explained it. (Cont in comments)

likehelpful

Nearly every VC profile I've been encountering, the individual has both a MS and a MBA. MS is usually in Engineering. Is this 'extra' education pretty much required to break in?

like

Has anybody thing heard of LifeSci (consulting/BD&L division) based in NYC? Recruiter was pitching it but wanted to check FB for insights into the org as I’m not familiar

like

Had what I believe is a final round interview with a market paying firm today that seemed to go very well. Coming from a small firm this would be huge for my career. Can I get collective good vibes that I’ll get an offer?

like
like

Any former appellate clerks here? What was your path? Any insights much appreciated.

like

Hi all!

I’ve started @DearAsianAmericans on IG and FB to share our stories to celebrate, support, and inspire each other.

Would appreciate a follow and a share w friends.

Happy APAHM

likeuplifting

Anybody here that focuses on ITDD / techDD transition to PE Ops? Would be great to hear your career path and advice

like

I'm an intern at EY atm. What if you get a job offer at EY and one at PwC? I'm torn since the time I arrived at EY, a bunch of people had just left so the atmosphere seemed a bit grim

like

If tax season wasn’t enough I get to go home and do homework for grad school.

Post Photo
like

Ever seen an m&a Consultant exit to IB associate w/o mba or prior analyst experience?

likefunny

These are my confessions

likefunny

Additional Posts (overall)

For those who are in Pentesting, what is the situation like where you work? Are the people ok? have you been supported for advancing your technical skills, etc? what’s the environment like? i’m looking to exit where i’m at now, trying to get a feel of different places.

like

Hey Deloitte fish what exactly does your cyber risk group do? Implementation/assessments/governance etc.

like

Privacy fish - Anyone taken the CIPM and can share what the exam is like?

Content outline seems like application of standard consulting approach, so how do they test it on an exam?

Folks I want to get into cloud but don't know where to start. I want to take a course that will teach me real world practical skills. I began one on Udemy but asking the group to recommend courses/sites/boot camps that will actually teach me skills to help me pivot into cloud. Thank you in advance for your help

like

Any fish can provide insight about KPMG cyber security group in NYC?

like

My team in specialized in Red teams and I am the only one with working on cloud pen testing from the time of joining with no experience in red teams. When ever promotion discussion comes my counselor advice me to get Red team experience but puts me back on cloud projects. I have a very good utilization and reviews till now. I want to shift to cloud testing team or a new job. Any suggestions on changing team and should I request it before or after this pandemic situation is over?

like

Hiring for a product security engineers, App Sec Architect, Sec Program manager. Cali based cloud company. Remote opportunities. Feel free to dm

like

What is the best, highest-paying company for cybersecurity companies?

likehelpful

what pays more ... IR or Cloud Sec ?

likefunny

Can someone from the PwC Cyber practice DM me? Am interviewing and have some questions. Thanks!

like

What’s the take on KPMG’s cyber practice? Growing? Stagnant? Competitive? West coast vs east coast leadership good/bad?

like

I can’t respect IT people who have hotmail accounts

likefunnysmart

How much do cyber security professionals make after about 5 years in the field?

like

Trying to see what fellow practitioners think about the different areas of Cybersecurity. What do you think is the best area to be in, and which is the worst. I’m talking anything from pay to opportunity and long term outlook for that area.

I would have to say Cloud Security is the best overall and probably say training / end user education is the worst.

This is also not just based off of personal preference but I’m thinking long term growth in the area / pay / opportunity, etc

like

Looking at McKinsey cyber opportunity. Anyone from McKinsey can share some insight?

like

How’s KPMG Cyber? In the Cloud, GRC space?

like

Would a web application dev with 1 year experience be desirable at all for cyber sec?

Anyone got laid off from their cyber job during the pandemic? Which companies?

like

Transitioning from IA to Cyber Risk. Wanting to maximize my value/compensation. What certs should I be working toward? What type of projects should I be pursuing?

like

How difficult is it to exit from being a cloud security consultant at ACN or Big 4 to working at FAANG, Microsoft, or Big N? It seems like I have seen some good exits but I am wondering if the certifications and prior experience has more to do with it than anything else.

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
Download Fishbowl to see what others are saying
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the Fishbowl app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy.

Already have an account? Log in

New to Fishbowl?

image with Fishbowl logo and arms reaching out for a handshake

Already have an account? Log in

By continuing you agree to Terms of Use and Privacy Policy.
Messaging rates may apply

For account settings, visit Fishbowl on Desktop Browser or

General

Legal