Rishi :verified: · @rishi
57 followers · 75 posts · Server infosec.exchangeMany a times #infosec folks ask about #redteam or #pentest & the what's one of the most important thing in it.
Lemme tell you, the skills, attack-lifecycle, MITRE, evasion techniques are ever-evolving, and frankly can be learned & taught. Though I may want some baseline to fit you in the team, but it's not a deal breaker if you are eager to learn. To me it boils down to is how you perceive #security, how can you explain complex concepts in simpler terms away from the buzz words with some daily life analogies. How you write reports, communicate, deliver briefings etc.
If you miss this narrative coming out of an amazing gig (got the flags, hacked the sh** out of the application, environment, whatever) and couldn't articulate in the report - your stakeholder is like "sorry we didn't understand”. And worse if they didn't understand the #impact the #exploitation may have; they ain’t fixing it, my friend & event getting a write-off on it aka. #risk-acceptance
Work with your #clients, #stakeholders, #businesses as #partners, as extended teams. Sometimes, we have to educate them to have a secure ecosystem. Please understand - If they lose, we lose in making world a safer place. My boss once mentioned to me "Rishi, no matter how well you do, it's often the #perception of your clients that will define the outcome”. So, while we have the facts, skills etc. but if your stakeholder didn't understand or didn't have a good experience, they won't be paying attention to you. Period.
So next time your do your #SANS, #OffensiveSecurity, #CREST, #PentesterAcademy, remember to understand and try to explain the concept to you non-tech friend, partner, sibling and if they get it - you are in the right space to grow.
Why should you listen to me? Fair point.
I have been in this space for nearly 2 decades, and have gone through 1000s of such reports, talked to 100s of clients - tech folks, CXO, board, public forums .. and have sat on both sides of table; suffered enough burns to engrain this in my approach.
While you have skills in the binary world, have #empathy in the real world and sometimes it may take some effort educating them.
Tags: #cybersecurity #hack #bugbounty #wickedwildworld #audit
%toot_12%
#infosec #redteam #pentest #security #impact #exploitation #risk #clients #stakeholders #businesses #partners #perception #sans #offensivesecurity #crest #pentesteracademy #empathy #cybersecurity #hack #bugbounty #wickedwildworld #audit