Building the pentest team skillset

Filed under Penetration Testing
Tagged as

I saw this post on Hexesec the other day that made me think about all the skill’s that when you put them together could make one kick ass penetration testing team. Note that this is a pretty large list of skills that would be difficult if not impossible for one person to master. However, it gives you an idea of the various skill sets that should be required for a robust, high caliber team.

As a pentester you should be familiar with most of these areas, meaning, you should have working knowledge at a minimum. Of course, reverse engineering and vulnerability development may not be everyone’s forte…but take for example the web application pentester. Reverse engineering and vulnerability development is a skill that can be learned (especially if you have a deep programming and development background). Same goes for wireless penetration testing as someone with a networking background can easily pick this up. Everyone will still have their own specialty but you can still expand on your existing skills to learn new ones.

What’s the point? The more you and your team learn the more valuable you become to your organization, clients and your own career.


  1. CG says:

    You’re dead on with the team comment, there is no way for someone to be "good" at all the things he listed but a tester should have a working knowledge of all the topics.

    I think he listed a few things that are on the line with not teachable. FE, social engineer concepts are teachable, an introvert being a good social engineer is going to be difficult unless they are prepared to put ALOT of work into it.

    good article.

  2. jcran says:

    thanks for the props on the post. — i finally got a chance to comment back. 🙂

Post a Comment

Your email is never published nor shared. Required fields are marked *