12 Days of PtaaS
You're not going to want to miss this celebration!

Pentester Diaries Recap: Exploring the Role of Continuous Learning

Welcome back to Pentester Diaries. For this week, we wanted to take a moment to look back at the past six episodes and explore some of the main takeaways from those sessions.

From day one, Pentester Diaries has set out to start a conversation around the world of pentesting. Over the course of our first six episodes, we have touched on a variety of topics and resources related to this profession, which have ranged from exploitation techniques to daily routine tips. One key element that has been present in each episode is the importance of continuous learning.

As the growth of technology continues to expand the threat landscape, the playground for attackers only increases. For pentesters, this means there is a need to keep a pulse on new developments and continually push their skills. With this in mind, Pentester Diaries is here to keep feeding that knowledge by introducing different perspectives and learnings to help professionals on their pentesting journey.

Let’s explore the importance of continuous learning by looking at a few takeaways covered in the podcast:

Learn something new every day.

In one of the first episodes, Harsh Bothra walked through different 2FA Bypass Techniques that he developed during his Learn365 challenge, a repository that he has built on his mission to learn something new every day. Harsh encourages fellow pentesters to develop their own learning systems and never stop tinkering. Learn more about 2FA Bypass Techniques and his Learn365 challenge in the full episode here.

Implement time management into your routine.

As a pentester, the amount of information to learn can seem endless, and it’s crucial to manage your time in an effective yet healthy approach. If you try to learn everything there is about pentesting you likely burn out. In Ep3, Matt Buzanowski offered tips on how to optimize one’s routine by automating repetitive tasks and using scheduling apps like Trello. Leveraging these kinds of tools gives your time back to focus on what is really important— pentesting. Check out more time organization tips and how to avoid burnout.

Understand how applications work from a business logic perspective.

Maintaining a proper schedule builds a stronger understanding of how an application works that can give you creative ideas on how you may be able to exploit it in a way that truly impacts the business. Dan Beavin explained that in order to find some of those business logic impacts, it’s important to build strong communication skills with the users, who can be a great source for improving the application. Learn more in Episode 1 about Understanding Business Logic.

Stay up to date with the growing threat landscape.

Technical knowledge sets the foundation for pentesting, but it shouldn’t stop at the fundamentals. It’s important that pentesters harden their technical knowledge by learning the latest attacks as the landscape is always changing. In Ep4, Shashank Dixit explores going Beyond Security Hygiene in the full episode.

Sharpen your soft skills.

Pentest learnings are not limited to just technical abilities, it’s also about growing your “soft skills.” Pentest Research Manager Robert Kugler and Sr. Technical Writer Grahame Turner explained how pentesters can approach report writing with a new perspective and to think of it as another way to showcase expertise. Strengthening report writing skills creates a more well-rounded profile that can add value to a pentester’s growth. Learn more about the pentest report process and writing tips.

Learn through collaboration.

Continuous learning is not a solo act but a collaborative effort. Pentesters at Cobalt see the ability to work with other pentesters and customers as an essential building block in their professional growth. In Ep5, Joan Bono talked about the importance of understanding severity scores and why communication with teammates and customers should be part of the process when making that determination.

The action items mentioned above: managing your time in a healthy manner, honing your technical skills, working on your soft skills, growing with others, and learning something new all contribute to the development of becoming a more well-rounded pentester. This maturity builds over time and culminates in a professional profile that we are proud to say embodies our community. Interested in learning more about our Core Community? Read more about Cobalt Core Pentesters.

Cobalt Core Secret Sauce CTA Image 2022
Back to Blog
About Cobalt
Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model by providing streamlined processes, developer integrations, and on-demand pentesters. Our blog is where we provide industry best practices, showcase some of our top-tier talent, and share information that's of interest to the cybersecurity community. More By Cobalt
Awkward Handshakes and Free T-Shirts. Security Conferences Are Back!
This week we visited InfoSec EU in London, which for many of the team was the first physical security conference in a while. Here are our biggest takeaways!
Blog
Jun 23, 2022