Tuesday, January 12, 2016

Pentest or hack to your new Security Analyst job

You got a phone call for a Security Analyst position in your area, you are excited, you've been applying for that kind of position, now you got their attention and have a first phone interview what will you do?

You will need to follow the same steps that a hacker does when attack a company, let's check:

Phase 1 - Reconnaissance

Yes, you will need to gather information about the company and the person or people who will do the first interview on the phone. Sure the recruiter will tell you the name (s) of them and the time. 

With the name (s) and company name you begin to research, the first thing is the company website, you need to know what the company does and what it means. Inside/out, including what position are available, the requirements, etc.

Now with the interviewer name find everything that is possible, check LinkedIn, Google+, Facebook, etc. Yes, sometime you can get in Internet where he/she lives and what kind of sport he/she plays, the better you know about that person(s) the better you will have a chance to connect.

Phase 2- Scanning

During the phone interview you have the chance to send a few packets, you have the chance to ask questions about the position, requirements, environment, ask interesting question, and those question had to be prepared before the phone interview.  Do not make uncomfortable questions, you do not want to crash your target.

Phase 3 - Gaining Access

This is the face to face interview, here you will be able to send your exploits, show then who you are, your technical and not technical skills like good communication skills. show them the ideal person for the Security Analyst position is YOU.

Remember in this phase you still are discovering, now you need to scan more and a little more, ask more questions and remember do not crash the server, you do not want denial of services DOS.

 Phase 4 - Maintaining Access

In this phase after the phone and face to face interview send an email saying what you got of the interview, showing you are interested in that position and leave the door open for more questions from them, maintain your access.

Phase 5 - Covering Tracks

If you got the position, CONGRATULATION and if not you got a lot of experience in this pentest, you will drill the next one, remember the Pentesters have to be the masters. Also in this situation, where you did not get the position send an email with a thank you for the interview, who knows they keep you in their mind and they could change their decision.

If you look your job search like a penetration testing process, then first you will enjoy it and second you will increase your confidence in yourself and success.

Keep going and enjoy the process.

Please tell me what do you think in the forum at http://www.learn-security.net/

No comments:

Post a Comment