Working at a CERT and shifting to Technical Lead

This article is part of an article series about my personal experience and career in the penetration testing and security field.
Part 1: Start a Penetration Tester Career
Part 2: From Beginner to Expert as Penetration Tester
Part 3: Working at a CERT and shifting to Technical Lead (this part)

A new job
Because I was interested in Incident Response and wanted to specialize more in the field of penetration testing I applied at a CERT in one of the 30 biggest DAX enlisted companies in Germany. The environment was of course completely different to consulting companies:

  • more long-term thinking
  • not much overtime
  • more administrative work
  • more time for in-depth work

As in every job there are some advantages but also some disadvantages, but the advantages predominate for me.


More specialization
I was lucky that it was possible for me to attend lot of training and learning on the job. At this time my plan was to specialize in the field of exploitation. Among the training I did was:

  • “Tactical Exploitation and Response“ by Attack Research
  • Internal Incident Response Training
  • SANS Sec 660 with GXPN certification
  • “Windows Kernel Exploitation” by Hacksys (higly recommended)
  • Corelan Bootcamp & Corelan Advanced (higly recommended)

Also I was able to go to conferences like Brucon, Blackhat, Defcon and others and I could present Avet now three times at the Blackhat Arsenal, which is by the way one of the most fun events I presented.

But it became different
… than it was planned by me, which is not a bad thing. I did a lot of Incident Handling and later I was involved ramping up a vulnerability management system. While the latter is not that interesting for most people working in penetration testing, I learned a lot about companies politics and also management, which helped me a lot within my personal development. Because I traveled mainly to Asia I could also get Chinese lessons at work, which is a great thing. 

Promotion
After about three years I was promoted to a technical lead position in the Red Team of the CERT with some new duties:

  • Ensure that all provided services (Pentesting, Vulnerability Management and so on) work properly
  • Adjusting with the other CERT teams and management
  • Conducting job interviews
  • Organizational tasks (yes, writing excel sheets)

About the new position I sometimes have discussions with other professionals. One thing is that I definitely shifted away from technical stuff. On the other hand it is possible to influence the direction for the future, for example what should be in focus for the next time. By job descriptions and job interviews you can find suitable people for your team and so on. 
Important for me is not to loose the connection to the hands on work, so I like to be involved here too. But being also involved in some management tasks also gives the opportunity to self improvement and training on a non technical level.
If you do not like these tasks you better continue you technical career, which also gives you opportunities for improving and developing.

Conclusion
Besides all things I learned from a technical point of view (Incident Response, Trainings etc.), the more important lesson for me was and still is what I can learn from a management point of view and the personal development. Sometimes the attitude and the political thinking is more important than the technical knowledge for improving things in a big company, I try to find a way where I can combine both.

Two important take aways:

  • The exploitation trainings in that depth were not necessary when I look back at this time. It was no total waste of resources, but choosing more careful and adjusting your learning goals is always a great idea.
  • After staying for 18 and then 17 months at the two jobs before it is a good idea to stay a bit longer at the new job. Changing jobs too often might look bad on your CV. Also staying for a longer time is also opening new perspective (when you are on the right company).


That concludes the career article series from my personal point of view (so far) and I hope you enjoyed reading and that my experience is also helpful to other people and especially to beginners in the field.

Links

Some Online courses I did during that time:

Books:

For more links and book recommendations please have a look at the recommendations list.

2 thoughts on “Working at a CERT and shifting to Technical Lead”

  1. Pingback: Start a Penetration Tester Career – We learn Security!
  2. Pingback: From Beginner to Expert as Penetration Tester – We learn Security!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: