Saturday, March 26, 2011

The Key Skill-Set of Great Penetration Testers

via (March 24, 2011) -

I was reading an article entitled “Ideal Skill Set For the Penetration Testing” that I found fascinating. And while the author had some good points about the some of the more easily forgotten background skills that are required to be a great pen tester (e.g. OS and programming language skills), I think Keatron missed the majority of the real key skills that are required to become a great penetration tester.

Because, while it’s important to have all of the skills that he mentioned, one could have all of those skills and still be missing a lot. In fact, I know a lot of people (even those who have penetration testing jobs) that have all of those skills in spades and yet have trouble executing on penetration tests.

For me, the difference between Keatron’s list and a great penetration tester comes down to one thing: intelligence types. Specifically, the difference between convergent intelligence and divergent intelligence. Convergent intelligence is the ability to derive a solution from the evidence available to us, while divergent intelligence is the act of taking a single thought or concept and finding multiple applications for it.

In the Western world, we have traditionally emphasized the importance of convergent intelligence – all of our schooling focuses on developing this type of intelligence. Yet, it is the ability to develop divergent intelligence that actually leads us to be great penetration testers.

No comments:

Post a Comment