I have been researching a few pentesting companies over the past few months, just to compare my current employer to others. I am happy at my current employer, I enjoy what I do, and most of the people I work with. I am just curious what other companies do for their employees, and what they require from them.
Through my research I noticed that many of them give fairly good benefits, and seem to have a relaxed work environment.
I was surprised that several require their employees to speak at conferences, write white-papers, and do research. While I am not against any of this, I am wondering how they would have time to accomplish any of this. I am booked solid usually weeks on end, with maybe a day or less of down time a month. Many also require 25% or more travel, which I am not opposed to either, but I generally do most of my assessments remotely. I have complained to my boss that we do not travel to customers enough. I prefer to do some face-to-face conversations with my customers to get a better understanding of their needs. Plus it makes it easier to social engineer information from someone.
I was fairly impressed with Praetorian who is head quarters are in Austin, TX. They seem to have some very skilled and knowledgable consultants, who are involved in the security community and open-source projects. They seem to be involved with the local college (University of Texas), having career expos at UT. They also have some small puzzles that you can try to work. I will have to try these when I get some spare time.
A Job Posting for a "Senior Security Consultant (Software)"
Qualifications: Successful candidates should have:
- 2-5 years of information security experience
- 1-2 years of consulting experience
- Strong understanding of software and application security
- Experience with languages such as C, C++, Java, .NET, Ruby, and Python
- Strong oral and written communication skills
- Involvement in software community via OWASP, WASC, and/or open source development highly desirable
- Track record speaking at major security conferences such as OWASP Appsec, SANS Appsec, and Blackhat highly desirable
- Ability to travel 10% of the time
- Minimum 4-Year Bachelor of Science Degree in Computer Science, Engineering, or equivalent from a "top ten" institution.
While the travel is a lot less than many of the other companies, they require a person who is good a public speaking at large conferences and is involved in the security community.
Well I guess if I wanted to go and work for them, I need to start speaking at conferences and get more involved in the security community. Not really going back to college to get a degree from a "Top Ten" institution unless some one else is willing to pay for it.