Powerful Google developer tools for immediate impact! (2023-24 C)
Be careful who you sign
1.
2. What is this about?
Everyone has a goal in life
Mine start out as just being a penetration tester
anywhere.
Some life lesson are hard learnt
Hopefully save you from lessons that could cost you
money
3. How did the company find
you?
Linkedin
Recruiter adds you and then sends you a message or
email
Resume
You submit your resume to a company or turned it on
a site like Dice.com
Friend
Someone tells you the company is hiring
4. What is the position
description
Look at the job description.
What are the qualifications?
Does it mention stuff you have not messed with in
years?
Does it mention travel? How much?
6. The interview
Be ready to answer questions
You should know xss, sqli, csrf, how an exploit works,
mitigation controls, etc..
Be ready to ask them questions
Are they a sub contractor or do they have their own
clients.
Does anyone big in the industry work with them?
How do they stay on top of new technology and
techniques? (Do they send you to conferences,
training, how often?)
7. The interview..
How does the team collaborate?
Do they message each other, call, can you sit in a conference
room and work out a plan?
Does everyone work local or remote?
Does the company as a whole follow a guideline or is it
up to the tester?
What guideline
How long are the assignments? What is the downtime
between?
Will you be asked to revise your report while you are on
another engagement?
8. Signing the paperwork
NDA – Non disclosure agreement
Read carefully. Most of the time it is about the company
clients, things you found (details), and company
processes
Non-Solicitation
Don’t ask my (the company) customers for work or jobs.
How long? It is reasonable? What if you don’t make it
past the probation period? Is the agreement altered?
9. Signing the paperwork
Non-Compete
You can not be a compete against the company.
By yourself or in another company?
How long?
Is it legal in your state?
10. Working in the
company
How does the company hand out assignments?
Is your boss easy to approach?
How does the company prepare you for your
engagement?
Are assignments does by a team or a person?
11. Final Thoughts
Company needs you to sign a non solicitation or non
compete.
They are scared you will take business from them.
If they rely on government contracts.
They create an influx of work at certain times of the
year. They are also affected by GOV budget cuts and
GOV shutdowns.
Do they have a wide variety of customers?
Large and small.
If they only do gov work, they will have slow and fast periods. Usually near the fiscal year opening and closing.If the clients are all gov, what happens when you are furloughed or cut due to budget? If all the customers are only in healthcare, what happens if they require you to be federally certified? The bigger the company, the more you get lost sometimes or easier to move up. The smaller the company, the harder it is to get promoted.
If the company has a non-soliciatation, they feel that you can steal business from them. Any real company would feel like they have a good enough relationship with the client that someone else should not be able to steal them away.
Most states do not honor these due to the fact you would make it impossible for someone to earn a living.
Can you volunteer for certain types of assessments? This can help you branch out your experience.If it is hard to approach your boss? Is he out of the office a lot? In Meetings? Does the company give you time to prep for an assignment? Do they had you any information? Does the company send you in by yourself? Do you work in teams?If you can not branch out then, how are you going to learn?If you can talk to your boss about general things, what will happen when you need him?If the company hands you things last minute or little to nothing about the engagement, how can you be expected to produce quality work?If you are sent out by your self for your first assignement, then the company either a)trust you, b)didn’t want to spend the money to send another person, or c)doesn’t care.