Today we would like to present you an interview with Jason Bernier about career in penetration testing. We talked about the importance of certification in the cybersecurity field, what is the most important skill for penetration tester!
[Hakin9 Magazine]: Hello Jason! Thank you for agreeing for the interview, we are honored! How have you been doing? Can you tell us something about yourself?
[Jason Bernier]: I like turtles. Just kidding. I’m a Red Team member for the US Army, working for Sotera Defense Solutions, and I am a part time penetration tester for Lunarline Inc. I like hockey, a lot… no really… I love it, scuba diving, and long walks on the beach. Just kidding about the beach, but I really do like turtles…. And cats.
[H9]: You are a Penetration Tester, why did you decide to choose this career?
[JB]: Honestly, because it was easy. I got my start as a systems admin/engineer for various defense contractors. I was tired of it, and wanted to do penetration testing. So, I started on my OSCP, and eventually got hired on where I am now.
[H9]: What made the biggest difference for you, between being a sysadmin and a pentester?
[JB]: Well, instead of getting paid to patch systems and ensure that they are running, I get paid to figure out how to break into them. It’s a whole lot more fun, and I definitely enjoy it much more so than being a systems admin/engineer. I get to think outside of the box, and be a lot more creative with how I break into systems.
[H9]: What’s the most important skill as penetration tester?
[JB]: Being able to adapt to various situations and thinking outside of the box. It sounds cliché, but it is very true.
[H9]: Is it true that programming is an important skill to have?
[JB]: It is very helpful, but it is certainly not required. It’ll just make things more difficult for you.
[H9]: What about certification? Is it as important as some people say?
[JB]: Certification is one of those things where people either really like them or hate them. There are lot of people out there who haven’t been honest on the way they have received their certifications, so a lot of people have a negative impression of them. I have the certifications I have because my job required them to get hired.
[H9]: Do you think certifications are here to stay, or is there something that might replace them?
[JB]: Well, I think that they are probably here to stay. Too many companies have put too much time into training and certification to just end that. A lot of employers also see that as a measure of someone’s skills, and want to hire people based on that. So I don’t see them going anywhere anytime soon.
[H9]: You have a lot of certifications; did they help you in any way?
[JB]: Yes, they helped me get my current job. I wouldn’t have it if it weren’t for the fact that I earned my OSCP.
[H9]: You wrote an amazing post about OSCP review (http://www.jasonbernier.com/oscp-review/). Do you have any advice for those who decided to take this exam?
[JB]: Thank you! I am glad my blog has managed to help others. I still get emails and posts about it. As far as the exam. Stick it out, and get it done. I had a lot going on at the time I took that (work, graduate school, life, family) and I still managed to pass that beast. There shouldn’t be any excuses. Do it, it’s worth it. Also #tryharder
[H9]: Was there anything in the feedback you’ve received that made you change your mind about any part of the exam?
[JB]: No, it just reaffirmed my feelings about it. I am glad it has helped people, and I am glad people still read it.
[H9]: Any plans for future? Are you planning to expand your blog?
[JB]: As far as the blog. Every now and then I get the urge to write. So, I am sure when I tackle my next certification I will more than likely write another review detailing my experience. I do plan on writing a red team/penetration testing book of some sort. I’ll take the project on when I feel the time is right.
[H9]: Do you have any thoughts or experiences you would like to share with our audience? Any good advice?
[JB]: One thing I can say is that you must have a passion about this field. You can’t be lackadaisical about it. You must really want it. You should have your own lab, and going through new vulnerable machines and learning as much as you can. You should want to go home and keep doing it when you get home from work. It’s not a typical 9 to 5 job.
[H9]: Thank you!
About Jason Bernier:
MCSE: Server Infrastructure, MCSE: Private Cloud, MCITP: VA, MCSA Windows 2003, MCTS, MCP, Security+, VCP5, MCSA Windows 2012, Certified Ethical Hacker (CEH), Red Hat Certified Systems Administrator (RHCSA) on RHEL 6, Offensive Security Certified Professional (OSCP), GIAC certified Incident Handler (GCIH), Offensive Security Wireless Professional (OSWP).
Specialties: Windows Server 2003/2008/2012, Active Directory, Hyper-V, Redhat Linux, VMWare, Virtualization, vSphere, vCenter.
Amateur Radio Operator (Call Sign KK4YJT), Technician