Between pentesting and entrepreneurship
Yesterday I was driving back home on my scooter. It’s a 40 minutes long trip and while surfing back and forth across crazy cars not respecting speed limits I have got a lot of time to think.
A security specialist it’s like an entrepreneur or a startupper… it must have a strong culture of failure.
The culture of failure…
Yesterday here in Italy, our Minister of Economic Development Corrado Passera attended to a startup meeting near Venice. It was a great news in my country since startup culture is something growing slowly in those years.
He spoke about failure: “Chi fallisce non è un fallito. Chi fallisce è chi ha imparato qualcosa” that in English it would sound like: “Who fails it’s not a loser. Who fails he is someone he has learnt something”
Chi fallisce non è un fallito. Chi fallisce è chi ha imparato qualcosa
from penetration testers…
An application security specialist (like anyone, on the other side) fails a lot of times during his carreer. When you start testing a web application or an host for vulnerabilities it’s quite common that a non experienced tester would cause the target system to crash. It’s common to make mistakes choosing the tool or tuning the scanning parameters and being too aggressive (for a poorly written code).
Unexperience can drive you to make wrong assumptions and fill your reports with false positives.
Good hackers must learn and never give up. This is obviously true in so many fields other than IT Security.
Pentester must be curious, they must read tons of blogs and online resources and they ideally must learn something new every day. They must not be scary about a new DBMS they wasn’t aware about, or if they find something strange a good approach is starting googling at it.
This is the stream of consciousness it was in my mind yesterday around 6pm CEST.
I was also thinking about myself as startupper.
Starting up this blog almost 6 month ago it was great and I’m collecting more than 10.000 unique visitors and thank you for this.
Other competitors offering code review as SaaS are there and veracode is one of the most promising players in this field.
Actually, I don’t know if I’ll build codesake in some way or if I will release a MVP or either if a day I’ll appear on Gartner Magic Quadrant.
A set of ruby code that it will be the spine behind upcoming codesake.com.