How to get into Physical Penetration Testing


1. Physical Penetration Testing =/= Red Teaming

Let us start by clarifying, that Red Team and Physical Penetration testing are not the same thing, but are often misused interchangeably by many to little consequence. But since we’re talking about careers, I feel it is important to get the terminology right.

2. Best way to get into the field?

Photo by Caleb Jones on Unsplash

3. How do I get started?

When I first started, I thought the same thing.

4. The reality

One perspective I have that few others have, is that I’ve hired a phyiscal pentest before. I commissioned it, set the scope, signed the waivers, my mobile on-call, bailed the pentesters out of bad spots, and paid them bills. Here’s a customer’s view of it.

Photo by Ben Rosett on Unsplash

Closing Thoughts

There isn’t a lot of work in this field; so if you want to pursue it, go for it, but keep that in mind. No matter your passion, reality of supplying something there’s little demand can be a harsh reality check. Doing Red Teaming and Physical Penetration testing is the dream job for many cybersecurity professionals out there today, me included.

Friendly neighbourhood cyber-janitor, cyber-landscaper, cyber-cartographer, and herder of cyber-cats (and unicorns). Just sharing my 2c. License CC-NC-BY-SA

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store