We got blue team, we got red team, we got offense security, defense security, government compliance, customer service, all these things, you know, how to write a report, communication, all these, there's so many skills and you're not going to be perfect at any of them and that's okay and you're not expected to be perfect at any of them. That's why I think it's really going to be well-rounded, right? You don't need to be an expert in any one category and if you are an expert in one category and you're weak in all your others, I mean, I don't even know if you can consider yourself a great pen tester, right? If you can find exploits all the way, but you don't know how to communicate that in a friendly way, then you're not a great pen tester, man. Hi, I'm Kyser Clark and welcome to The Hacker's Cash, the show that decrypts the secrets of offensive security one bite at a time.

Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you. Thank you so much for tuning in.

Today, I have another solo episode and for those who are new to the show, these solo episodes only happen once a quarter. We are in Q2 2025 and before we dive into the show, I do want to announce something and my announcement is I have a new certification, bringing my total amount of certifications to 17. I have 17 certifications, 17 exam pass, and I'm getting up there in numbers and the certification that I passed was the TriHackMe Security Analyst Level 1 or SAL1 or SAL1, whatever you want to call it.

It is a certification geared more towards blue teamers and cybersecurity analysts and soccer analysts. I decided to go for it because I got a free attempt and for those who don't know, I was able to get a free attempt because TriHackMe was giving out free vouchers to anybody that had a CompTIA CYSA Plus or a Blue Team Level 1 certification and because I had a CompTIA CYSA Plus, I was able to get a free voucher and that was open to everybody. They made a public announcement on that and if you follow me on LinkedIn, you would have saw that because I definitely reposted that post and if you aren't following me on LinkedIn and you didn't know about that and you wish you knew about that, well, the reason why you didn't know about that is because you want to follow me on LinkedIn because I share a lot of insights on LinkedIn that don't necessarily make it in my blog posts, my podcasts, my YouTube videos, or my newsletter.

Stuff like that is, hey, you need to know this right now and I'll just do a simple repost and it doesn't warrant a full video or a full blog post or a full podcast episode, right? For stuff like information like that, whether it's a cool announcement from a company or just cybersecurity news in general that I think you should know, I'll just do a simple repost on LinkedIn. That's what the repost feature is for. It's not me really creating content.

It's just me taking someone else's post, reposting it. I might add my thoughts in there. I mean, for this one, I just said, hey, this is a cool opportunity.

You should jump on it or something like that and if you didn't jump on it while supplies lasted, then unfortunately, you've missed the bell because you had to submit that before March 31st, 2025 and here we are in April. So I'm going to be making a video on my complete thoughts and opinions and I'm going to review that certification and I'm going to go over my struggles and my successes, what worked well, what didn't work well. I did fail that certification on the first try.

I didn't study for it and that's maybe a part of the reason why I failed my first try because as an office security professional, I don't really want to focus on blue team training. I focus on office security, pen testing, red teaming training. So I didn't want to stop that in order to pursue a blue team certification because I normally wouldn't go out for a blue team certification because I'm still growing and learning as a pen tester and until I fully master pen testing and red teaming, I don't really see a purpose for me to really dive deep into blue teaming.

Now, there is a lot of benefit in learning how the blue team operates at least a little bit and we're going to dive into that a little bit later, but overall, as a pen tester, I'm trying to become a great pen tester and that's actually what this episode is about, how to become a great pen tester. And to become a great pen tester, I don't really know how to do it exactly because I don't consider myself a great pen tester. And honestly, that's not up for me to decide.

That's up for you, the viewer, listener, my peers, my coworkers, other people in the industry to call me great. But my goal is to be great. I do want to be considered a great pen tester and that's why I work so hard every single day.

And as far as my technical skills, my soft skills, customer service, certifications, content creation, that's why I do so much work and so much put so much effort in all this. And that's why I make the content I do is because I'm on the journey with you guys. All right.

I'm not when I make the content. I said this before, but I just want to reiterate the fact that I'm not on the top of the mountain guys preaching down to you guys and helping you helping you get to the top of the mountain. I'm not.

I am on the mountain with you. I might be two or three steps ahead of you. I might be five steps ahead of you, but I'm by no means on top of the mountain.

I am very far away from that. I, you know, I might be considered a cybersecurity expert by some people's definitions, but I'm definitely not an expert pen tester. I've only been doing pen testing for about a year now, full time.

So I have a lot more to learn. And it's impossible to become an expert in one year, right? They say, generally speaking, it takes five years of doing something. If you're working four hours a week to be great at it, because it takes like, I think, like 5000 hours to be become an expert.

Some people say it's 10,000 hours. But generally speaking, like, in my opinion, you really can't be an expert unless you put five years into something, which is, you know, I have almost seven years experience at this point in cybersecurity. So you know, maybe I am a cybersecurity expert.

But once again, I don't want to say that, because that's up for you. That's you, for you to decide and my peers to decide. But I'm definitely not an expert pen tester.

And the reason why I'm saying that is because I'm talking about how to be a great pen tester. Because that's what I strive to be. And this is the stuff that I'm working on.

And these are the things I believe to make someone a great pen tester. And if I'm wrong, then there'll be another episode about, you know, Oh, I was wrong. And I hit expert pen tester status.

And I got it wrong back in the day. And I might get some things wrong. And that's why that's why my content is constantly changing.

Right? Because I'm learning right with you guys. And I'm, you know, I'm falling into traps. I'm making mistakes.

And I'm learning as I go in my career. And that's why, you know, sometimes my contents a little inconsistent, like I'll say one thing one day, and then, you know, I'll say something different, you know, a few months down the road, because I got it wrong. So I just want to mention that because, you know, in the future, you know, I could be completely wrong with like, what does it take to be a great pen tester? You know, this could be this could be wrong.

And I'm okay with with that, because, you know, the field is changing all the time. And what made a great pen tester five years ago, probably isn't a great pen tester now. And that's what makes the content.

That's why I make the content that I do. And I kind of, you know, I'll reiterate some points, and I kind of go over the same topics. But the reason why is because the field keeps changing.

It's changed several times since I've been in. So keep that in mind is, you know, how do we kill a great pen tester? That's what this episode is about. But keep in mind that I'm working to become a pen tester for my pen tester to a great pen tester.

I'm currently in that process. And I think that's one of the reasons what makes me qualified to talk about this is because I'm in the trenches with you guys. And maybe you're not in the trenches, maybe you're still trying to break in the field.

And, you know, I made a lot of episodes about how to break into the field. So if you want to learn more about how to break in the field, definitely check out my other solo episodes. I forget the numbers off the top of my head.

But if you if you scroll enough, you can tell what is a solo episode because there's no guest on the thumbnail for on YouTube. Or if you're on audio, there's no guest name in the title. And I say you can tell it's a solo episode, you can tell it's a Q&A episode because it literally says Q&A.

So you'll watch some of my solo episodes that I did. And I talked about how to break in the field quite a bit. And this this episode is more about, hey, you've already broken in the field.

But how do you level up? Like, what do you do after you break in the field? So with all that out of the way, let's go ahead and just really get into I know I've been rambling on for a while, but I just wanted to set the scene, make sure you guys understand where I'm coming from. So the first thing I'd like to say about how to become a great pen tester is you got to know multiple disciplines of cybersecurity. And that's actually one of the reasons why I like to pursue the occasional blue team certification.

That's why I have the CompTIA CYSA+. That's what made me somewhat interested in the TriHack VSAL-1 is because knowing how the blue team operates, knowing the tools and techniques that they're using to catch cybercriminals or to catch hackers, that's invaluable to you, especially if you want to become a red teamer like me. I want to be a red teamer eventually.

I'm a pen tester, not a red teamer. I haven't done a red team engagement yet, but it's something I'm striving to be. You know, I'm trying to go from pen tester to great pen tester to red teamer.

And for those who don't know, pen testing and red teaming, two completely different things. We're not going to get into it too much. But generally speaking, pen testing is you're basically testing everything, whereas red teaming is more objective based, more stealth based.

Pen testing, you're testing the application and the network technical controls, whereas red teaming, you're kind of testing a blue team. You're testing the alert and instant response capabilities of a blue team. So that's, in a nutshell, the difference.

I mean, there's some other differences there. And sometimes I'll mention red teaming as all offensive security as a whole. And that's technically incorrect, although I do make that mistake sometimes.

That's technically incorrect. Red teaming, pen testing, completely different. That's why I like to use the term offensive security because offensive security, pen testing and red teaming both fall under that.

But sometimes I will refer to offensive security as red teaming. But just know that red teaming is completely different than pen testing. Well, I want to say completely different.

There's a lot of overlap there, but there is a lot of differences as well. So knowing how a blue team operates will make you a better red teamer, right? If you're trying to evade detection. And if you know how those detections are made, then that makes you a better red teamer.

And that's why knowing multiple disciplines, such as blue team, cybersecurity analysts, cybersecurity engineers, sonic analysts, if you know like what they're doing day to day, it helps you craft exploits to bypass some of the controls or avoid detection and fly under the radar during your red team engagements. Another thing that really helps you out when it comes to being an offensive security professional is knowing the non-technical aspects, such as GRC, government system compliance. And that's completely non-technical.

And it's important to know that because you have to write a report at the end of the day. And in order to write effective report, you have to understand the business risks. You have to understand the policies.

You have to understand, you know, how compliance and governance works, GRC, government system compliance. If you know how that works, that makes you a better pen tester because you can add more value to a company. And I would say, you know, pen testing and office security isn't all technical guys.

So yeah, you have to have a lot of technical skills, but knowing those other disciplines, such as blue teaming and GRC can really elevate you. Now you don't need to know all that going in when you first break in as an offensive security professional, but once you break into the field, you do want to level up those other areas, right? And you are going to sacrifice some of your technical abilities because you can spend time, you know, increasing your technical skills in office security, or you can spend time increasing your skill sets in blue teaming and GRC. There is a con to learning how the blue team works.

There is a con to better understanding GRC, but there's a pro too, because you're more well-rounded. And I think being well-rounded is, is advantageous, right? There is that saying, Jack of all trades is a master or none. And while that is true, I definitely been taking the jack of all trades route and it's been working out for me so far now in five years from now, we'll see how, where it gets me and I'll be able to make more of a determination on, on if that's worth it.

But in my opinion right now, being well-rounded is, is the way to go. And, but if you want to specialize though, by all means go for it. If you want to be like, yeah, I just want to be a web app and tester.

That's all I want to do. Hats off to you. Go ahead and do that.

Right. But for me, in order for me to be a great pen tester, I feel like I have to know at least a lot about everything. All right.

There's a lot going on inside of security. Right. And I, I enjoy the other aspects as well.

And I do focus mainly on the, the office security and the pen testing aspect side of things, web apps and networks more specifically, but I am learning those other disciplines as I go. My entire degree that I just finished my master's degree is in cybersecurity management policy. It's none of it's technical.

Okay. And there's a reason why I did that is because I want to know that non-technical stuff to provide better value, more insights. And I want to be able to communicate risks to my clients and whatever company that I'm working for, more value.

And I think there's a lot of value in doing that. Moving on to the next skill that I think you got to spend a lot of time on, and we're not going to spend a lot of time on this in this episode, because we talked about this. Once again, I forget the episode number off the top of my head.

So forgive me, I should have came in more prepared. But honestly, I just kind of clicked record. I didn't really come prepared because I wanted to speak from the heart and I'm trying to do that more and script out things less.

But this is customer service, client communication and soft skills. Like I said, we covered this pretty, I don't want to say in depth, but we did touch on this a little bit in the episode with Spencer Alessi. And that is, we talked about client communication, and that adds so much value to your clients if you are a consultant like me.

Now, if you are an internal pen tester, where you don't, you're not a consultant, and you're working for one organization, it's still good to have customer service skills. Because even though you don't have a customer per se, you do have a customer, your customer is your boss, your customer is the CEO of that company, your customer are the other people that work in that organization, who rely on you. Especially if you have a blue team, right? If you are a office security professional, and you're working hand in hand with a blue team, or a developer, that's your customer, right? You're trying to make their web app better, you're trying to make their network better, more secure.

Or, you know, the CISO, the CISO, you know, they, they are the boss of the security operations, they have to, the CISO has to have all the cybersecurity strategy, and they have a lot going on. And pen testing is only a single aspect of that. You know, you're, that's the customer, the CISO is your customer, the devs are your customers, the blue team is your customer, the CEO is your customer, that's your customer.

So that's when I say customer service is important. Even though you're not like me, a consultant, you know, I am, I'm actually am interacting with legitimate customers that paid my company money to do this pen test, you're still have to have good customer service skills. And that same thing for client communication, you can report, replace that word with client communication, with stakeholder communication, right? You know, there's a lot of stakeholders that that rely on your pen test, if you're an internal pen tester.

And soft skills, that's kind of like an overall umbrella for just everything you need to know, right? Business skills, how to talk with people, how to translate risk, all that. Soft skills is kind of like a huge umbrella term for all those skills that mostly revolve around communication and customer service. Moving on, technical skills, that's the exact opposite of your soft skills, also known as hard skills.

This is incredibly important, right? And you know, this is, you know, your exploitation, your understanding of how packets move around in a network, how does sequel injection work? How does cross a scripting work? How do you exploit eternal blue, all these, all these things that you have to know as a pen tester. That's your technical skills. And those are incredibly important.

And I tell people that you need to be focused on your technical skills, because you're not going to land a job without them. And you're not going to survive in the job without them. However, you're also not going to survive in your job without your soft skills either.

Right? You will, if you break in in the field, and you're just a butt, and no one can stand working with you, you're going to lose your job. Right? That's why the soft skills are important. But on the flip side, if you are the friendliest person, everybody loves you.

But you just can't hack anything. You're also going to lose your job because you're there to hack things. Okay.

So you got to have both, they're both equally important. And I would say the technical skills, land your job, you do need to have soft skills to, you know, communicate what you bring to the table in those interviews. But you need to, you need to authentically have soft skills, you can't just put on this front of being friendly, in your interviews, land the job and then be a butt and not know how to communicate with people once you land a job, right? So that goes is going to help you land a job a lot.

But once you get in the job, the soft skills is really where my focus is, I've been focusing a lot on my client communication. After the episode with Spencer Alessi, I was like, man, I need to work, I need to work on this. And that's what I did.

And I got some positive feedback from my clients, because I was over communicating with them. And I was providing them exceptional customer service. And I got positive feedback.

They love work with me. And that made me feel good, right? That made me feel better than finding a critical vulnerability in the web app, or the network, right? Yeah, yeah, finding a cool exploits, cool and all. But when you have a client that tells you, man, I really appreciate what you did.

That feels so much better than finding a critical SQL injection vulnerability or a getting domain admin, in my opinion, okay. Now, if you can do both, if you can find, if you can get da domain admin, or you can get it find a SQL injection, you find a critical vulnerability, and you can get positive feedback from your client. That's a win.

That's, that's a super win right there. But if you get one or the other, it's a it's a win. But it is a it is a loss if you can get domain admin, but the client feels they don't feel value out of that.

That's a loss. That's a loss, dude. You're there to deliver value to I keep saying that word client.

But you can also like I said, if you're an internal pen tester, you can replace that word with stakeholder. That's a loss. So yeah, technical skills, super important.

But so is your soft skill. So you got to work on this hand in hand. And once you break into the field, in my opinion, I focus a lot on the soft skills.

Next up, I have learning from your mistakes, you are going to make mistakes. I made several already in my pentesting career. And it's okay, because it's okay to make mistakes, okay.

And it's gonna happen. It's unavoidable. And once you make the mistake, you just got to own up to it and just say, hey, this isn't gonna happen again.

And if you do that, you own the mistake is a Hey, yep, I dropped the ball here. Here's how I'm not gonna let it happen again. And then actually not let it happen again.

Then that's a win. Okay, now if you don't learn from your mistakes, then you are that's a loss. And that's not good.

So what makes it what makes a great pen tester a great pen tester is not being perfect. Nobody's perfect. You're going to make mistakes.

But learning from the mistakes and addressing them head on is very important. That goes to the next point addressing your weak spots head on. So we all have things that we need to work on, guys, there's a lot of things, a lot of skills, we've been talking about soft skills, technical skills for a while now.

And you're not going to be great at everything. Okay, that's just the reality of the situation. There's so much to cyber security.

We got blue team, we got red team, we got offense, security, defense, security, government compliance, customer service, all these things, you know how to write a report, communication, all these, there's so many skills, and you're not going to be perfect at any of them. And that's okay. And you're not expected to be perfect.

And that's why I think it's really good to be well rounded, right? You don't need to be an expert in any one category. And if you are an expert in one category, and you're weak and all your others, I mean, I don't even know if you can consider yourself a great pen tester, right? If you if you can find exploits all the way, but you don't know how to communicate that in a friendly way, then you're not a great pen tester, man. So with that being said, like, you're gonna have weak spots, because there is a lot to know.

And addressing your weak spots head on is incredibly important. You need to know where your weak spots are. And you got to admit and accept, you know what your actual weak spots are don't lie to yourself.

And this is where imposter syndrome comes in, because imposter syndrome is people understand where the weak spots are. And you know where your weak spots are. But maybe other people don't know that's, that's kind of where imposter syndrome stems from a little bit, in my opinion.

But you can turn your weaknesses into strength, or at least turn your weaknesses into a non weakness anymore. And once you identify your weaknesses, work on those, building them up, that's going to help with your imposter syndrome, that's going to help with your being a great pen tester, right? Because you don't want to be weak in a certain area. Like I said, you're a super friendly person, you got the best customer service skills ever known to man, but you can't exploit a basic exploit.

You're not a great pen tester. And on the flip side, if you can exploit the hardest exploit, you find a zero day at every application you do. But you don't know how to communicate it, or people don't like working with you.

You're not a great pen tester. So you got to be very well rounded. And that's why I think it's important to to be be well rounded.

Moving on, we got doing research on the fly. So when you're in your pen test, so whether that's a network or a web app, or maybe even a Wi Fi test, or a mobile app, or whatever kind of pen test you're doing IoT, SCADA, there's all kinds of different kinds of pen testing, physical pen test, social engineers, a lot, you have to be able to do research on fly, because you're going to come across things that you didn't see in your training, whatever certifications you had, you're going to see some new things. And especially as you go through your career, because new vulnerabilities keep popping up.

And one of the common things that I see is like, oh, you know, I know how to manually exploit things. But running vulnerability scanners is part of a pen test. And the vulnerability scanner will pop on something that I've never seen before.

And I'm like, what, what is this? It'll be like, Hi, I'm like, I don't even know what this is. And I'll read about that vulnerability. And I have to do a lot of research on the fly to understand what this vulnerability is.

And then I got to try to exploit it. Right. And that takes a lot of time.

And being able to do research on the fly is incredibly important, because you're going to see so many things that you didn't see in your training or you haven't seen before. So doing research on a fly is critical, critical skill to becoming a great pen tester. You can't strictly stick to what you know, you do have to try new things.

And in the pen test. Now, that does sound scary, like, oh, you're trying a new exploit in a production environment. You know, maybe maybe you don't try in a production environment, right, especially network tests, most network tests are done in production networks.

And if you are trying a new exploit, you definitely want to try that out in the lab first, if you can, if you have time, and you definitely want to let your client know, if you have a client and or stakeholder, depending on if you're an internal or a consultant, pen tester. But definitely let people know like, hey, I'm trying to exploit that I've never tried before. Ideally, you'll try that in a lab first.

Now on the web app side of things, you know, you could be working on a production web app. But more times than not, from my experience, you're gonna be working in a demo web app or a staging version of the web app or a development version of the web app, it's not a production web app. In those situations, I'll just I'll just throw everything out there the kitchen sink at it.

If it breaks, it breaks, right? It's not gonna hurt the company's bottom dollar. Now you don't want to absolutely destroy their, their demo environment if you can help it right. But if you accidentally break it, it's not the end of the world, right? Because ideally, you should be able to spin it spin it back up and fix it.

Because it is a demo. That's the purpose of a demo is to test things. So if you're in a demo environment, or a staging environment, I would say you know, you have way more grace when it comes to firing exploits you've never seen before at it.

Moving on here, creativity and thinking outside the box. So that kind of has a little bit to do with the doing research on a fly. But you know, when you're doing this research on a fly, you got to be able to connect dots that you previously didn't connect.

Okay, because your network that you're pen testing or the web app you're pen testing isn't going to work and behave exactly like the blog article you just read, or the YouTube video you just watched, or the training lab environment that you you tried earlier, it's going to be a little bit different. And you got to be able to think outside the box, because it might not work exactly that way, right? You got to you got to tweak your exploits. And that's a very common thing.

And you'll see me I think hide the box is a pretty good example of this. Because, you know, for this, watch my live streams on my do hack the box is a lot of times I got to tweak the script. And I spent a long time tweaking the script.

And you got to understand what the heck's going on under the hood. And you got to think a little bit outside the box, you got to understand like, oh, we're using this exploit. Yes.

But it's in a little bit different context. Because every context is a little bit unique. And knowing that is paramount to becoming to being a great pen tester.

Next up being a good team player. So this is kind of going back to the soft skills. But you want people to understand? Well, I'm not saying but you want people to want to work with you, right? You want to be a likable person, right? You no one likes the the people who are butts.

I keep saying that, but it's just this is reality, right? I want to use an example here. So Tom Brady, for those who watch football, you already know. For those who don't watch football, Tom Brady, graceful player of all time.

And I'm talking about American football here, guys, I am an American. So I am calling it football. We're talking about American football here.

Tom Brady, greatest football player all time play quarterback seven Super Bowl rings. And the reason why I bring this up is because Tom Brady wasn't the most gifted athlete for anybody that knows Tom Brady that you already know this. But for those don't know Tom Brady, let me do some background here.

Not the most gifted athlete ever. He wasn't the fastest. He didn't have the biggest arm strength.

He was really scrawny when he went in the NFL. He was drafted at 199. There was 198 people picked before him in the draft.

And he didn't even he didn't even start in high school. And the time he did get a start was a senior year and he went to an eight. He started his first starting season was a senior year and he played for a losing team.

Okay. Then he went to college and he had to share time with share time and reps with people throughout his college career. And he really didn't shine until he got in the NFL.

And the reason why I mentioned that is because he wasn't the most gifted. He wasn't the most all knowing. And he had a lot of shortcomings.

Okay. However, he made his career work because he continuously improved himself. And that's another key point that I'd like to mention like just continuously improving yourself.

That's that's that's the mark of a good pen toucher. And but how this how does this relate to being a good team player? And I want to get that background of Tom Brady because he was the most gifted. And what made him really great was because he was a great teammate.

He was a great teammate. He was a great team player. He put his team above his own.

And he has seven Super Bowl wins more than anybody in NFL history. And the reason why is because he put the team ahead of him on a consistent basis. A lot of people that get to NFL and I talk about the NFL because I'm a big football fan.

I played football for 10 seasons when I was in school. So I'm a huge football fan. And I like to make these analogies because football is the ultimate team sport.

But he didn't get paid the amount of money he was supposed to be making. There was people who were not as skilled as him making more. They didn't win as much as him making way more money.

He could he could have got way more money there in his career, but he chose to take the pay cuts. So the team could build a better team around him. Okay.

And he made some sacrifices in terms of his pay in order to win Super Bowls. And now he's getting paid a lot of money by Fox because he's one of the greatest. He is the greatest football player of all time.

And he's a great analyst as well. And this is kind of a long winded answer. But the reason why I mentioned all this is because all his teammates spoke very good of him.

All right. And being a good team player is part of being a great pen tester or a great offensive security professional. Like I said, if you know how to exploit everything, but people don't want to work with you, you're you're not a great pen tester.

So being a good team player, critical, critical. How do you become a great team player? Well, you have to you have to learn how to take constructive criticism. Okay.

You don't know everything about everything. There's things that people know that you don't know. And you have to be able to take feedback from people who are not only above you, but also below you.

Okay. Because a junior pen tester today, they're going to know stuff that that a senior pen tester is not going to know. Okay, because it is impossible to know everything about everything.

And just because someone's a junior pen tester, or someone's just starting out in their career doesn't mean that they don't know something that you don't know. I, you know, as I said earlier, I'm still pretty new in the pen testing field. I have, you know, about a year experience in pen testing now at this point full time.

And, you know, I still get people asking questions. I have, you know, eight to 12 years experience asking me questions. And that's because they don't know everything about everything.

And there is something that you bring to the table, no matter what, where you're at in your career, whether you're starting or if you're a senior. So that's part about being a good team player, help the juniors accept, accept constructive criticism. And just, you know, sometimes you take one for the team.

You have to make some sacrifices, right? I was asked to work a night shift. Because a client wanted us to work a night shift. And I'm like, yeah, sign me up.

I'll do it. I don't want to work night shift, but I'll do it if that's what's best for the team. And another thing was IoT testing, right? I mentioned this on several podcast episodes already.

But you know, I mean, it was like, hey, we need someone to learn IoT testing. So we can deliver this IoT pen test. No volunteer for I volunteered for I took one for the team.

So I'm gonna do it. So I'm gonna step up. And, you know, in my opinion, that's, that's the mark of a good pen tester.

And that's some things that I'm working on. It's the things I'm literally practicing my day to day work. Next up, we got delivering on your promises.

So this one's pretty self explanatory. So if you're if you say you're gonna do something, you better do it. Okay.

Furthermore, make sure you turn your reports on time and make sure they're high quality. Okay. Deliver on your promises.

If you say you're gonna do something, make sure you do it. That's easier said than done, right? Some things do fall through the cracks, you do forget about things. And when that happens, you just have to admit your mistakes, go back to that, admit your mistakes, and don't let it happen again.

So that is critical. That is critical. And then last thing I want to mention here is not quitting when you face burnout, you're going to get burned out guys, it is a demanding field, it requires a lot of effort, energy, and it's draining, right? Burnout is this is a serious thing in this industry.

But when you face it, you can't quit. Because if you quit, then I feel like you waste almost all your time because you worked so hard to get into the position you're in. And you're just gonna throw it away because you lost the passion for it.

And I'm here to say right right now, like I love being a pen tester. But I don't have the highest amount of passion for every single day, you will flow in and out of passion, like you'll be less passionate about cybersecurity and pen testing one day. And then one day, you're going to be, you know, really into it.

And that's just the ebbs and flow of a career. And that's going to happen to any industry. There are aspects of every type of job out there that you're just not going to like.

And even if you do like all the aspects of it, you know, sometimes it is hard to muster up the motivation and discipline to knock it out. But you got to do it anyways. So that's why I mean, when you say when I say, not quit when you face burnout, if you face burnout, you got to keep going.

And that is a natural cycle, in my opinion, a natural cycle. If you quit the first time to burnout, then you're not going to have a successful career. And I would say anybody who's considered a great cybersecurity professional, they I can almost promise you they face burnout, and they they survived it, right.

And I've went through several stages of burnout throughout my career so far. And there's times where I like, man, I ain't feeling it, man, I'm not feeling it. But I worked through it, I get I get what I need to get done.

And then eventually, the passion will come back. And when those passions come back, the sparks are there again, and it makes it really exciting. But it's not all sunshine, rainbows and butterflies every single day, guys, it's just not.

And in my opinion, that's normal. So if you do face that burnout, and you are falling out of patch with it, don't quit, because the passion will come back, okay? It's kind of like, it's kind of like a relationship, right? With Yeah, it's kind of like a relationship. Like it's not, you know, they call it the honeymoon phase is exciting at first, but then it kind of gets stale a little bit and you lose that spark going on.

And that's a normal part of a relationship. And we all know that's part of normal part of relationship. And for those who are bit have been in serious relationships that you understand that, and your career is no different, you're going to fall in and out of love with it on a consistent basis.

And what I'm trying to say here is don't quit, because you will get that passion and that spark again. And if you don't, then maybe it isn't for you. But overall, like, you don't don't don't jump the gun on that decision.

Alright, guys, we are running out of time. Thank you so much for watching and listening. If you have more thoughts and opinions on what what makes a great pen tester, what separates a great pen test from a from a regular pen tester, leave them down in the comments.

If you're on YouTube, if you're on audio, leave a five star review if you think the show deserves it. And hopefully see you next episode. Until then, this is Kyser signing off.