Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
Something I don’t think is talked about enough in offensive cybersecurity training / skill development are communication skills. Too often we are seeing folks try to enter these roles without the ability to write reports and give presentations to audiences with a mix of technical and business attendees. My recommendation to folks considering these roles is to put in the time to get communication skills to a very professional level. Train it just like report writing or public speaking was a new shiny hacking certification. It will improve your chances of landing the job.
Agree, when I have held talks for cybersecurity students I usually tell them that a lot of the work time goes into writing report. Because the customer (be that internal or external) does not care about what cool thing you did during the test, they care about the risk and your findings have to reflect that.
Double that, no engagement I’ve been a part of involved less than 3 days of report writing after, potentially, a week of actual work and 2 weeks worth of scope discussion and expectation setting.