Tell us about what you do here.
As an Trainee I have one more year of Uni to complete, so in these few Summer months I’m totally focused on learning as much as I can, as quickly as I can, from anyone that has anything to teach me!
Shadowing Calum has really opened my eyes to the discipline needed to deliver high-quality pentests in the real world.
I’m learning a lot from Adam about how to approach a webapp test professionally, taking the client along with you so they know what to expect. Even simple things like applying OSINT methodologies or using common tools like BurpSuite in real world - it’s all learning to me.
Outline a typical day.
Wake up between 5-6am
I like to build knowledge through experience. So I set myself 1-3 week projects to work on around work. Currently I’m building a raspberry cluster and learning how to modify a BIOS so I can change my laptop’s internal wifi adapter.
Go to the office and fill up on coffee!
Sit at my desk and practice what I’ve learned shadowing the team the day before until 8.30 when the team start to arrive.
Keep learning as much as I can from Calum and the team
Practicing what I’ve learned that day until 5-6pm
[ -z “$bank_account” ] && ./beer || cd
Dinner between 7-9pm (that’s if I am not too absorbed in whatever 1-3 week project I’m working on)
Sleep around 11pm
What have you been working on mostly since joining OnSecurity?
I started closely shadowing Calum Boal. Learning his good habits and how to be methodical, starting with an unauthenticated prospective (OSINT), before proceeding to authenticated. Being patient, looking for the most common vulnerabilities first before documenting actions and moving on - this discipline has probably been the most valuable lesson for me.
Once I had mastered the basics, I got to do my first supervised OSINT and followed by my first supervised web app penetration test. Having Adam QA all my findings so closely and then approve my report was a great feeling.
What are you most excited about in the coming months?
Everything basically! The sheer amount of new techniques I will get to learn in just a few months is amazing in itself. Taking part in my first infrastructure pen-test will be my next big milestone - I’m really excited to get started on that one!
Quick Q&A with Nicola
How would you describe your job to a child?
I work out how to break things in order to make them better.
Before OnSecurity what was the most unusual or interesting job you’ve ever had?
I’ve done a lot of different jobs to pursue my passion for IT Security. But working a Chef at Glastonbury with two great friends was definitely the most rewarding, most interesting and one of the best experiences I have ever had. However,.. I cannot divulge any details as to what exactly made it so good. ;)
What’s your number 1 security tip?
Treat passwords like underwear:
What are your three most overused words/phrases?
“We did everything wrong”. (My overly-dramatic way of saying: ‘We may have made a little mistake’)
“One day I will sell my rig and my laptops and open an ice-cream shop!”
“I cannot sleep knowing that <insert current challenge I’m facing here> is winning”