Cyber security moves fast. Threats evolve at an incredible pace and pentesting techniques change and develop along with them. That’s why your choice of pentesting training provider is an important decision.
At North Green Security, we recognise the importance of having trainers that are deeply embedded in the field. Actively engaging in real-world pentesting, tool development and industry contribution.
Whether you are just starting out on your cyber security journey or you’re an experienced pentester looking to boost your career and your skills, the benefits of working with and learning from trainers who are experienced AND active in their field can enhance your learning experience and its effectiveness.
The pace of new vulnerabilities
Technology is everywhere and for better or worse, that means that there are new vulnerabilities being discovered every day. A quick look at the ever-increasing numbers of Common Vulnerabilities and Exposures (CVEs) being reported over recent years shows the relentless nature of security. Since 2017, every year has been a record-breaking year for newly registered CVEs, culminating in 26,447 vulnerabilities having been disclosed in 2023.
As this trend continues at an increasing pace, the question looms: can you afford to trust your pentesting education to someone who isn’t actively engaged in testing real-world networks, websites, or organisations? While the fundamental principles remain static, effective training must be able to be contextualised within current trends and real environments. Without this insight, training may fall short of providing realistic examples and education.
Pentesters are continuous leaners
Our trainers at North Green Security are not just knowledgeable; they are active practitioners who continually refine their skills. This commitment is exemplified by their regular undertaking of real-world assessments. By engaging in live security tests, trainers ensure their skills remain sharp and, more importantly, can seamlessly integrate realistic case studies and scenarios into your training experience. This is important as attack tools develop and as vulnerabilities come and go. Trainers who are regularly engaged in penetration testing will not only be able to explain security concerns but will be able to provide the context of how some issues are identified, as well as the ramifications of a vulnerability to an organisation.
Pentesters are engaged
True commitment extends beyond pentesting though. Look for trainers who actively engage with and contribute to the industry’s growth. This may be through the creation of tools or resources that can provide real-world benefits.
A telltale sign of an engaged organisation and trainer can also be identified by their participation and support of conferences and workshops. This involvement shows a commitment to staying aware of new industry trends and sharing information and insights with the broader community.
The dangers of disengagement
On the flipside, trainers who lack this level of engagement and no longer conduct penetration tests may provide an outdated perspective, relying on historical knowledge that hasn’t evolved with the times.
Our approach
At North Green Security, we are committed to providing the best training possible to advance your career. Our trainers are qualified, experienced, and practicing security consultants who continue to conduct penetration tests and keep their skills up to date.
Don’t just take our word for it though – here is an example of recent feedback (and we have plenty more we can share with you):
“The bootcamp was great, providing a deep understanding of the different web attack vectors. Dan’s explanations, especially on how exploits adapt to different attack contexts or web applications, were nothing short of exceptional. The practical labs, coupled with Dan’s insightful teaching, not only made the learning experience enjoyable, but also ensured that I was confident in my approach. Highly recommended.”
If you’re keen to learn in-depth pentesting skills from seasoned testers who are not just experienced trainers, but active contributors to the security industry, get in touch.
Whether you’re ready to book onto a course or just want to have a chat about cyber security and your career, we’re here to help.
An A-Z of pentesting terms and abbreviations – Part 2
In this blog post, we continue our A-Z glossary of common pentesting abbreviations, acronyms and terms, from N-Z. Get ready for the likes of OSINT, RFI, YubiKeys and more. And don’t forget, you can catch up on any terms you missed in part one (A-M) here. N – Nmap One...
How to identify and exploit XSS vulnerabilities
What is Cross-site scripting (XSS)? Cross-site scripting (XSS) is a web security vulnerability in which an attacker is able to inject malicious scripts into vulnerable sites and compromise the interaction between the user and the site. Cross-site scripting is what we...
An A-Z of pentesting terms and abbreviations – Part 1
The tech industry is synonymous with abbreviations, and cyber security is no different. TLAs (three letter abbreviations), acronyms, other abbreviations and unfamiliar names or terms are the norm. As a result, in this blog we have collated an A-Z glossary for the...
Training, mentoring and the illusion of short-term mentorship
Cyber security is an interesting, fast moving and in demand industry. On the one hand, we are constantly being told there are not enough professionals to fill the need. Yet without clear pathways, it can be challenging to find roles at the beginning of your journey...