This is the biggest challenge of them all finding a company who will take you on, especially if you are a junior penetration tester. The fact is most companies don’t want to take you on as a junior because they cannot make no money from you until you are trained up. This is where you have to really work hard and try to make improvements to yourself to make sure you’re a better asset to a company. There are a number of ways you can do this depending on your situation, the quickest way is to do as many certificates as you can but this comes at a heavy price. The other way is to get involved within the security community you’ll be surprised how small it is and everyone knows everyone else.


Networking is a good way to get involved in the community this way you get to meet professionals who work within the industry this way you can make contacts who will keep you in mind for jobs. The best way to network is by going to security events, there are many throughout the year like 44Con,BCS Events as well as many more around the UK. If you are not on linkedin I recommend joining up as its a good way to manage your new contacts (Feel Free to add me).

Writing Tools

If you can code then writing a good security tool is another good way to get your name out into the industry and it looks really good on a CV.


Trying to get experience is one of the hardest things to do as you can’t get a job without experience but no one wants to give you a job to try and get that experience (catch 22) If you have no experience my only advice is to try and work on some security certificates. If a company can see you putting your own money into your development they may think you are worth hiring.

Another thing you could try would be build a website with lots of security problems like XSS, SQL Injections and Information leakage as well as lots of other issues you can have with web apps(OWASP TOP 10). Then do a full Penetration test of the site writing a report on your findings. Then fix any issues that you find this will not only give you some experience but also a report that you can send to companies or leave with them at the interview.(I have a template that can be used, feel free to contact me)

Useful Websites

Recruiting Agencies

Recruiter are sadly a necessary evil some are good and some just drive you nuts. The ones below are just some that deal with penetration testing I cannot vouch that any are great but may help.

artemis-recruitment propriusrecruitment

Job Sites
BCS Recruit page sometimes has security jobs on it.

Security Companies London London Main Office London Stokton on Tees | London Maidstone, Kent Rochester, Kent Maidstone, Kent London Farnborough Buckingham West Sussex London London Manchester Main Office London Main Office Basingstoke Reading London Portsmouth – Leeds – Yorkshire – London – London – Bristol – London,Manchester– London, South Africa, Bulgaria– London, Cambridge– London, Edinburgh, Zurich– Edinburgh, West Sussex, Berkshire, Godalming– London, New York– London, South Africa– London, Reading, Manchester, Leeds, Middlesex London, Scotland and Darlington London Cheshire Surrey London

Organizations Council of Registered Ethical Security Testers The Institute of Information Security Professioanl The TIGER Scheme provides a means of independently certifying the skills of vulnerability test

If you would like you company added please contact me.