Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I do cybersecurity consulting. Specifically, Web Application Security which I charge $350/hr for and make about $300k/yr from this.

I am usually brought in when a competitor gets hacked and the company gets scared or as part of a high quality penetration test.

My experience is mixed between cyber security and fullstack development. This led to me having a very deep knowledge of how to properly consult companies regarding potential vulnerabilities.



How does one market themself as a high end pentester? Are companies looking for a certain pedigree?


Most clients are word to mouth, some I meet at conferences and meetups.


How did you learn this skill set besides practicing? Any books/courses you'd recommend?


Search for zwink university on youtube.


Is this your primary, or is this additional to what you make


This is in addition to other consultancy projects, but does make up about 60% of my yearly income.


Do you automate your pentesting? If not, let's talk.


Almost no automation, I use automation when it helps the manual process like searching for open ports or discovering directories and files.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: