September 11, 2021

Career: Service Provider VS in house penetration tester

For those that have worked in both counterparts, what are the pros and cons for each side ?

Which one do you think have provided more learning opportunities in the job that have enabled you excel further in the job ?



In house is more frustrating bureaucracy and middle management politics.

You run into it as a security vendor, too, but you just hand them the report and walk away.


If you’re an in-house pen tester, you need to be really damn distant from the test target on the org chart – like, further away than “kissing cousins” in a family tree. And your report shouldn’t go to the target org’s management, it needs to be delivered to top management to create a real incentive to remediate findings. With the right setup in a large company, there isn’t much difference between in-house or contracted talent.

Edit: learning opportunities are greater breadth of experience with systems, policies and procedures for an external pen test position, greater depth in internal company culture, capabilities, and soft skills development with an internal position.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.