Pen tester

    Andrzej Grzeslak

    Andrzej says his role is very varied – one day he might be testing basic web apps and the next ferreting out the weaknesses in new building security gates. Image: Lauren Trompp

    Discover what work looks like for an ‘ethical hacker’ at Australia’s biggest bank.

    COVID-19 restrictions may have put a dent in the after-work foosball competition, but Commonwealth Bank of Australia (CBA) penetration tester (pen tester), Andrzej Grzeslak still loves the varied nature of his role and learning something new every day.

    Andrzej’s original goal was to become a software engineer, but a practical pen-testing subject at uni changed his mind. He really enjoyed the process of understanding how a piece of hardware or software worked, then pulling it apart to try and find its weaknesses.

    “It’s funny that I get paid to try and break things!” he says.

    RELATED: 3 major market trends shaking up cyber security jobs in 2020

    Andrzej came top of his class in the pen testing subject, which was sponsored by CBA. After trying out a software engineering role during the last year of his degree, Andrzej applied for the Enterprise Services grad program at CBA. He is now a pen tester in the cyber security team, with the important job of seeking out and reporting security flaws in hardware and software.

    Andrzej says his role is very varied – one day he might be testing basic web apps and the next ferreting out the weaknesses in new building security gates. “There’s always something new to learn,” he says.

    9am

    Review what I’m testing for the day – usually it is a new piece of software or hardware that is ready to be rolled out, which we need to assess. Since the start of the COVID-19 pandemic, I mostly work from home and only go into the office to do certain tasks like hardware testing.

    RELATED: What jobs are there in cyber security?

    10.30am

    After the morning coffee run, I start testing a piece of hardware or software to see if it’s working as expected. I collaborate with specialists in various fields during the testing process to detect security flaws. The most common fields are web applications, mobile apps, ATMs and terminals. There are also thick-client applications, which are computer programs rather than apps – like what tellers use to take customer details.

    1pm

    Lunch! Chicken laksa is my favourite.

    2pm

    Hardware testing. I use little gadgets to probe the hardware and understand how it is working physically. I also try to eavesdrop on communications between hardware devices, to see if I can extract or tamper with them.

    5.30pm

    We have a fantastic foosball table at work. Before pandemic restrictions, the team liked to end the day with a game or two.

    Andrzej’s study and career pathway

    This article is brought to you in partnership with CBA and originally appears in Careers with STEM: Tech 2020.

    Nadine Cranenburgh

    Author: Nadine Cranenburgh

    Nadine is an electrical and environmental engineer who works as a freelance writer and editor. She loves creating articles and content about exciting and complex technology.

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    This site uses Akismet to reduce spam. Learn how your comment data is processed.