In this series, you’ll have the exclusive opportunity to delve into the minds of our dedicated team of Penetration Testers and gain a deeper understanding of their roles, experiences, passions, and unique industry perspectives.
Say hello to Danny Binns, the first Penetration Tester in our series.
Danny’s the person you turn to for clear, smart security advice, especially when it comes to Penetration Testing.
He’s a real pro in everything Cyber Security, focused on understanding your security setup and spotting the weak spots.
His goal? To help you shield your business and build a tougher strategy.
What’s your story on how you got into penetration testing? Sounds like you’ve had quite the journey!
I’d always been interested in mucking about with computers since I was little, I’d break them so often that my parents eventually refused to pay to have them fixed, so I learnt how to fix them myself; eventually this led to a deep understanding of how computers worked.
Eventually I found my way onto a Network Security degree which I aced with a 1:1 and found my forever-career! Since then, I’ve performed penetration testing for health and finance institutions and had years to hone my skills.
Could you tell us about the certifications or training that have had the greatest impact on your role?
Currently I’m an Offensive Security Certified Professional (OSCP) and a Crest Registered Penetration Tester (CRT), I’m currently studying for Crest Certified Infrastructure Tester (CCT-INF) and will eventually be sitting the Crest Certified Simulated Attack Specialist (CCSAS) certification.
My goal is to eventually gather enough certifications that I can rearrange them to spell my name, I’d appreciate some industry qualifications that have a D somewhere in them…
What’s a day in your life as a penetration tester look like?
I lead the technical team at Equilibrium so there isn’t really such a thing as a typical day for me, I hop between scoping, mentoring, testing and internal development very frequently.
Share a challenging project you’ve tackled. We’d love to hear how you approached it.
The most challenging projects are always inherited systems and software, clients that have been given a network or application in an acquisition or merger often don’t have the luxury of a subject matter expert so in addition to security testing a system, it’s necessary to reverse engineer how it achieves its intended purposes. I do love a challenge though.
What are your go-to programming languages and tools you use most frequently in your work?
How do you stay updated with the latest security threats and trends?
Can you share a memorable experience or an interesting bug you’ve found during your testing?
I’ve got a thousand interesting bugs I could talk about, but the gory details are probably a bit much for this format. I did once have to perform a penetration test in the basement of a hospital right next to the morgue, which was memorable.
What is the most unusual or unexpected security vulnerability you’ve encountered?
Nothing much catches me by surprise by now, but when you first start penetration testing it’s a little like the veil has been lifted as you realise how common nasty vulnerabilities are.
I think every tester is a little shell shocked when they get their first critical finding, my first one was a command injection in a server health monitoring application, I couldn’t really believe that [once you understand it] it was so simple to take control of the server.
How does your team collaborate on complex projects? Any cool teamwork stories you can share?
Generally, we have a member of the team take the lead on more complex projects, they’ll be responsible for managing the overall delivery of the engagement and will coordinate testing activities.
What do you enjoy most about working with your current team?
- Every tester at Equilibrium is very enthused with penetration testing as a discipline, nobody comes to work to just do a job. We all find testing exciting and rewarding and we attach personal satisfaction to discovering and exploiting vulnerabilities. When we come to you with an issue, it’s obvious that we’re proud of our work and I think that reflects in the way we communicate and the reports we produce. Having that enthusiasm in your colleagues stops you from having those slump days at work as you all pick up and feed off each other.
What are the biggest challenges the Cyber Security industry faces today, in your view?
Cloud. We’ve gone from decades of on-prem, fully transparent systems to putting our networks and applications in an opaque, proprietary platform location that evolves at a terrifying pace. Comprehensive understanding of cloud security is a real challenge even for information security professionals just because of how quickly innovations are coming and the variety of the offerings now available.
I’d also say that the other big challenge is that small businesses now have no option but to have a digitised business if they want to compete, this means that they have all the same challenges as much larger businesses, but less access to security expertise, I think that’s why successful ransomware attacks have grown so much over the past few years.
How do you foresee the future of penetration testing? Any exciting changes on the horizon?
I imagine that Cyber Security work will be much more geared towards satisfying “Security Scores” provided by cloud hosting providers as time goes on, whether that’s for better or worse.
I also don’t see web/mobile application testing going anywhere for the foreseeable future. The wildcard for the future of penetration testing is the “Internet of Things”, depending on how standards evolve for these types of devices, there could be some very interesting attack vectors that become more commonplace.
What advice would you give to someone interested in becoming a penetration tester?
I’d also give an honourable mention to soft skills, a lot of penetration testers are 90% hacker and 10% consultant, which is great until you need to explain something complex to a non-technical audience. Being able to confidently talk and explain yourself is crucial to success in this role, not just the technical skills.
I’d much rather hire a junior tester that can confidently present their findings but needs 6 months of shadowing before they are ready to test than someone who is good to go immediately but is not confident with talking through their findings with a client."
Can you share a tip or trick you’ve learned that has been invaluable in your testing?
Nowadays I always fully explore whatever I’m testing and make notes of anything that my instincts tell me is likely to be vulnerable; I still go down the odd rabbit hole, but my time nowadays is spent much more effectively thanks to the restraint I’ve developed over the years.
Outside of work, what are your hobbies or interests?
I really enjoy programming, if I hadn’t become a penetration tester, I’d almost certainly be a developer. I’ve always got a project on the bench I’m working on. Recently I’ve been messing around with writing my own mods for games that I like, but I also write bots that do things like go and search for and reserve slots for my weekly food shopping.
How do you balance the demands of your job with your personal life?
Luckily, we have a very generous holiday package at Equilibrium so time off is there when I want it. I’ve also gotten good at recognising when I’m getting overwhelmed, which is easy when you’re focussing very hard on technical stuff for extended periods of time, when that happens I take myself off for a walk with my dog which helps to give me some mental space from work.
Seeking Cyber Security professionals who genuinely care about your security needs?
Our Penetration Testers, led by Danny Binns, go above and beyond. Contact us today at 0121 663 0055 or email us at enquiries@equilibrium-security.co.uk.
Your safety is our top priority, and we’re here to help fortify your digital defences with a personal touch. Connect with us and experience Cyber Security with a genuine commitment to your security. But don’t take it from us, check out our 5 star Google Reviews!
Ready to achieve your security goals? We’re at your service.
expertise to help you shape and deliver your security strategy.