In this series, we continue to bring you closer to the experts who keep your business secure. Today, we’re introducing Jack Macdonald, another invaluable member of our Penetration Testing team.
Jack joined Equilibrium with a passion for deepening his knowledge in Cyber Security, particularly in the realm of penetration testing.
His experience spans across Service Desk, IT support, Server Administration, and Vulnerability Management, making him a well-rounded professional in the field.
Jack’s enthusiasm for working with our dedicated, collaborative, and highly knowledgeable team is evident in everything he does.
His mission? To help you uncover vulnerabilities and fortify your defences against potential threats.
What’s your professional background, and what inspired you to pursue a career in penetration testing?
I worked lots of random jobs after school, including bar work, oil rigs, vaccinating salmon at fish farms, driving a forklift, working in a call centre.
At a certain point I decided I wanted a change and took an apprenticeship in IT and Telecomms with Capgemini, after this I did another apprenticeship that was more focused Cyber Security. During this I did a lot of Cisco networking and Cyber Security training as well as some pen testing.
After this I got a job in Vulnerability Management, performing vulnerability scans and creating reports for various clients with the aim of reducing the number of vulnerabilities across their networks. An opportunity came up to work on a pen testing/offensive security project which I jumped at. I received a quick bout of training for this and enjoyed the work.
Opportunities like this came up a few times in a couple of years and I found them exciting each time. This is when I started learning/training and working on CTF challenges in my own time with a view to becoming a penetration tester.
I was eventually able to move from vulnerability management into offensive security work at and did this for another year or so before coming to work at Equilibrium. Here I got to work with and learn from some really good testers. I have also gained qualifications, taken courses and studied to upskill myself further.
Which certifications or training have been the most important for your role as a Pen Tester?
- Cyber Scheme Team Member – certification.
- Cyber Scheme Team Leader – I did the advanced mentoring course and have done the learning; I need to go back and take this exam at some point.
- Modern Web App Pentesting.
- Cisco CCNA Routing and Switching 1&2.
- Cisco CCNA CyberOps.
- https://learnjavascript.online/
- Automate the boring stuff with python (book).
- Hack the Box Academy + Labs.
- A lot of self-study and interrogating people who know more than me until they can take it no more.
What does a typical day look like for you as a penetration tester?
Client calls to scope jobs or gather required info to start jobs. Testing web apps, internal networks, mobile apps, phishing campaigns. Upskilling by studying for qualifications or just to improve knowledge of complex topics.
What programming languages and tools do you use most frequently in your work?
- JavaScript
- Python
- Burpsuite
- Kali
Can you share a memorable experience or an interesting bug you’ve found during your testing?
The first physical penetration test I did. I had never tried to walk into a building before and lie about why I was there, but I found it quite exciting.
We were so trusted by the end of the day the actual staff left and we were asked to lock the building on the way out.
What is the most unusual or unexpected security vulnerability you’ve encountered?
An api endpoint that when called with a blank POST request returned a list of all logged in users for reasons unknown to anyone.
What do you enjoy most about working with your current team?
Everyone is professional and very good at what they do, but still down for some fun.
What advice would you give to someone interested in becoming a penetration tester?
Get used to learning – for the last 9 or so years I have been constantly learning new skills and techniques and ideas and I’ve never got to the point where I feel like I could stop. There is always more to know and usually gaining a level of competence over one thing just highlights more stuff that you didn’t even know that you didn’t know.
This can seem insurmountable at times, and honestly it probably is. No one person can know everything. But that can be exciting too, you get to take part in an endless journey of mastery over a vast and interesting topic, and you get paid to break stuff on the way.
Can you share a tip or trick you’ve learned that has been invaluable in your testing?
Use virtual environments when installing dependencies through pip. Like this 👆
Outside of work, what are your hobbies or interests?
I like to go to the gym, go camping, shoot slingshots.
How do you balance the demands of your job with your personal life?
Tenuously.
Looking for Cyber Security experts who truly understand and care about your security needs?
Our Penetration Testers, like Jack are committed to going the extra mile. Reach out to us at 0121 663 0055 or drop us an email at enquiries@equilibrium-security.co.uk.
Your security is our top priority, and we’re dedicated to strengthening your digital defences with a personal touch. Get in touch and experience Cyber Security backed by genuine commitment. But don’t just take our word for it—have a look at our 5-star Google Reviews!
Ready to achieve your security goals? We’re at your service.
expertise to help you shape and deliver your security strategy.
About the author
