+1, most red team exercises divide into thirds, 1/3 is reading rfc, manual, design docs, code. 1/3 is hands-on execution, and 1/3 is writing and presenting. Writing is a huge part of my work - contextualizing risk and capturing an attacker's journey in story form.
People ask me if I think pentesting is right for them and while I can’t tell anyone for sure if they’ll love a career, I can say with certainty that if you loathe writing reports and making slide decks to communicate said reports then you might not love pentesting lol
Show this thread