Pentest People Apprenticeship Journeys

Liam Follin

Senior Consultants

Liam is one of the senior consultants at Pentest People, with a wide range of skills and experience from Web Applications to Social Engineering he's able to give great comments and opinions on cybersecurity matters.

Pentest People Apprenticeship Journeys

National Apprenticeship Week 2023 is the 16th annual celebration of apprenticeships. The week brings together businesses and apprentices across the country to shine a light on the positive impact that apprenticeships make to individuals, businesses and the wider economy.

In light of this week, two of our consultants sit down to talk about their career journeys as apprentices. Liam and Ben take us through how they secured their apprenticeships and there reasons behind choosing an apprenticeship route over university.

Bens Journey

Ben, being in his second year of college, found the company through a careers day at his school and applied for the role online afterwards. After achieving his A Levels and a successful application, he joined the consultant team here at Pentest People. Ben is now a fully qualified consultant and sees a future in full time pen-testing. Here are a few comments from Ben about why an apprenticeship better suited him over university:

“In my last year of college, I actually didn’t even submit a UCaaS form. And I was actually planning sort of my first year that I was going to apply for both and I would fall back on it, of course in uni. But again, it was that careers day where Pentest People came in to do a talk where I seriously considered committing to an apprenticeship. And then by the time year 13, rolled around, I was like almost certain and I didn’t want to give myself the option to fall back on uni because had I gone to uni, I think I would have been way more upset at myself, I would have been kicking myself if I had an opportunity for an apprenticeship and I can’t take it because I was at uni. So I’m definitely happy I took the apprenticeship route.

My apprenticeship here at Pentest People is a level four foundation degree, which is, you know, obviously less than a full degree. But this apprenticeship is a lot shorter than a full degree. And we’re getting paid and they get three years experience before any of my peers are gonna finish their university classes. And that’s something that you can’t really get any other way than an apprenticeship. And I think that’s really valuable. And it’s going to be important to me for the rest of my sort of career progression in Pentest People.”

Liams Journey

Liam, who is now a consultant team leader here at Pentest People, came from college also and started with the business as an apprentice over 3 years ago. Liam started programming and worked his way up, ending up being instrumental in the development in our sister company, DarkInvader. Here are a few comments from Liam about his journey:

“So yeah, I started off as an apprentice and Pentest People a number of years ago now. And really, it was just kind of all go from day one, I was very fortunate to have joined the business, it’s quite new. I hadn’t been going that long. So I was able to get stuck in straightaway. I had to, I’d been doing programming all the way through school, which is obviously ended up being quite helpful throughout throughout the apprenticeship. And because of the programming I was doing, I discovered a very early on in my journey, I discovered a vulnerability in a large kind of security platform that was then reported. And at that point, I was then allowed to start performing Web Application Penetration Tests. And those Penetration tests again, again, started off just doing kind of basic vulnerability scanning. And then we we moved our way up. And then I started building or writing new new services, where we were writing custom implementations of various programmes where we were trying to assess how applications responded to load, doing quite a lot of research into how the psychology of the human mind comes in when you’re discussing, or when people are using websites and the load times of them how psychology dictates exactly how they perceive the website to load. Because it doesn’t necessarily matter how quick it is actually loading. As long as it’s under about half a second, the human mind perceives that to be loaded instantly. And we were exploring that that was kind of a big part of my journey there.

Then i wrote a Dark Web scanner as well, which is now on a while now for now, what is now there? When I wrote it is, what it is now Dark Invader. pentest people, Sister businesses. So that’s incredibly well, quite rewarding. So as I’m sure you can imagine them nice to see you know, the baby grown up very interestingly.”

Conclusion

These are just snippets of what both Ben & Liam discuss in the podcast, for the full version, listen below.


Video/Audio Transcript

Good morning and welcome to another Pentest People tech bite. As it is National Apprenticeship Week we will be reflecting on how apprenticeships can help individuals to develop the skills and knowledge required for a rewarding career and help businesses to develop a talented workforce that is equipped with skills for the future. Joining me on today's podcast is Ben dragger sick, and apprentice here at pentest people who will be sharing his experiences of his apprenticeship.


Thanks for joining me on today's podcast. Ben, thank you very much for having me. Do you want to start off by telling our listeners how you found this apprenticeship pentest people was actually a was in my second year of college and we had a careers day.
And there was an ex apprentice pentest people now obviously a fully qualified consultant, along with the managing consultant that came and did a talk at my college for careers day. And that was what really opened my eyes to seriously considering getting an apprenticeship. And it was after that, when I started, I heard the name of pentest people. And then I was on all this online jobs indeed, and LinkedIn, etc. And it's just I found the, the apprenticeship on the LinkedIn website, and I apply it and they're very good.
How are you finding the apprenticeship scheme? Yeah, I'm really enjoying it so far. And hopefully, once I can qualify, hopefully later this year, it's going to open up a lot of career paths for me. And I'm definitely not missing out on any of the networking that you might get a unique because there's a lot of people in my apprenticeship class that I have, I have lessons every other month. And there's people in that classroom sort of all over the country. So if anything, I'm networking with people from a much wider background, and it's interesting, and it's gonna hopefully benefit me in the long run. I definitely agree with you there. There are now a lot of employers that now recruit apprentices every year. So that's the target pathway for lots of employees to explore bringing on apprentices in their workplaces. Can I ask what a levels Did you study at college? So I studied geography high level, computer science, I live within the BTech in music performance. So if you study in computer science, did you always have a passion for it cybersecurity? Yeah, I think coming out of high school, I definitely wanted to computers was definitely a career path for me. But I also want to keep my options open, which is why I chose quite a quite an eclectic mix of subjects.
But computers was always a viable career path for me. And it really was that that talk from pentest people in my college that made me really want to pursue cybersecurity specifically, I think it is good to have a mix of a levels. For example, when I was doing my A levels, I did media, which got me into this career, but also I did sports. So if I wasn't going to do media, I would have done sports. So but yeah, I had a passion for media. So that's why I went into the media industry. So definitely agree where you're coming from, what would you say is your favourite aspect of cybersecurity? In terms of cybersecurity?


Generally, I think pentesting is something that I definitely would never have heard of, you know, coming out of my A levels. And then I'm really excited that I got this opportunity, because having had a taste of it over the eight months that I've been here, it's definitely something that I want to pursue as my full time career. Now, why did you choose an apprenticeship over University, in my last year of college, I actually didn't even submit a UCaaS form. And I was actually planning sort of my first year that I was going to apply for both and I would fall back on it, of course in uni. But again, it was that careers day where pentest people came in to do a talk where I seriously considered Mark committing to an apprenticeship. And then by the time you're 13, rolled around, I was like almost certain and I didn't want to give myself the option to fall back on uni because had I gone to uni, I think I would have been way more upset at myself, I would have been kicking myself if I had an opportunity for an apprenticeship and I can't take it because I was at uni. So I'm definitely happy I took the apprenticeship route. And my apprenticeship here at pentest people is a level four foundation degree, which is, you know, obviously less than a full degree. But this apprenticeship is a lot shorter than a full degree. And we're getting paid and they get three years experience before any of my peers are gonna finish their union classes. And that's something that you can't really get any other way than an apprenticeship. And I think that's really valuable. And it's going to be important to me for the rest of my sort of career progression in pentest people.


I think going back now I would have definitely chosen an apprenticeship as well rather than going to uni. I mean, the whole uni experience was great. But I feel as though when you're doing an apprenticeship, you're actively working, you're actively making money. There's a lot more going on your mind knowledgeable you're working on hands and also employers have a vested interest in training you paying for your courses, so they are most likely definitely will keep you on. Do you think it was a good decision then doing an apprenticeship over University? Absolutely. I think I've mentioned that I never actually applied to uni. So I did actually drop myself in the deep end a little bit there because had I not got an apprenticeship would have been sort of on my own out of college but a very kind of got this opportunity and it was quite last minute as well.
So I am very glad that I did. I started as soon as I put my pen down on my last day level exam, and I started the Monday after, but I'm very glad because it's done more for my corruption and then you need degree ever would have. And how would you say the people are like that you work with, for example, because obviously, they're all from different backgrounds. For example, some of them went to uni. Some of them did an apprenticeship scheme, like yourself. Yeah, absolutely. I think there is I would say the majority of the office has gone to uni, but it is definitely changing with the the onset of these new apprentices that they're hiring. And especially with the person who actually came to do the talk, I'm on college, what the ex apprentice, he was my boss for a little while when I first started here. And now he is a senior member of staff here at pennants people. And it just shows that even as an apprentice, it is not going to hinder your career. And I do believe it's the exact opposite. And it will help you mark within a uni degree. It's nice to have a good mix in the office of people who have approached this career differently. That's a really good point you mentioned actually, Ben because apprenticeships can get you really far. For example, like you mentioned, look how far Liam has came from when he just started as an apprentice. And now he's a senior colleague. Yeah, absolutely. Which is fantastic.
Can you tell our Tech Bite listeners some of your strengths in cybersecurity in what you do? Certainly, what's come a long way since I started here is my programming abilities. Coming out of college, I knew like the very basics of Python, and it was never taught in the right way, in an exam orientated way. It's never the right way to learn programming in that way. And yet, in just a few months working here, the path that they put me on to get programming has massively improved. And it's only going to help me move it on to test to be at least a competent programmer. And I think I'm definitely well on my way to get in there. I think you are definitely developing your skills bent into the cybersecurity industry really, really well as you are working on hands every day. What would you say are your future goals, sort of in the short term is definitely to finish my apprenticeship, hopefully with a distinction, but we'll see. And that should hopefully be later on this year. And then moving on from there. Hopefully, once I've, once I've graduated, move on to become a pen tester and try and get as much experience with different tests as I can, and we'll see where it leads. And do you see yourself working for pentest people in the foreseeable future? I think definitely not just because once I finished my apprenticeship, I hopefully have to, I can stay on and hopefully get some my certifications while I'm here and develop my skills as we go on. Are there any people in this business that inspire you?


I definitely have to call that Liam and he definitely is inspired me because not only because he was an extra pen is doing the exact same cost with the exact same company that I'm doing. And now he's progressed on to be to be a senior member of staff. And also he was the the person who outreached in the first place at my college. He inspires me that hopefully, even just because I'm an apprentice, I can still reach a senior role here at pentest. People shout out to Liam falling for that. And before we wrap up this podcast, Ben, do you have any advice for someone wanting to do an apprenticeship in the cybersecurity field? I think as a general advice you you've just got to sort of there's no harm in asking.
You've got a emailed so many, because I got as I said, I got a bit desperate coming up my levels because I didn't have anything to fall back on. So I got a little bit desperate, I think just on indeed alone, I applied for about 40 Plus jobs. And I got rejected from all of them. But it's China and let that get you down because if nothing else, you get at least a bit of experience writing a good CV and doing a good interview. And it's just yeah is relentless. It's a little bit harder to get in to an apprenticeship because there's a lot of people who want to be one and only so many apprenticeships, and it's not as easy to get in as uni because you can put multiple choices on a UCaaS farm, I believe, but obviously an apprenticeship you've just got to ask and there's no harm and even if they're not posting for a job, just email someone at the company. I mean, I did that here. It turns out I was emailing like the director of maintenance people. But if you don't you don't ask you don't get and I think that there's the you know, the lowest they can say is no so even if they're not hiring, even if you don't even know if they have apprentices just ask see if you can get some work experience. If nothing else, I'll just shadow someone. It's all good experience, if nothing else, and you've just got to kind of embrace that. The worst they can say is now so you know, you might as well just spam emails like I did. You're right there bear no harm in asking. Thank you so much for sharing your experiences today on today's podcast. If you are interested in doing an apprenticeship, you can go onto the golf.uk website to find one that is suitable for you. It's been great having you on today's pentest people Tech Bytes. Follow our Spotify page for more.
Welcome to the second part of this apprenticeship podcast. I have Liam falling with me today. Hi, how are we doing? Good. How are you? I'm great. Thank you, who is now a consultant team leader here at pentest people. Thanks for coming on today's podcast, Liam. Liam started off by doing an apprenticeship and worked his way up. And he's here today to tell us all about his apprenticeship journey. Liam so let's get this started. Do you want to tell our listeners about your journey as an apprentice and how you progress to Yarrow now?
Yeah, no, I'd love to thank you. So yeah, I started off as an apprentice and pentest people a number of years ago now. And really, it was just kind of all go from from day one, I was very fortunate to have joined the business, it's quite new. I hadn't been going that long. So I was able to get stuck in straightaway.


I had to, I'd been doing programming all the way through through through school, which is obviously ended up being quite helpful throughout throughout the apprenticeship. And because of the programming I was doing, I discovered a very early on in my journey, I discovered a vulnerability in a large kind of security platform that was then reported. And at that point, I was then allowed to start performing web application penetration tests. And those those penetration tests again, again, started off just doing kind of basic vulnerability scanning. And then we we moved our way up. And then I started building or writing new new services, where we were writing custom implementations of various programmes where we were trying to assess how applications responded to load, doing quite a lot of research into how the psychology of the human mind comes in when you're discussing, or when people are using websites and the load times of them how psychology dictates exactly how they perceive the website to load. Because it doesn't necessarily matter how quick it is actually loading. As long as it's under about half a second, the human mind perceives that to be loaded instantly. And we were exploring that that was kind of a big part of my journey there.
I then wrote a dark web scanner as well, which is now on a while now for now, what was what is now there? When I wrote it is what it is now dark invader. pentest people, Sister businesses. So that's incredibly well, quite rewarding. So as I'm sure you can imagine them Nice to see you know, the baby or grown up very interestingly. So would you say you've always had a passion for cybersecurity, as you mentioned, you did programming at school. So I was always interested in kind of how to somewhat mischievously apply the techniques I've learned when I was peripherally. So that started off with VBA macros, and then expanded into into Python.
Now, I know a couple of other languages as well. But Python was the main one that I was interested in. And I wanted to figure out how I could use that to write things that would make systems behave in ways that they weren't necessarily intended to behave,
not maliciously, just again, trying to be mischievous. And I guess that's kind of what pushed me down the cybersecurity path was you know, you start you start doing those things, you only really have kind of two ways to go. One of them is, well, frankly, illegal, and the other one is to get into the the offensive side of cybersecurity and pentesting. And that's really what what pushed me over the edge. Very good. How does it feel now that you're training young apprentices as you were once in their position?
I really cannot describe how rewarding that is. It's amazing to see not only the apprentices that were trained, but also all the members of staff that we get to particularly get to train here, seeing them succeed and seeing them, you know, helping them overcome the same challenges that I had to do largely by myself. Because there was no other side of pentesting of variances to really look up to them, especially when I started. I mean, there's a great wealth of talent, but nobody had been through my exact circumstance. So being able to help people with that, being able to really help drive or kind of guide them in the right direction, giving them good learning resources, showing them how I did it and how maybe it'd be you can do it even better than the way I did it. Because again, I was kind of iterating over a series of way methods of teaching myself and that there are naturally better ways of doing that. But there's some really amazing apprentices. Zack Haroon, who we've got here is a is a really rising star, as it were started off with a bit of web apps. And he's like, you know, the research that he's done into application technologies, especially applying Selenium to new scripts, is absolutely fascinating. And then we've got another apprentice, Ben Bender Dezik. Mr. Mr. Dragoness, as I've nicknamed him, we who again, we is a developer now develops applications for internal use, and other tools that he's developed alongside and really he's, he's, he's kind of making his way up through the kind of public up through the apprenticeship and really demonstrating that, you know, that that apprentice mindset, that kind of underdog mindset is is incredibly valuable, and I'm very proud of well, very, very proud of both of them for what they've achieved and what they're on.


Undoubtedly going to go on switch off. And what would you say is the best aspect of your job role? Job Role now? Well, I'm a jetsam leader now. So a lot of penetration testing, really, I mean, I love I've spoken at length about this before, about, you know, it's, it's effectively like being given a Rubik's Cube every day, no different Rubik's Cube every day, and you just have to solve it. And I love puzzles. And I love the ability to kind of apply that, that mindset of getting the the person who designed the systems head and figure out okay, well, if I was then what, what areas? Would I have left unsecured? Or what would I not have thought of? And then how am I going to leverage that into an exploitable instance, in whatever system that we are talking about? Me, me, me testing, you know, via an application, internal infrastructure, desktop app, whatever it is?
And what advice do you have for people that are looking to do an apprenticeship?
Don't presume it tends to be easy, it's not, you know, you are effectively having to study hard for an exam, or a series of exams, whilst also holding down a nine to five job.


Historically, apprenticeships were viewed as the easy option, you know, if you're intelligent, you go to uni, if you perhaps weren't so intelligent weren't so academically inclined, then you'd go and do an apprenticeship because it was easier, but that's no longer the case.
You know, University has its place, and I'm not going to sit here and slander people who went to university, I'm sure that you know, I work with some incredibly gifted university graduates. But working on the assumption apprenticeship is going to be easy, you're just gonna be dusting off and dusting about and really not really not applying yourself. And you're gonna come out of this with this kind of like, fine job and you're going to coast is not true. That is hard work. You're you are working, you're doing all the revision stuff you'd have to do for a university course you're gonna have to do either. As part of the job role, which is one of the advantages of an apprenticeship, you're also gonna have to do some of it on your own time as well. And that's you eat into your evenings, and they are incredibly rewarding. And the end, if you use it properly, it can be massively, massively rewarding. I mean, if I had gone to university, I would have started this job about nine months ago.
Whereas instead, I'm now one of the one of the team leaders, obviously towers.


So it's a double edged sword you can you can reap a lot of rewards from them, but working on the assumption that they're the easy route in is misleading and you will find yourself rather than fortunately, caught out. Well, it's been very good hearing about your journey and experiences as an apprentice Liam, thank you for having me. And how you achieve a team leader role. If you aren't listening to this podcast, and apprenticeship is a very good route to go down. You get real hands on practical experience in a real job learning the key skills in a real work environment. And this is the kind of experience that employers look for when recruiting new staff. Follow Pentest People Spotify page for more.