How I Found Two CVE’s One Night When I Was Board (Setting Yourself Apart as a Penetration Tester Applicant)

Our industry is facing an identity crisis. Untold amounts of training
opportunities exist with HR processes that cannot come to agreement on
what is applicable and acceptable, what isn’t. Certification diversity is
largely taboo, and when it is, credentials are limited to a couple of high cost
choices that widely price out those with less financial means than others. This
has led to setting a low bar that candidates need to have a figure everything out
themselves, try harder mentality. And as more people succumb to the current
reality and earn these mostly non-negotiable requirements, the value of the
credentials decrease when setting ourselves apart from our peers. As with
credentialing, blogs and code repos have diminished in competitive value as the
industry has been flooded with candidates.


How does an applicant then set themselves apart when they are up against
dozens of other candidates with the same vanilla resume bullets? One almost
universally accepted sign of proficiency are CVE’s. We will cover the process of
searching out potential targets in the public FOSS space, testing them, applying
for CVE ID’s, and leveraging them on the resume and more.