Keiran Smith

Date of interview: 2022-12-10

What do you do for a living?

I am a lead penetration test engineer at N-able, a leading provider of software to Managed Service Providers

What did you do to get there?

Throughout my youth I had an interest in breaking into software, This lead me down the path of vulnerability research, exploitation and software design concepts. Since I never went through the University and Degree path I spent alot of time contracting until landing my first Developer Job.

Around 6 years ago I started working at SolarWinds before the N-able spin off, Once N-able started their own internal security team I started seeking out the opportunity to be on the ground floor of a new internal Pentest and Red Teaming initiative.

How do you keep up to date with latest developments, threats and techniques?

I get alot of my infosec news from the usual sources like Twitter, Reddit, Bleeping Computer, The Hacker News, The Register and a few others.

I follow a few conferences pretty closely for new techniques and tooling like DEFCON, BlackHat, and a few others. I also make use of a couple of CTF Platforms like HackTheBox and Proving Grounds.

What are the tools or services you rely on for your job?

It really depends on the engagement, For web I obviously use Burp Suite Pro with a collection of both public and private extensions. I also make use of Subfinder, Gobuster, httpx and a few custom written tools for my scenarios.

What's something that you feel most proud about as professional?

I'm most proud of my OSCP, OSEP and OSWE the latter 2 are marathon exams. I'm currently working on OSED to ensure I get the coveted OSCE3.

What advise would you give people who are starting in this industry?

Don't give up, Alot of people try to gatekeep and stop the inexperienced breaking through. You will get your chance just keep practising.

Where can we find about you online?