Dimitry spends his time probing systems to figure out how they are put together, then prodding further to see what’s wrong with them. But even with an increasing amount of automation — on both the offensive and defensive sides — he stressed that you still need to have an analyst watching and collaborating.
“Automation is something that has to be natural to a team like ours because there’s just no way we can test everything manually from the start,” he said. “We need to cast a wide net to be able to probe where the vulnerabilities are, because in today’s day and age, if you are testing a system and you have come up with a way to compromise that system, it’s almost guaranteed that somebody else on the other side of the world has already done that or is working toward doing the same thing.”
The automation helps testers keep up with attackers and put up defenses more quickly and effectively. It’s a delicate dance — a balance of push and shove, thrust and parry. Even knowing that, you may not have guessed that this logically minded, technology-driven tester is also a partner in a holistic medicine school.
“I have to balance things, and I do think that the idea of yin and yang is very powerful,” he said. “You have to be able to balance and draw on different sides of experiences in life.”
Dimitry uses meditation to help him see the bigger picture, reflect and remain calm in a very demanding role where he’s constantly thinking on his feet.
“I would like people to be open to an alternative mindset,” he said, “be open to looking under the hood, be open to collaboration and be open to full-scope testing.”
To Dimitry, a little mindfulness can go a long way toward helping security professionals and penetration testing experts like himself stay focused on the most pressing threats and think creatively to stay one step ahead of ever-evolving attackers.