How to find a career in Software Testing?

How do you recommend I transition my career from functional, requirements-based software testing and test management to security and penetration testing?

Let's assume I have built a successful career as a test lead in fairly traditional software development shops, and now would like to take on a new challenge in the growing field of web and app security and privacy. One less well-covered aspect of the healthcare . gov website debacle is that private details of users was released unencrypted and unprotected onto the web. Ben Simo covers this in some detail on his software testing blog: http://blog.isthereaproblemhere.com/search/label/Healthcare.gov+Security Target Corp. recently had millions of transaction records stolen, giving thieves access to untold numbers of bank accounts via debit card. http://money.cnn.com/2013/12/22/news/companies/target-credit-card-hack/ And of course Edward Snowden made public NSA records showing that the US government has access to the internal communications of huge companies storing vast quantities of valuable user data which they have pledged to keep private. http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/04/how-we-know-the-nsa-had-access-to-internal-google-and-yahoo-cloud-data/ I'd like advice on breaking into this field, with a background as a successful functional software tester and test lead.
Answer:

What I would do is the following: (other peoples opinion will diffe... You must be signed in to read this answer.Connected to GoogleConnected to FacebookBy continuing you indicate that you have read and agree to the . Loading account...Complete Your ProfileFull NameChecking...EmailChecking...PasswordChecking...By creating an account you indicate that you have read and agree to the .

Was this solution helpful to you?

Other answers

's answer has excellent suggestions. Does your current company have a security testing/penetration testing group? If so, I would recommend that you sit down with some of your colleagues in that group and ask them this same question. In my experience, the people who actually do this work are enthusiastic about sharing their knowledge and their understanding. I used to subscribe to mailing lists on penetration testing (back in the days when people actually used mailing lists) and I learned a great deal about the craft (enough to decide that I wasn't well-suited for it!) from those who actually did it. One other thing that you can do is to learn to think like an attacker - i.e. if I wanted to use this Web site/application to break through a system's defenses, how might I be able to do it? Many types of hacker exploits are described on the Web, and you can learn about them pretty easily. Once you learn about some of them, apply your critical thinking skills that you developed while doing functional tests to devise ways that you might be able to employ some of these techniques to your own applications. (I found a very simple back door into an online education Web site by doing exactly this.)

Mike Emeigh

Since you already have a background in test, why not leverage that to help with the transition? Propose a new security testing program at the company you work for. Use business justification mentioned in your question to build interest. Once you have management buy-in, develop a comprehensive plan, perform some threat modeling and do a penetration test. These skills are all key to move into the field of computer security and your background as a successful functional tester will lend credibility to your proposal. Once you have completed this exercise you will have some good stuff to put on your resume and talk about during an interview.

Travis McPeak

Related Q & A:

How To Get Job In Software Testing?Best solution by Yahoo! Answers
How To Do Web Penetration Testing?Best solution by Server Fault
Which web-based software would you recommend for home inventory management?Best solution by Quora
How can I reset the ink cartridge chip by a software?Best solution by Yahoo! Answers
How and where can I register to take the Civil Service Test?Best solution by federaljobs.net

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.