Our team is super excited to welcome Tony Punturiero, founding member and moderator of NetSecFocus, as Offensive Security’s new community manager. Some of you may know Tony already, as he’s been a knowledgeable InfoSec community member long before he officially joined us.
As community manager, Tony will ensure that OffSec does an even better job of communicating with our customers, listening to feedback, and advocating internally as the voice of our customers.
We thought it would be fun for the community to learn a bit more about Tony, so we asked him a few questions.
Q: How long have you been in the InfoSec community? What got you interested in pentesting?
A: I’ve been a part of the Infosec Community for the past five years… it began my senior year of high school. One of my teachers taught a security+ course and also gave me my first backtrack cd to practice pentesting. I loved playing with backtrack during the course and learning more about pentesting — I quickly realized it was going to be a major passion of mine moving forward. During my sophomore year of college I was given an offer to spin a cyber lab at my local community college. At the time I was able to teach myself a variety of different things that were in the InfoSec field. One thing that really helped build my skills was competing in cyber competitions. In the past five years I’ve competed in over 230 cyber competitions and also competed for the UMUC Cyber Padawans. I was actually offered a Cyber System Engineering position while competing in a competition. I began working in a Cyber Security Operation Center monitoring threats 24/7 while also competing in cyber security competitions and undergoing training courses. Once I gained a good amount of experience, I felt ready to pursue the OSCP and transition to the pentesting team at the corporation I was working for.
Q: As a pentester yourself, where are you most technically skilled?
A: I have experience coding in python, ruby, and go. I really enjoy coding in powershell and I have been working on a few enumeration scripts to identify roles that are running in Windows Server. My biggest project is maintaining powershell on Kali Linux because it is a fun scripting language and more Linux systems are adding powershell to their distro. For the networking assessments I enjoy finding ways to bypass IDS/IPS rules that clients make. Sometimes they do not even work as they are supposed to identify. For physical assessments Lock Picking is my favorite. I can get out of a pair of handcuffs behind my back in 15 seconds. However, I do need to improve my skills at web app pentesting and exploit development.
Q: Tell us a little bit about Tony outside of pentesting. What are your favorite hobbies?
A: When I’m not on a computer, I’m usually attending security conferences or hacker meetups. I love learning from the community and networking with others. Outside of InfoSec, I really enjoy hiking/camping and traveling around the world. In my free time you can find me working out, playing lacrosse, or playing video games with my friends. My favorite video game ever is The Witcher series.
Q: When did you first hear about Offensive Security?
A: I first heard about Offensive Security from a teacher in high school and I was curious about the training they offered for backtrack. After looking at their courses I saw the PWK course and it had the OSCP cert. I became obsessed with studying and preparing for the course, so I could obtain my OSCP cert. Now my goal is to obtain them all!
Q: What went through your mind as you studied for your first OffSec certification?
A: At first I was nervous about the PWK course because I had heard so many stories about other people failing the exam and I wanted to make sure that I passed it on the first try. I did a lot of research and read many OSCP guides to help prepare myself. While I studied for the course, my work provided me with a variety of opportunities to take other courses that actually ended up helping me prepare for the OSCP. Since I passed my OSCP I decided to write a preparation guide and write about my experience to help future students that were going to take the course and to take the OSCP.
Q: What’s your pet peeve?
A: Lack of respect for others opinions. Everyone has a voice and our opinions should be heard. There are points where we may agree or disagree on things but we should respect their opinion or how they feel no matter what. That is one area of the InfoSec community I hope to be a force in making a positive change.
Q: As a pentester, what’s the best advice you ever received?
A: Make sure you know and understand the tools you are using in an assessment. If you don’t know something or don’t know what a tool does, reach out and ask someone! Questions and curiosity are good things — there’s no shame in it.
Q: Star Wars or Star Trek? Answer carefully…
A: Star Trek. My father was the one who got me hooked into it. “Live long and Prosper” – Spock
Q: What piece of tech do you hope is invented in your lifetime?
A: I am still waiting for a flying car to appear in my driveway. I hate traffic and the time that is wasted driving in cars. Anything that reduces my time in traffic would be awesome.
Q: As OffSec’s new community manager, what’s the #1 goal you hope to accomplish?
A: My main goal is to bring the community closer to OffSec. I want to make sure that the community voice is validated and heard when they provide feedback for OffSec — I want to build a relationship where the community can work together and exchange value with OffSec.
We appreciate Tony taking some time to answer questions. If you’re looking to connect with him or have any questions about OffSec’s courses and certifications, he can be found on Twitter through the handle @TJ_Null.