Award-winning cyber security consultancy Pentest People increases headcount and launches graduate recruitment programme

Leeds cyber security consultancy, Pentest People, has announced that it has launched a graduate recruitment programme and hired nine computer science graduates this month, in addition to taking on ten new employees since the start of the year. The company’s rapid expansion follows a record year of growth that generated a 60% revenue increase for the start-up.

Organisations commission Pentest People’s cyber security experts to test their websites, applications and IT systems for any weaknesses that could allow cyber criminals to steal information, damage IT systems, or hold data to ransom.

Led by sales director, Anthony Harvey, and technical director, Gavin Watson, Pentest People has grown from four to eighty employees within three years, with nineteen new members of staff added this year and a second office opened in Cheltenham in May.

When selecting candidates for the graduate recruitment programme, Pentest People looks for graduates with a good understanding of foundational areas such as computer networking, Windows domain configuration, and Web technologies and languages. The company is in regular contact with Leeds Beckett University, Sheffield, Gloucestershire and Abertay universities, which offer Ethical Hacking and Computer Forensics degrees, and exhibits at their careers fairs as well as providing undergraduate lectures on penetration testing.

Commenting on the types of graduates the company looks for, Gavin Watson, technical director at Pentest People says,

We’ve found that computer science degrees often provide excellent grounding in key areas such as networking and coding. However, what we’re really looking for is candidates with a genuine passion for cyber security. We can teach people technical skills, but they need to have a natural curiosity and enjoyment of puzzle solving and lock-breaking to be successful penetration testers.”

New recruits are assigned a buddy who provides general support and advice, and a mentor with whom they can discuss and plan their career development.

To develop their knowledge and skills, graduates on the recruitment programme follow Pentest People Academy Paths which have been written by senior penetration testers to focus on the most relevant knowledge areas in the most efficient order. Each Academy Path includes modules dedicated to a specific concept, offensive security tool, or penetration testing technique. The modules build knowledge using existing online resources and challenges that are related to real-world penetration testing scenarios and include coding solutions wherever appropriate, to allow graduates to use these within their professional assessments.

The overall aim of each Academy Path is to prepare the graduate for an official assessment offered by Pentest People, such as External Infrastructure Testing. However, each path can and often does lead onto another. For example, the Web application testing path leads onto the mobile application testing, allowing graduates to progress quickly to the next stage of their development,” explains Gavin Watson.

During their first weeks on the Academy Path, graduates shadow a senior consultant on a client assessment. When the path has been completed and they feel confident to perform their own assessment, graduates gain hands-on experience, under the supervision of an experienced consultant.

Commenting on Pentest People’s graduate recruitment programme and Academy Paths Gavin Watson said, “We provide our people with specific foundational skills so that they can quickly build their experience under the supervision of senior consultants. Some companies sit graduates in front of lab assessments for their first six months. We want them to gain solid real-world experience early in their careers.”

Following successful completion of the Pentest People Academy Paths, employees typically prepare for the CREST exams to enable them to work towards obtaining CHECK Team Member status, and Pentest People offers financial support and resources to help them toward this goal.

In addition to its graduate recruitment programme, the company also welcomes candidates who are changing careers to enter the cyber security profession and who are working towards gaining Certified Ethical Hacker (CEH), or Offensive Security Certified Professional (OSCP) qualifications.

When interviewing candidates we ask questions that identify people with genuine passion for cyber security. We can teach technical skills, but we can’t teach enthusiasm. A lot of our consultants carry on testing in their own time because they’re doing what they love,” says Watson.

For more information, please visit