CLIMBERS at A-LIGN take many different paths to elevate to the summit of their full potential. Committing to the highest standards of work within our organization is recognized and celebrated through our annual value awards at CLIMB, A-LIGN’s annual teambuilding and training event. Martin Andreev, this year’s recipient of the “Commit to Quality” award, shares his journey as a Penetration Tester and what committing to quality means to him.
Where are you from? How did you get involved in cybersecurity?
I’m from Sofia, the capital of Bulgaria, where I also received my education and master’s degree. I first got involved in cybersecurity and penetration testing when a close friend of mine suggested that I join him to work for a local cybersecurity company.
How long have you been with A-LIGN? What has changed during your time at A-LIGN?
I joined A-LIGN at the beginning of October 2019. When I made this decision a few months in advance, there were no A-LIGN employees in Bulgaria, but I immediately wanted to work with the people I spoke with over the phone, located thousands of miles away.
In general, the penetration testing team has polished a lot of internal procedures and reporting standards. The biggest change I’ve seen is the growth of our team. I was the only penetration tester when I first joined A-LIGN, and shortly after there were three of us on the team in Bulgaria.
What is something you enjoy about the Bulgaria office and team?
I truly enjoy spending time with all my colleagues. We have a saying that, “We are happy to spend a whole day waiting at the airport with each other.” I feel like my colleagues are my friends and I’m eager to meet everyone in the U.S. We are in constant communication even outside of work.
Tell me about your role at A-LIGN.
This is the first role I have where I cannot wait for the weekend to end! I can’t wait to see my next client’s environment and pinpoint any attack vectors that I can leverage and try to exploit.
Penetration testing is my passion. It is a practice that I research in my free time as well, especially when I need to prepare for any certification exams. So, it doesn’t end with the business hours. It is a role where I constantly read the technical news and try to come up with extra hacking tools that could be useful. I also seek out ways to automate parts of our testing process because that allows us to have more time to manually look for even more potential attack vectors.
I’ve been involved with performance testing in my previous positions, which is assessing what kind of load an environment or an application can handle, but I did not research as much. I remember a performance testing handbook open in my web browser as a pinned tab for a couple of years and I never read the whole thing. Now from a penetration testing perspective, I am learning the same technologies, but a lot faster and with all my curiosity. It’s a different mindset because ethical hacking became my obsession.
How did it feel to receive the “Commit to Quality” award? What does that value mean to you?
It was a great honor to be presented with the award. The actual comments submitted with the nomination meant the most.
I put a ton of effort into making sure we provide the best possible version of the deliverable, and by deliverable I mean the penetration test report, because that’s what the clients expect us to produce. I always check the report at least three times, and then another time on a different day. Then I ask for multiple peer reviews before I submit the report to be further assessed by the technical writers and the penetration testing manager. All feedback and comments are always appreciated, and I do the same reviews for my colleagues. We’re not just looking for mistakes, but also for ways to improve the report, make it easier to comprehend and eliminate all gray areas that might be nebulous or confusing for clients.
Even when I have an intern shadowing me, I always try to give them the best experience possible. I seek their feedback just to be sure that what we’re going through is useful to them and they find it educational. Having someone shadow me is not a burden at all, instead I receive a helping hand. I feel that we need to optimize our time, and this is a clever way to get them to learn even more. For example, I might show a colleague how to perform a specific type of passive reconnaissance during an ongoing project, then ask them to do it alone as an exercise for an upcoming engagement of mine. When that new project starts I can use the gathered data from their homework.
What is one thing people may not know about you?
Some may already know, but I’ve been chased by a baby mouflon while trying to balance two mojito cocktails.
What do you do for fun outside of A-LIGN?
I enjoy spending time with my family, playing video games and doing different kinds of sports like swimming and walking. Ethical hacking is also a hobby for me outside of work.
What is your motto/personal mantra?
“Put your best into everything you do.”
I can never let something be done poorly, either at work or in life. I always try to improve mentally and physically and to be the best possible version of myself, not just regarding the services that I deliver.
What’s the most rewarding part about working for A-LIGN?
The most rewarding part about working for A-LIGN is sharing knowledge with the entire team and learning from them. My role allows me to focus purely on my passion for hacking.
What is the most valuable lesson you’ve learned at A-LIGN?
Pick up the phone and call a client when you need to clarify any details. It’s the fastest way to get things in order and complete the test efficiently. Most clients appreciate this type of attention when we actively communicate with them.
In my reports, I also always include a few sentences that describe the client’s applications. I have learned this is a valuable way to let the client know that I understand the purpose of their business and the need for our service. Carrying out a full penetration test is not just a technical venture, it is also providing a positive customer experience.
Have questions about Martin Andreev or joining the A-LIGN team? Contact us firstname.lastname@example.org for more information!