Pros
The only pros from this job are: -I'll never join a company out of excitement/eagerness again without deep research. The first mistake I made is I wanted to break into cyber and needed that first job, so they were quick to fire an offer and I got super excited. They told me they would train me, and promise on-boarding. I never received that. Even if you are a startup company, just tell me it's sink or swim. I would have had a lot more respect and less expectations coming in. -Remote work. It's 100% remote, so that's cool. But to be fair, most pen-testing firms are. -Stepping stone (temporary). I'd say if you're hard up for a job go for it. But make sure you read the cons. -Freedom It's pretty laid back, but that's not a good thing especially for the security sector. Especially if you actually don't have a good reason to be laid back. I'll place it up here anyway because some people may want a laid back job.
Cons
-No communication. We had more meetings than actual work to do. This may seem like a good thing, but it's not. Huddles everyday for 30 minutes, no one seemed happy to be there. Not very engaging. No one knew anything about what was going on. They always were hiring people, but not training them. -Remote culture was sketchy. Not a single person ever had a camera. Never knew what most people looked like there. There was a couple of people who tried, but it made remote work feel even more disconnected and not in a good way. -No life/work balance. This company promised 40 hours/week. 2 seniors left after being burned out working 60+ hours/week doing 6 or more assessments every 2 weeks. Hours got longer, but I kept my office hours the same. They also put me as a junior pentester with no experience to pentest a network by myself with zero guidance. That month was so stressful, and I easily work 50 hours/week that month. -Not much PTO (10 days of personal / 5 sick). This was a joke. The CFO was horrible at communication for days off, and honestly I don't even know if they tracked this. I mean, it is remote so this may not be a deal breaker. -Insurance is only 50% covered (you pay out of pocket the other 50%). This isn't too bad, but I couldn't tell you how good the insurance was as they barely got it in December 2021 and fired me in January 2022. -Inconsistent workflow. There were days where we didn't do anything, and I mean nothing. No one to call you and ask how your day is, what work you got going on. Nothing. Then some days were absolute chaos and running behind. We probably delivered more late contracts than on time. I tried to find other things, but everyone is "so busy with meetings." Meanwhile, the QA person is constantly spamming news links in chat as if everyone has time for that. Get some actual work done, or help other juniors out. -No organization. Their version of organization was tracking orders on Excel. Not a good idea. They started to implement Jira, but that's also a bad business decision too, as no one in that firm knew how to train for it or probably had time to. -No performance reviews (I got terminated on my performance review). Yep, they fired me on my performance review. I was so upset, and didn't understand because they always told me I did a good job. Apparently, we weren't a great fit for the company's needs anymore. I asked for a remediation plan, a second chance, or something but they told me no. What's sad about that is HR started the day I got terminated. I never knew why they fired me, and HR actually had to tell me a couple days later. Crazy. Maybe it will get better, but I'll never forget that. -No proper onboarding/training. This was stated above. As a Risk Assessment firm, shame on you for not evaluating employees as a risk to your organization. Make better job applications, and make sure they reflect what you actually need. The rest is up to you in determining how to correct desirable behavior. Proper Training is the risk response to mold acceptable business behavior within the organization. -Too late for HR Department (for me, anyway). Their first day was when I was terminated. This may not be a bad thing, and like I said it might get better. -Terrible management and zero clientele rapport (no real processes or procedures ). I don't know who my manager actually was. I never really knew how to get much done rather than spam random people, or go in chat and ask what I could do. I even had a phone call with one of the managers as he was telling me that they were like "A Jiffy Lube." This was during my solo network pentest (as a junior) and needed help because I was struggling on it. They literally didn't care for this client, as this was a side gig and not their main one. -Zero accountability. This was horrible. They didn't even have any kind of tracking for report writing. The trackers they did have were not managed at all, and I don't even know how they stayed in business this long. -No budget for office and terrible equipment. Yes, this is a thing. They gave me a laptop with 8GB of ram and 4 cores of CPU. It gets better, because this thing had no Ethernet adapter. Terrible. Kind of insecure to pentest with WIFI..... I then had to pay out of pocket and ship this laptop back, only to get another terrible laptop with a single display out. If they can't set you up for success on day 1, what's the point?