I was wondering...

To the professional pentesters, do you work alone or in team?

On one hand, working in team is probably better. It's impossible to "know it all" and you can have experts on different topics. You can also discuss ideas and try to help each other. You can also finish the pentest faster.

But my reality is that companies that I work for are cheap, especially these days. They want a cheap pentest completed as fast as possible. The last two contracts I have got wouldn't pay the salary of two pentesters.

Also, I didn't hear much of "teamwork" on this forum. So hence my question, do you work in team and why?

I am so curious... 

I worked alone (for free / fun) at a company once, but later on I had to train another employee the basics to get started so I worked in a team but it wasn't really a team when the other employee was at that time just a trainee   But it was nice to have company instead of stressing about everything myself   (I was under huge time pressure every time, like.. You got 2 hours to prove there's something big time wrong with their network )

However, back on topic. I believe a team of experienced Penetration Testers is definitely a big plus, in fact I believe they are probably able to achieve more if one is e.g. expert in Web App Sec, another in Software Exploitation, a third in Reverse Engineering, a fourth in Social Engineering etc.

I definitely wish that I was part of a team sometimes.   Bouncing ideas off another person can really save time and headaches.  Unfortunately, that rarely happens for me.  This is why this place is so valuable to me.  Even if it is after the fact, I can still learn something new.

I do not know guys, I am still learning but why you do not partner with somebody that will help you remotely sometimes in some specific areas. It is not easy is like a marriage but you can try.

It’s been my dilemma for a long long time IN a perfect world ye right

I typically only take on Pen Tests that are larger, so I can incorporate a small team to get the best results. I am no expert in every area like Cisco, DB, Coding etc, so I plan the assessment based on doing what I can knowingly do very well and then bring in specific experts in the other areas where my skills are lacking expert levels. Its tough when companies dictate what resources you have available. So we just learn to be creative and think outside the box

Very good comment, which bring this question:

I am too, a junior pentester. I work in a small city where it is very difficult to find other pentesters. Can I work as a pentester, without having a more senior guy watching over my shoulder?

I try very hard to do the best job possible, but knowledge is power. I can certainly find the "low hanging fruits" and even the medium ones, but where I can maybe find one or two high ones, I am not sure at all if I had miss a few...

T_Bone, we are in the same boat...

And I see another one coming: being asked to be an incident handler at the last minute... Where I work, no one can do this job. Yes, I see this coming big time...

In this case, I will only accept to do it while a more competent company takes over (like, within an hour or so!). I could definitively stop an attack, but I will certainly screw up forensic evidences and so on.

Like being junior in the pentest world (but at least not in IT!), every security problems come to me since I am the only one where I work who "can" handle these things. I guess I have to see it as if I don't do it, no one will.

But that being said, I am not a complete ignorant either! 

@ facsimil3

This is exactly how I see it!