A Day in the Life of a Penetration Tester | Red Team Reality w/ Carson Sallis

This episode originally aired in collaboration with Simply Cyber and is re-released here as part of The Cybersecurity Mentors Podcast archives.
________________________________________

In this episode of The Cybersecurity Mentors Podcast, we sit down with Carson Sallis, Senior Offensive Security Engineer and Vulnerability Researcher at NVIDIA, to break down what a real day in the life of a penetration tester actually looks like.

Carson walks through how professional pentesters approach assessments, research vulnerabilities, and think like attackers in real environments. We discuss what skills matter most for getting into offensive security, how fuzzing is used in real-world vulnerability research, and what aspiring red teamers should focus on learning early.

You’ll also see a live demonstration of fuzzing using AFL (American Fuzzy Lop) and hear how tools like this help uncover bugs that traditional testing can miss.

Whether you’re exploring penetration testing for the first time or actively working toward a red team role, this episode offers practical insight into the mindset, tools, and learning paths used by professional offensive security engineers.
________________________________________

Episode Resources

GitHub (Episode Materials)
https://github.com/cybersecmentors/season_3_ep_6

Carson Sallis
LinkedIn: https://www.linkedin.com/in/carson-sallis/
________________________________________

Recommended Certifications

PNPT – Practical Network Penetration Tester
Simulates a real-world penetration test from start to finish, including recon, exploitation, reporting, and video walkthroughs.
https://certifications.tcm-sec.com/pnpt/?ref=198

PEH – Practical Ethical Hacking
Covers the full pentesting pipeline with hands-on labs and tools used in real engagements.
https://certifications.tcm-sec.com/practical-ethical-hacking/?ref=198

OSINT Fundamentals
Teaches reconnaissance techniques used during the information-gathering phase of pentests.
https://certifications.tcm-sec.com/osint-fundamentals/?ref=198
________________________________________

Hands-On Practice Platforms

TryHackMe – Offensive Path
Guided labs for learning offensive security fundamentals
https://tryhackme.com/

Hack The Box
Real-world pentesting labs and CTF-style challenges
https://www.hackthebox.com/

PortSwigger Web Security Academy
Free training on web application vulnerabilities
https://portswigger.net/web-security
________________________________________

Fuzzing Tools & Resources

AFL (American Fuzzy Lop)
The fuzzing tool demonstrated in this episode
https://lcamtuf.coredump.cx/afl/

AFL++
A modern fork of AFL with extended features
https://github.com/AFLplusplus/AFLplusplus
Fuzzing: Brute Force Vulnerability Discovery (Book)
https://nostarch.com/fuzzing
________________________________________

Tools to Explore

Kali Linux
https://www.kali.org/

Burp Suite Community Edition
https://portswigger.net/burp

Metasploit Framework
https://docs.rapid7.com/metasploit/
________________________________________

Connect With The Cybersecurity Mentors Podcast

• Join Our Community on Skool
Connect with other aspiring and experienced cybersecurity professionals, continue the conversation beyond the podcast.

Link: https://www.skool.com/the-cybersecurity-mentors
________________________________________

Видео A Day in the Life of a Penetration Tester | Red Team Reality w/ Carson Sallis канала The Cybersecurity Mentors Podcast