“If you don’t showcase what you did in a report, you never did it.”

Twitter: @isaiahsarju Image: Gregory Rothstein

Isaiah is a curious hacker with a love for people. He’s been hacking things since elementary school when he started tinkering with computers. His first formal information security position was at the Microsoft Malware Protection Center in 2008. Since then, he’s conducted numerous offensive security engagements and helped others become top-tier security practitioners. He relishes a good hack, and his favorite part of any engagement is performing postexploitation activity. When he’s not hacking, teaching, or fighting for a more equitable future, he plays tabletop games, swims, and trains in Brazilian Jiu-Jitsu.

How did you get your start on a red team?

To answer this simply, I started doing network penetration testing consulting and eventually transitioned into red team work because I desired more technical challenges. The skills that have served me well come from a life of asking “What happens if I do this?” all while I built technical experience through IT help desk, systems administration, and the like.

What is the best way to get a red team job?

Develop your skills and then play to your strengths. Build a well-rounded portfolio of offensive security knowledge and then specialize in one or more areas that interest you. Red teams need a diversity ...