10 July 2019

A day in the life of an IRM pen tester: Tom Wood

To raise awareness of IRM’s Graduate Pen Tester Scheme, we’ve interviewed some of 2018’s grad intake to find out what it’s really like to work as a pen tester at IRM. Today, we hear from Tom.


Name: Tom Wood

Education/Background: Completed a University degree in Forensic Computing and Security

Age: 22


What is your role?

I am a Graduate Technical Consultant.

What did you do before you joined IRM/how did you come to join IRM?

Before IRM I was at the University of the West of England (UWE) studying Forensic Computing and Security. I joined IRM after searching for graduate penetration testing positions and a mutual friend, who had just started somewhere else in SOC, told me about the role after a recruiter showed it to him.

Why did you choose IRM?

IRM were offering a role for graduates fresh out of university that would take graduates with only academic experience and train them up in the industry. As I had recently graduated with no experience in the industry, I took the role as fast as I could so I could get into the industry!

How do you manage your home and work life balance?

Ensuring that jobs are done in the allocated time allows me to not have to worry about them when I’ve finished them or gone home for the day. Not having to think about work or do extra work unnecessarily keeps you sane. Just ensure that you don’t have to take your work home with you either literally or mentally.

Did you always plan to work in cyber?

Ever since I found out about pen testing, yes. When I was looking at going to university I originally only wanted to do computer science, however, after seeing some talks about cyber (as well as reading about it) I realised that I wanted to do this instead.

Do you find your job challenging? 

Yes. Sometimes you have to learn new things very quickly as a customer’s application or infrastructure is using software you’ve never had experience with before and therefore you need to apply your current knowledge to it with the support of your work colleagues.

Also, the nature of the job is that progression is generally related to how many types of systems you can test and to what quality, so constantly learning new methods is essential. Also take into consideration the ever-changing tech landscape, this is very important.

Tell us how you learn new things 

Typically I learn new things from other consultants when discussing old or current jobs in the office, however, I do also learn in my own time to try and keep myself sharp.

Have you been to any interesting places working in cyber?

I have been to Paris and to the London offices of a well-known telecommunications company where I saw the live news being filmed.

What training opportunities have you got with IRM?

Through IRM, I managed to get Check Team Member (CTM) which is a necessary qualification for pen testing and is what I needed to get into the industry.

What tips would you give to somebody looking to enter the cyber industry?

Start doing technical challenges to develop your skills (CTFs etc.), this will both improve your capabilities as a tester and also shows initiative and willingness to learn on your own.

The next instalment from “A day in the life of an IRM pen tester” will be posted tomorrow. To learn more about the IRM Pen Tester Graduate Scheme, visit our careers page here.