Pentester Philipp explains which platforms and steps make getting started easier and why specialization is key
How do you become a pentester? What does a test actually look like? Which vulnerabilities are truly critical, and how is AI changing the field? While in the first part of our interview pentester Philipp Kappeller shared exciting insights into real-world engagements, part two focuses on how to find your way into pentesting step by step and what collaboration looks like within CANCOM’s roughly 20-person pentesting team: cross-location, highly collaborative, with clear knowledge transfer and well-defined specializations. He also puts the role of AI into perspective and explains why attack simulations will become even more dynamic in the future.
12. June 2026
|
Reading time: 6 min.
CANCOM Slovakia: In the first part of the interview, you already talked about your work as a pentester. How do you actually become a pentester?
Philipp: In Germany, there is no traditional vocational training specifically for pentesters. An IT security degree is very broad and only partially aligned with what you actually need later in pentesting. Very solid foundations are provided by vocational training programs such as IT specialist for application development or IT specialist for system integration.
For getting started, learning platforms like TryHackMe are ideal – they teach essential basics in a very practical way, with challenges and clearly traceable learning progress. After that, I recommend Hack The Box: it’s similar in structure but more demanding. It’s a capture-the-flag platform where you hack virtual machines and have to find the “flag.” The difficulty level can be quite high, but for anyone interested, it’s extremely valuable.
When applying for jobs, it’s worth including your platform profiles and results. This allows companies to assess which skills you already have and, above all, to see how motivated a potential employee is. Certifications usually come later in your career. One very important thing at the beginning: don’t try to do everything at once! It’s much better to tackle one area at a time – otherwise it quickly becomes overwhelming.
CANCOM Slovakia: How was it for you? How did you get into the profession?
Philipp: Originally, I worked as an IT trainer in personnel and organizational management. A few years ago, I decided to retrain as an IT specialist. The classes were taught by an instructor who also ran a pentesting company himself, specializing in small and medium-sized businesses in our region. His stories fascinated me so much that I did an internship there and joined the company full-time after completing my retraining.
What attracted me most were the varied and sometimes unusual tasks. Three years ago, I continued my journey as a pentester at CANCOM.
CANCOM Slovakia: What does the process look like when a customer decides to commission a pentest?
Philipp: First, the customer signs a contract with CANCOM in which the scope of the assignment is clearly defined. Since we need explicit permission for everything we do, the contract specifies, for example, which domains or IP addresses we are allowed to test because much of what we do would be illegal without authorization.
Once the contract is signed, I discuss the current situation with the customer: What tests or security projects have already been carried out? What makes sense as the next step? Together, we choose the appropriate type of pentest or a combination of different approaches. We then carry out the test and document everything.
At the end, the customer receives a report with the identified vulnerabilities and a detailed list of findings: What weaknesses did we find? How did we exploit them? What risks do they pose? And most importantly: how can they be fixed? We also offer solution workshops.
After an on-site social engineering engagement, there is an additional process log almost like a short story with photos, for example of tilted windows or unlocked doors.
CANCOM Slovakia: What types of vulnerabilities do you encounter most often in your tests? What do companies tend to underestimate?
Philipp: Very often, we see outdated operating systems and software. There are still companies running systems like Windows 7. These often have unpatched vulnerabilities that are incredibly easy to exploit.
Another classic issue is so-called shadow infrastructure: applications that were installed at some point, later forgotten, and continue to run in the background. Many of them are outdated and have serious security vulnerabilities.
CANCOM Slovakia: How is artificial intelligence (AI) changing your work? Does it help attackers or defenders more?
Philipp: In fact, both sides benefit. On the defensive side, there are now AI-powered firewalls or vulnerability management tools. AI is also used to detect phishing emails and raise alerts, and AI-assisted EDR solutions are increasingly being deployed.
On the other hand, it’s becoming very clear that AI – especially large language models – is also being used more and more offensively, with increasingly effective results. This starts with the simple use of LLMs to quickly create scripts that automate time-consuming tasks. At the same time, there are now specialized models for vulnerability discovery, such as Claude Mythos, which is currently being widely discussed. All of this significantly lowers the barrier to entry.
However, it’s important not to forget that AI tools themselves can contain security vulnerabilities. That makes it all the more important to configure them carefully, patch them promptly, and not trust them blindly. Ultimately, the same principles apply here as with any other software.
You can really feel that massive changes are happening right now – if not an entirely new arms race – and a lot more will happen in the coming years.
CANCOM Slovakia: What do you think red teaming will look like in five years?
Philipp: I can imagine AI playing a much stronger role and supporting pentests especially in repetitive tasks. I also expect customers to increasingly book continuous assessments – for example via the CANCOM Cyber Offense Center, where a server is installed on the customer’s premises that allows us to connect and test at any time.
CANCOM Slovakia: How do you stay up to date in such a fast-moving field?
Philipp: That’s actually quite difficult, because computer science is huge and full of specialized fields – and pentesting itself also has many sub-areas. That’s why you shouldn’t try to stay up to date on everything, but instead specialize.
Four areas are a good framework, for example web application pentesting, internal infrastructure, social engineering, or physical security. You should choose the topics that genuinely excite you. Only then will you stay motivated and continue learning almost automatically.
CANCOM Slovakia: How is the team at CANCOM structured?
Philipp: At CANCOM, we have a team of around 20 pentesters. For every type of test, there are specialists – even in niche areas. Working together is a lot of fun: we collaborate across many locations, exchange ideas in Teams channels, conduct pentests together, and support each other. That’s how we grow together, continuously improve, laugh a lot – and never get bored.
CANCOM Slovakia: Thank you very much for your insights.
You can find the first part of the interview with Philipp, in which he shares exciting insights into real attack scenarios, here.
Even though the year is coming to an end, we at CANCOM definitely haven’t slowed down. We’ve managed to organize a high school visit, hold our regular company-wide meeting, organize an internal hackathon together with our German colleagues, and still find time for a discussion about our work.
Reading time: 3 min.
