The IT security industry is facing a significant skills shortage, and many firms feel pressured to integrate junior penetration testers directly into client projects. At binsec GmbH, we have made a deliberate decision to take a different path. In our core sectors specifically banking, payment, insurance, critical infrastructure (KRITIS), and medical devices, “training on the job” at the client’s expense is neither operationally nor legally justifiable.
The Risk Profile of Our Target Audience
Testing the infrastructure of a bank or a payment service provider means operating in an environment where the margin for error is virtually zero. It is not just about finding a security flaw; it is about verifying it in a way that ensures the stability of critical systems is never compromised. Furthermore, the risk of overlooking critical vulnerabilities due to a lack of hands-on experience is simply too high, especially with medical devices, where patient safety is directly at stake.
Compliance Requirements
Clients in highly regulated industries pay for certified expertise and professional, structured execution. Their expectation is that every tester involved in a project possesses years of practical experience in similar scenarios. A junior may be technically excellent, but the necessary intuition for critical infrastructures is only developed after hundreds of penetration tests.
Our Solution: The Separation of Expertise and Training
This does not mean we do not support new talent. It simply means that we manage binsec GmbH as a pure expert unit. To provide juniors with a solid entry into the industry and to cultivate our own talent, we utilize our Hackeroo brand within the group. The logic behind this is purely operational:
- Different Asset Profiling: Hackeroo handles clients and projects (often SMEs or start-ups) where the risk profile and complexity allow for a structured learning process and are not immediately mission-critical.
- Mentoring Instead of Flying Solo: At Hackeroo, juniors work within a framework secured by Pentest Collective GmbH. They perform manual tests but have an experienced team in the background that ensures quality and intervenes in critical decisions.
- Transparency: We communicate openly that Hackeroo utilizes a different team model than binsec GmbH. This allows for fair pricing for smaller companies while still providing the opportunity to train the next generation of experts.
Conclusion
The separation of companies, brands, and teams is a direct consequence of our clients’ requirements. binsec GmbH remains a senior-only unit for the enterprise and financial sectors, as well as for any other clients who prioritize experience alongside expertise. Those working at binsec GmbH must have a long-standing, proven track record of mastering the craft securely.
Training takes place at Hackeroo, a place where mistakes do not immediately trigger a catastrophe, and where critical infrastructure or financial systems are not at risk. Once the learning curve is mastered, the path to binsec GmbH is wide open.
