Alumni Q & A: Dan Astor
Dan Astor (BSIS ’13) Talks About Ethical Hacking
Like many teenagers, Dan loved playing video games and figuring out ‘how things worked.’ His friends considered him the go-to guy for help with computer issues after he completed a few high school computer science classes. At the end of his freshman year of college, he realized he wanted to pursue a career in ethical hacking, also called penetration testing. We recently chatted with Dan to talk about his experience at the School of Information Sciences and to discover what happened after graduation.
Why did you enroll in the BSIS program?
I started college at Waynesburg University, but wasn’t quite sure what I wanted to do once I graduated. I transferred to Pitt because the BSIS program had a concentration in networks and security, which aligned better with my interests, hobbies, and career aspirations.
Tell us about your internship experience.
My internship experience at NEP Broadcasting was great because it allowed me to explore different areas of how enterprise networks worked and how applications are configured to align with the business. My classes definitely prepared me for my internship as I started by performing basic troubleshooting, configurations, and installations. While the experience was invaluable, it did teach me that systems and network administration was not the career path I wanted to pursue in the long run.
Is there anything you would have done differently while at Pitt?
I would’ve paid more attention in my public speaking and professional writing classes. As a consultant, these skills are critical and can be difficult to learn once you’re in a professional setting. I also would’ve taken advantage of some of the more advanced classes offered.
What is your typical workday like as a senior consultant at Security Risk Advisors?
My typical workday varies week to week for the most part. We provide different assessments to a wide array of clients in various industries. These assessments can range from web application, external and internal networks, spear phishing and social engineering, or physical building assessments. The end goal for us is to gain access.
What do you like best about your job?
I love a lot of things about my job, but what I enjoy the most is that there is no real “cookie-cutter” method of going about a lot of our assessments. While we do have a standard testing methodology and the processes can be repeated, each client environment you face introduces new challenges, more secure configurations, and different defensive toolsets. These challenges can make things more difficult, but is very rewarding and the experienced gained is priceless.