As an upcoming professional in the industry, ensure that you have a properly written penetration testing contract, inclusive of confidentiality and non-disclosure agreements (NDAs), reviewed and verified by a lawyer. This is to ensure that client (target organization) information is protected and that you (the penetration tester) will not disclose any information about the client unless required by law. Additionally, the NDA builds trust between the client and you, the penetration tester, as many organizations do not want their vulnerabilities known to others.

If, during a business meeting with a new client, they ask about previous penetration tests you have conducted and customer information, do not disclose any details. This would contravene the NDA, which protects your customers and yourself and builds trust. However, you can simply outline to the new potential client what you can do for their organization, the types of test that can be conducted, and some of the tools that may be used during the testing phases.