Updated April 8th, 2020
What does it mean to be a Penetration Tester?
Do you ever wonder how threat actors are able to pull off a cybersecurity breach? If so, your curiosity is a good thing and there’s a high demand for cybersecurity professionals who think like you do.
Being a Penetration Tester, or Pentester for short, is all about adopting the mindset of the bad guys. Pentesters are driven not only by the curiosity of how networked systems function, but also how threat actors are able to infiltrate and dismantle them. Pentesting is the practice of testing a computer system, network, or web application to find and exploit vulnerabilities before attackers do.
A Day in the Life
Dark Reading advises that the pathway to becoming a pentester is to focus on technical skills rather than the interesting title and red-team façade. In other words, don’t become a pentester just because it sounds cool. Start building your foundation of IT operations from the experience you gain while working as a systems administrator or programmer. Once you acquire a clear understanding of how systems function, you will be able to identify faults, defects, or weaknesses with greater efficiency and aptitude. Also, pentesters should always have a detailed familiarity with the Windows and Linux operating systems, in particular.
Being a Pentester does have its thrills. Pentesters hunt for, and then exploit, organizations’ critical vulnerabilities. However, like most jobs, there’s a bit of repetition. A pentester will go through similar motions and find nearly identical defects after testing an organization’s digital barrier. Indeed, some days are reserved for processing and writing reports. These reports will include valuable lessons for organizations on how to improve their security posture. Individuals who aspire to become a pentesters are not only solely driven by the action or playing the role of an undercover agent. They assume the role of penetration testing because they want to better an organization’s security.
Technical inventiveness alone will not make you a successful pentester. The skill of communication is imperative as you’ll be expected to explain the brilliance behind your hacking techniques to your clients for remediation. Take the advice of David Maynor, a senior consultant who has more than 15 years of penetration testing under his belt, “If you can’t tell people how you did what you did, where you did it, and how you can fix it, it is not really all that valuable.”
Most Valued Skills
- Information Security
- Penetration Testing
When reviewing a stack of applicants for pentesting positions, there are two preliminary questions employers are going to ask: Has this candidate earned the CEH certification? Is he or she able to think creatively? Hiring managers are looking for Pentesters who can solve problems and think in unconventional ways. Here are several certifications (including the CEH) that can convey those valuable abilities.
Thinking like a cyber criminal is a unique psychological skill. You’re not going to run into a shortage of job opportunities if this is how you think, and you’ll be a valuable member of the security team. There are over 13,700 job openings according to CyberSeek and 1,400 jobs according to LinkedIn. The average salary of a Penetration Tester is $103k/year falling in line with the current available positions on Glassdoor ranging from $61k/year to $123k/year.
- Ethical Hacker
- White Hat Hacker
- Application Security Analyst
- Exploit Developer
- Cybersecurity Test Engineer
Doesn’t Sound Like You?
If a career in penetration testing doesn’t excite you, be sure to return for our next post in the Cybersecurity Roles blog series or check out our previous posts here:
- Cybersecurity Architect
- Incident Responder
- Malware Analyst
- SOC Analyst
- Cybersecurity Auditor
- Threat Hunter
- Threat Intel Analyst
- Vulnerability Management Analyst
- Network Administrator