This article has been created to help you understand what you can expect from a career in penetration testing (a branch of cybersecurity). Without wasting any time, let’s get started!
Work
The work of a penetration tester is that of offensive security, meaning that a penetration tester performs an authorised cyber attack on the target organisation it is trying to protect, so that important vulnerabilities can be found and fixed before they can be exploited by hackers. Ethical hacking and penetration testing are two similar sounding professions, however, penetration testing is the one that deals with deeper testing. For example, after completing an ethical hacking course, you will be able to conduct a mock attack on an organisation and pinpoint all the vulnerabilities that you find, but after completing a penetration testing course, you will be able to penetrate the vulnerabilities and find out how much critical damage can each of them lead to.
Courses
For a career in penetration testing, you should look at the courses by EC-Council, like the CEH course (Certified Ethical Hacker) which is one the most widely recognised courses in the world and usually the standard course demanded by employers from their candidates. The CPENT course or the Certified Penetration Testing Professional course is another advanced course by this international body that offers you dual certifications of LPT (Licensed Penetration Tester) and CPENT. All these courses are 40 hours long in duration and can be completed in just 1 week. After completing the courses, you will have to undergo an exam by EC-Council that will test your knowledge and skills and will award you a certification based on your score. Please note that the CPENT course is the advanced penetration testing course that you can and should apply for after you complete your ethical hacking program.
Ambit
As a penetration tester, you will get to tighten the security of all technologies, including the newly emerging ones like Artificial Intelligence, Internet of Things, Cloud Computing and so on. After a while in your career, you can choose to focus on a particular area like cloud pentesting or application pentesting and become a specialised expert in your focus area. However, this is not something that you need to decide right away. In fact, as you work for a while in this field, you will gradually and automatically develop a field of focused interest that appeals strongly to you.
Job responsibilities
- Penetration testing and vulnerability assessment
- Planning and scheduling security testing
- Preparing reports that summarise the test results
- Collaborate with developers, managers, IT, and other teams
- Communicate with different parties like the executives, vendors etc. about the threats and security risks
- Accurately assess the security posture of the organisation
- Test physical security of systems
- Help make security decisions
- Train staff and guide the IT department
- Conduct security audits
Salary
The Bureau of Labor Statistics (BLS) says that the annual median salary of a penetration tester is $95,510. The top penetration testers out of all who were surveyed, make around $153,090 a year on average. The growth in the demand for penetration testers is expected to rise more than 25% in the coming 5 years, which is a great sign for those who have just started to study this discipline.
Skills
To start working as a penetration tester in the industry, you will majorly need a strong base of knowledge in different operating systems, coding languages, testing frameworks and attack surfaces. Apart from your extensive knowledge that you can gain by undergoing a penetration testing course, work experience can also come in handy for obtaining employment for some job roles. However, not all job positions require previous work experience but the better your portfolio is, the better chances you have at landing your dream job. Apart from these technical skills, a penetration tester is also expected to be a great problem solver, a critical thinker, and a highly organised person.
