Noah Rue


So You Want to Be a Penetration Tester?

A great many hackers are drawn to the allure of penetrating systems and discovering things that others seek to keep hidden. Some even feel they’re doing targeted organizations a favor by pointing out holes in security, while others get a thrill out of showcasing their skills at security conventions and in open forums. Did you know you can get paid for such “beneficial hacking” and avoid the murky legal arena that surrounds it?

Penetration testers, or pentesters, are in high demand by internet security firms worldwide. According to Maryville University, “Pentesters are contracted to hack a system to find holes in security and recommend appropriate measures for patching those holes.” The move from hobby or social hacker to professional pentester seems a natural choice, and there are a few surefire ways to springboard into such a career.

Get a Degree

Not everyone needs a degree, but it goes a very long way towards proving your legitimacy as a professional. Pentesters are considered informational security analysts by the government, and many organizations turn to outside pentesters as consultants and third-party solutions for testing both internal and customer-facing systems.

The United States Department of Labor’s Bureau of Labor Statistics recommends at least a bachelor’s degree in a computer-related field for all informational security analyst positions. A master’s degree focused on information systems may be required for a full-time position with an internet security firm, and a combination of the two provides everything you need to get your foot in the door.

Consider Specific Certifications

A foot in the door might get you a job in the industry, but you are likely to start alongside other recent graduates and transfers on the bottom rung of the ladder. This means time spent checking login pages and designing basic secure databases instead of actual pentesting. If your passions lie along the route of being a professional white-hat tester, this can seem stifling and leave you feeling you have no idea when you can advance.

Check out the wide spectrum of industry-specific certifications that can set your career on the right path. An employee with Offensive Security Certified Professional and/or CREST Certified Tester accreditation is a natural fit for a pentester role in any company. These certifications also make you a valuable asset for those looking to outsource, giving you the ability to go it alone if you feel you have the contacts and resources for freelance pentesting work.

Find the Right Employer

Some employers can help you gain the certifications you need to advance your career. Others may provide the support to help you move from college to the informational security world. All employers, however, should give you the chance to develop your skills and build the portfolio of work you’ll need to succeed as a professional pentester.

Look for work with employers whose offerings match your particular needs. If you’re a recent graduate, that could mean a company with an established clientele and the ability to promote your work across the field. IT professionals looking to move into pentesting, especially those who already have a network of contacts, may benefit from joining a smaller company or a startup and adding pentesting to their lineup of security offerings. Ask potential employers about reimbursement for continuing education and training, especially if the company requires periodic recertification.

Gain Experience

Even if you can’t get right into a pentester position out of the gate, you can still get valuable experience with an informational security firm that can help you gain the skills you need for either full-time or freelance pentesting. East Coast Polytechnic Institute notes that time spent as a sysadmin, network architect or developer can deliver the experience you need to move into the pentesting arena.

Consider these other roles as a resource and source of experience as you enter the IT world. If the company you chose does not currently offer pentesting, work on building a portfolio that will impress a potential future employer. If it does, build your certifications and your case for moving into that field while succeeding in other roles. Information technology changes every day, and flexibility is highly valued in tech workers across the industry.

Follow Industry Trends and Insights

Because IT remains in constant motion, everyone in the industry benefits from staying on top of recent changes and updates. Penetration testers must constantly update their tools and techniques, and even simple updates can affect how a worker goes about penetration on Windows 10 and other major operating systems.

DEF CON and similar conferences offer a great way to stay on top of trends and developments in the field. Even if your employer doesn’t require recertification on a regular basis, these events offer you a chance to get updated a few times a year, if not every quarter. Keeping up with the latest tech and testing news ensures that you remain a valuable asset in the IT world and lets you adjust your techniques to ensure you’re giving your clients the best possible results.

More by Noah Rue

Topics of interest

More Related Stories