Tosca tester
How to become an ethical hacker or penetration tester
Penetration testers, or pen testers for short, conduct simulated cyber attacks on a company’s computer systems and networks. These authorized tests help identify security vulnerabilities and weaknesses before hackers can exploit them.
A pen tester’s career often begins with an entry-level position in cybersecurity. In this article, we take a closer look at what penetration testers do, what their roles and responsibilities are, and how to become a penetration tester.
Who is an ethical hacker and who is a penetration tester?
Penetration testers (also known as pen testers) or ethical hackers are “private detectives” in the world of information security. Penetration testing is a cybersecurity profession that involves conducting simulated cyber-attacks on a company’s network and web applications. Penetration testers’ main tasks can include assessing current firewalls and other defences, conducting analyses of security systems and data repositories, and making recommendations to improve a company’s digital security.
Although penetration testers are ethical hackers, the key to testing an enterprise’s defenses is to think like a malicious hacker. As a penetration tester, you must put yourself in the hacker’s shoes and consider all possible entry points, gaps and vulnerabilities in the enterprise security system.
The value of a penetration tester lies in both the services it provides and the problems it helps prevent, from the loss of customer data to the exposure of trade secrets. Some of the common job titles associated with this role are:
- Vulnerability Analysts,
- Information Security Analysts,
- Cloud Security Engineer,
- Security Analysts.
Penetration testers use an offensive defense strategy. The goal is to provide the best possible information security by attacking computer systems as a real hacker would, thus getting ahead of the hacker and helping the company resolve the vulnerability. The result is increased resilience and improved security controls for compromised information and systems.
Ethical hacking vs penetration testing
The terms penetration testing and ethical hacking are sometimes used interchangeably in the cybersecurity world. However, the two terms have slightly different meanings.
Penetration testing focuses on finding security problems in specific information systems without causing damage. Ethical hacking is a broader umbrella term that encompasses a wider range of hacking methods. Penetration testing can be considered as one aspect of ethical hacking.
Both roles overlap with the cybersecurity red team, a group that provides feedback on security from an adversary’s perspective.
What does an ethical hacker / penetration tester do?
As a Penetration Tester, you will play a proactive, offensive role in cyber security by conducting attacks on the company’s existing digital systems. These tests may use a variety of hacking tools and techniques in order to find vulnerabilities that hackers could exploit. Throughout the process, you’ll document your activities in detail and produce a report on what you did and how successful you were in breaching security protocols.
In general, penetration testing involves threat modelling, vulnerability scanning and ethical hacking of networks, operating systems and web applications. More specifically, security testing involves some or all of the following tasks:
- perform tests on applications, network devices and cloud infrastructures,
- design and execute simulated social engineering attacks,
- explore and experiment with different types of attacks,
- develop penetration testing methodologies,
- document security and compliance issues,
- automate common testing techniques to increase efficiency,
- write technical reports,
- review code for security vulnerabilities,
- collect and analyse open source intelligence to find information that has been compromised,
- provide expert knowledge with a focus on offensive security testing operations and work to test the organization’s defenses,
- assist in the scoping of potential engagements and manage engagements from inception through to implementation and remediation,
- conduct evaluations of a wide range of technologies and implementations using both automated tools and manual techniques,
- develop scripts, tools and methodologies to improve testing processes,
- perform social engineering exercises and physical penetration tests,
- test both wired and wireless networks for security vulnerabilities,
- review the results of the assessment to identify lessons learned and develop a holistic analytical view of the system in the environment in which it operates,
- identify the root causes of technical and non-technical findings,
- publish an assessment report documenting the findings and identifying potential countermeasures,
- track and report findings that are repeated across multiple assessments,
- communicate the methods, findings and analyses used when the assessments are completed,
- provide technical support to information security managers in assessment findings removal,
- provide technical support on exploit and network evasion techniques to support comprehensive incident response and forensic analysis of compromised systems.
Where do ethical hackers / pen testers work?
Penetration testers usually work in one of three environments.
Internal: As an internal tester, you work directly for the company or organisation. This usually gives you a good understanding of the company’s security protocols. You will also be able to contribute more to new security features and fixes.
Security firm: Some organizations hire an external security firm to perform penetration testing. Working for a security firm offers more variety in the types of tests you’ll be able to design and perform.
Freelance: some penetration testers choose to work freelance. This route can give you more flexibility with your schedule, but you may need to spend more time finding clients early in your career.
Pen tester / ethical hacker ideal qualities
Self-analysis
Penetration testing is not for everyone, but it is certainly an interesting career for those who choose it. Penetration testing requires exceptional problem-solving skills, an unwavering determination to find vulnerabilities in computer systems, attention to detail, and a desire to stay abreast of the latest trends.
Successful penetration testers must have a high level of each of these qualities in order to excel. Therefore, be honest with yourself when assessing yourself before deciding if pen testing is a suitable career for you.
However, there are common traits among penetration testers that I believe are necessary for them to not only thrive in the field, but to truly enjoy their daily work and environment. These qualities are:
Passion for problem solving
Do you like challenges?
A university degree or recognized training certificate will certainly help you gain the knowledge, skills and abilities needed to work as a pen tester, but a great hacker is a tenacious problem solver. One who has the courage to dig down to the root of the problem and think creatively outside the box.
While you can cultivate this problem-solving mindset through certifications in cybersecurity or penetration testing, it’s important to make an honest assessment of your own enthusiasm and attitude towards solving unique technical problems.
Out-of-the-box creativity
If you want to defend yourself against an attacker, you have to think and act like an attacker. This requires the ability to both respect and think beyond routine procedures such as firewall revisions and scanning for known vulnerabilities. It means you should be able to access a web application without credentials and understand how to start profiling it to plan your attacks.
Insatiable curiosity and love of learning
Curiosity and a love of learning go hand in hand. Almost all the pen testers I know have both, and with good reason: the world of cybersecurity is evolving rapidly.
New hardware, applications, concepts and vulnerabilities are being discovered all the time.
Six steps to becoming an ethical hacker / penetration tester
- Education
It used to be that many employers were known to hire actual hackers and convert them from the dark side to work for the good guys.
In recent years, however, university degrees have become popular for penetration testers. All degrees in the various disciplines of cybersecurity provide real entry into the field. According to Cyberseek, 9% of penetration testers have an associate’s degree, 69% have a bachelor’s degree and 22% have a master’s degree.
Formal education isn’t everything in this field, but it can go a long way in making an individual more insightful and able to see the broader issues that are most important to an organization.
- Career progression
There are several ways in which an aspiring penetration tester can establish themselves in the field. Starting out in security administration, network administration, network engineering, systems administration or application programming, always focusing on the security aspects of each discipline, can provide a good foundation for penetration testing.
- Professional certifications
Employers often want to see a range of professional certifications on an information security candidate’s CV, especially for more senior positions.
Several organizations now offer widely recognized ethical hacking certifications for the penetration testing profession. There are also certified training camps for ethical hackers to help prepare for certification exams.
- Improve your knowledge
Becoming an expert in your chosen field is a good idea in any career, but for penetration testers there are several ways to stand out from the crowd.
Activity and recognition in areas of cybersecurity such as bug bounty programs, open source intelligence gathering (OSINT), and the development of custom attack programs can give penetration testers recognition among peer groups and, more importantly, potential employers or clients.
- Stay on top of news and trends
As with most cybersecurity careers, it’s important to keep up with what’s happening in the industry.
Keep your skills and knowledge up to date with the latest programming and network security trends, ever-changing hacking techniques and security protocols, popular exploitable vulnerabilities and everything else that’s happening in the cybersecurity industry.
- Practice in real and simulated environments
Many companies want to hire penetration testers with previous experience. Fortunately, there are ways to gain experience outside of the workplace. Many pen testing training programs include hands-on testing in simulated environments.
Another way to gain experience (and build your CV) is to participate in bug bounty programs. In these programs, companies typically offer cash rewards to independent pen testers and security researchers who find and report security flaws or bugs in their code. It’s a great way to test your skills and network with other security professionals. You can find a list of bounties on sites like Bugcrowd and HackerOne.
You’ll also find several websites that are designed to allow penetration testers to legally train and experiment through fun, gamified experiences. Here are a few of them to help you get started:
- Hack the Box
- me
- Hack This Site
- WebGoat
Ethical hacker / penetration tester skills and experience
As with all cybersecurity disciplines, employers’ requirements for new hires in penetration testing vary widely depending on the detailed functions of each position and the level of the position.
Some positions still require only an evidence of relevant skills and an appropriate level of IT and security experience and knowledge. However, employers are increasingly looking for candidates with a bachelor’s degree in information security or a related IT background. Some more advanced positions require a master’s degree in cyber security or a related degree, such as a master’s degree in information security.
Work experience that often leads to a career in penetration testing includes software development and programming, security testing, or working as a network or security engineer or administrator, security administrator.
Skills required include:
- Knowledge of specific computer languages such as:
- Python
- Powershell
- Golang
- Bash
- Experience with network protocols, Windows/ Linux/ MacOS, firewalls, IPS/IDS, virtual machine environments, data encryption, and iOS and Android operating systems and mobile operating systems.
- Knowledge of common penetration testing and application security tools such as:
- Aircrack-ng
- Kaduu
- Kali
- Metasploit
- Burp Suite
- Wireshark
- Nessus
- Probely
- Qualys
- Comprehensive software security including API testing
- Threat hunting
- SaaS application security
- Anomaly detection
Ethical hacking and penetration testing certifications
Common professional certifications that employers often look for include those from:
Certified Ethical Hacker (CEH)®
The CEH certification, offered by EC-Council, is one of the most respected penetration testing certifications. During the CEH certification process, you’ll learn a variety of technical skills and tricks – from new attack vectors to reverse engineering malware – that hackers use to penetrate an organization’s security.
CEH certification also means that while you have the skills of a hacker, you won’t use them to engage in illegal activity.
CompTIA PenTest+
CompTIA is an online training provider that offers a variety of cybersecurity certifications, one of the most popular being the CompTIA PenTest+ certification.
Unlike some other more general cybersecurity certifications, the CompTIA PenTest+ credential provides specialised knowledge on how to become a penetration tester and perform vulnerability assessments. During this certification process, you’ll learn how to plan, evaluate, execute and report on penetration tests, as well as useful tools and different attack approaches.
GIAC Penetration Tester (GPEN)
The GPEN certification is one of the more accessible options as there are no specific prerequisites or requirements. However, it is not considered a beginner’s cybersecurity certification.
As you work towards your GPEN certification, you’ll learn how to conduct penetration tests, including useful processes to put in place both before and after the test to best meet the needs of your stakeholders.
Why choose a career in penetration testing?
A career in penetration testing gives you the opportunity to use your hacking skills for the greater good by helping organizations protect themselves from cyber criminals. It’s also a desirable and well-paid career.
Penetration testers are in short supply and the demand is growing. Organisations hire penetration testers to strengthen their information security by identifying and mitigating system vulnerabilities before malicious hackers can exploit them. This reduces the risk of cyber-attacks, which can be costly and damaging to a company’s reputation. Penetration testers often work in teams, collaborating to develop new tests that simulate cybercrime.
Penetration tester salary
According to Glassdoor, the estimated total salary for penetration testers in the US is $114,796 per year. Additional salary may include profit sharing, commissions or bonuses. Your salary will depend on a number of factors, including location, experience, education and certifications. Some industries, such as financial services and military contracting, pay more than others.
A career in penetration testing can be lucrative and rewarding. It requires persistence, tenacity and litres of caffeine. Although it can be daunting at first, your confidence will grow as you gain experience in more areas. This work is based on an ethical principle that can give you a sense of satisfaction.
