Getting Started in Cyber Security: How to Become a Penetration Tester
Chances are you already know what a penetration tester is, but with such an interesting name it seems wise to clarify. Also known as a “pen tester” or an “ethical hacker,” a penetration tester is someone who is paid to try to break into secure networks and systems.
You may have visions of the rogue hacker from the movies that breaks into a bank network to funnel funds to a personal account, but in the real world, a penetration tester is needed to ensure corporations can protect client data and other secure information. Because cyber-crime is on the rise and is considered one of the main threats to businesses, a future as a penetration tester promises to be an exciting path.
What's the Job of a Penetration Tester Like?
While not as thrilling as what’s portrayed at the theater, the job of a penetration tester can be pretty interesting. This type of work appeals to people who enjoy technology and trying to find holes, or exploits, in programming.
Some aspects of being a penetration tester:
- A large number of jobs are held by a independent testers working for a third party consulting firm. These consulting firms often hire penetration testers out to perform testing at other companies.
- For most assignments, you’ll have a limited amount of time (days or weeks) to find weaknesses in systems. Criminal hackers usually spend months trying to crack a network.
- Penetration tests are done for web apps and services, databases, network devices, operating systems, cloud installations, and infrastructure devices.
- In most cases, clients want to know of all vulnerabilities in their systems, and aren’t simply wanting you to just access a specific domain.
- The job requires a fully documented report with your findings and an explanation in both technical and nontechnical terms. Reports will need to identify vulnerabilities and provide reports of risks as well as recommendations to remediate the risks.
What Skills Do You Need to Be a Penetration Tester?
A technology background is recommended for people looking into penetration testing, mostly because of the need to know existing technologies and terminology. However, there are certain personal skills shared by penetration testers.
- Passion for technology and especially for IT Security. You will need to stay on top of the latest advancements to keep doing your job well.
- Background as system admins, network architects and developers. It’s important to understand all areas of enterprise infrastructure.
- Enjoy self-learning. Texts on systems become outdated quickly, which means learning on your own.
- Technical aptitude. Penetration testing is extremely technical. The ability to code is a plus, but at a minimum, you should be able to read code.
- Good communication skills. The main deliverable for the client is the written report. You’ll need to read, write and speak English well.
How Can I Learn to Be a Penetration Tester?
Having a bachelor's degree in a technology field is a plus, but having specific training and or experience with cyber security is the most requested qualification for these positions. Some positions are looking for certifications related to cyber security and specific tools.
The main commonality in qualifications is that you have a broad range of understanding multiple aspects of technology, and that you understand them thoroughly. A sample listing of qualifications might include:
- Knowledge of enterprise Operating Systems, web servers and database systems
- Understanding of patch management, secure configurations and hardening
- Experience in interpreting penetration testing results and formulating a risk decision
- Understanding of network protocols, details of routers, sub-nets, and configuration
- Knowledge of internal and external attack and penetration methodologies and results
- Solid understanding of key network and technical security controls
- Knowledge of industry compliance and testing standards
- Experience identifying information security deficiencies and providing pragmatic solutions
Because of the broad, yet deep, knowledge expected for these positions, an advanced degree could be the most efficient way to get the experience many of these companies are looking for.
Congrats to all the #ECPIGRAD students....Including myself, I completed my last course on Dec. 7, 2014
— ReaLifeSituation (@ReaLifSituation) June 15, 2015
If penetration testing sounds like something that you could flourish in, take a look at our Master of Science in Cybersecurity at ECPI University. In addition to getting the education, you can prep for certifications, gain experience in ethical hacking, and learn industry governance and compliance. The range of knowledge within this program exceeds what you might get in the field in the same time-frame. Contact us to discuss your future. It could be the Best Decision You Ever Make!
DISCLAIMER – ECPI University makes no claim, warranty or guarantee as to actual employability or earning potential to current, past or future students or graduates of any educational program we offer. The ECPI University website is published for informational purposes only. Every effort is made to ensure the accuracy of information contained on the ECPI.edu domain; however, no warranty of accuracy is made. No contractual rights, either expressed or implied, are created by its content.
For more information about ECPI University or any of our programs click here: http://www.ecpi.edu/ or http://ow.ly/Ca1ya.