Cyber Penetration Tester Career Guide & Outlook

Learn What a Penetration Tester Does, the Requirements Needed and Job Growth

Hacking? Not quite. More like, ethical hacking. Yes, there is a profession out there for you where you can legally hack. . . and get paid handsomely for it!

In the cyber security profession, penetration testing, or pen testing, is just one specialty. Using the education and tools you gain in a cyber security major, you can work for the government or a corporation in looking for, finding, and sealing system vulnerabilities. And you’ll do all of this before the black-hat hackers find those same weaknesses.

What Does a Penetration Tester Do?

As with most jobs, some days your work will be dull, with nothing much happening and you just focusing on the next task or pouring through code. On other days, you’ll be confronted with an attack to the security of your system: someone on the outside (or inside) attempting to break into the computer network that you protect.

The plan is that you will have already tested all possible methods of entry, and warned security analysts, incident responders, or others about the possibility of intrusion. It won’t be as exciting as the movies, but you’ll still be probing and poking around within your employer’s computer systems, preparing the system to weather just such an attack.

As an ethical, “white hat” penetration tester, you’ll spend your days inside your employers systems. You may write up reports to explain what you find, or you may sit down in your supervisor’s office to verbally explain your findings. If you think of the work as having a defined beginning, middle, and end; you’ll be measuring and assessing the system, then trying to break into the network, and finally creating a report to warn the company of issues and help system engineers better protect those areas that are weak.

What are Their Responsibilities, Common Duties, and Tasks?

As a certified ethical hacker, you can expect to be a member of a team that carries out penetration tests of your employer’s computer network or system. You’ll likely be teamed up with people who have different levels of skill and you probably won’t be the only person to carry out all penetration tests.

When you and your team find system vulnerabilities, you’ll express these flaws to the Chief Information Security Officer (CISO), Chief Security Officer (CSO), or whichever manager is directly above you; who will then explain them to their own supervisors and begin preparations to secure the system.

Some large teams of penetration testers are known as the Red Team. You could be employed by a nuclear facility, utility system, or a city power grid to look for and prevent exploitation of vulnerabilities.

How to Become a Penetration Tester

At any employment level, a cyber security penetration tester is required to have a degree. This may be an associate, bachelor’s, or master’s degree.

By the time they reach the master’s level, students interested in working as penetration testers should pass cyber security courses in Cloud Computing, Secure Communication Protocols, The Internet of Things, Principles of Cryptography, Advanced Software Engineering and Programming Languages, Web-Based Applications, Security Frameworks, and Specific software tools such as AppScan and Fortify. If this is the level you are striving for, you should also be familiar with Unix, Linux, and Windows. The networking tools Nmap and Nessus should be something you can easily work with. Good penetration testers use several forensics tools as well.

Look for cyber security degree programs that offer certifications such as HackerU Certified Penetration Tester or EC-Council Certified Ethical Hacker. If you are looking to get into your first position as a penetration tester, you should know that employers are looking for programming or IT experience and background.

Typical Requirements for Employee Hiring

Your future employers will likely have varying specific requirements for potential employees such as you. Most employers require at least a bachelor’s degree for an applicant to be considered for this position. You’ll also need to show proof of cyber security experience. You may be able to list any internships that have allowed you to gain valuable experience before you graduate or, if you worked in cyber security before moving into a penetration testing position, your prior work experience will be a definite positive for you.

Be ready to show that you have the technical and soft skills needed to work as a penetration tester. The technical skills include working with your employer’s computer network and probing for dangerous vulnerabilities, then developing a solution to correct it. You’ll use both technical and soft skills when you look for, correct, and instruct colleagues on good security practices such as strong password usage. Relevant certifications will, of course, add significant weight to your resume.

You’ll be busy every day of the week in your job. You’ll need to be able to prioritize tasks and multitask. For instance, you may need to look for passive threats on the same day that you realize a hacker is trying to get into the computer system. Knowing which to do first will ensure you do your best to protect your employer’s computer network. You’ll also have to communicate well with colleagues, team members, and management as you explain weaknesses and how to correct them without judgement.

During your interviews, potential employers will be asking you about your skills, looking for examples and demonstrations of how you would be able to help them protect their networks.

Skills Needed

  • Good to excellent communications skills - You need to be able to write well so that the documentation you provide gives your employers a concise overview of how to strengthen their network; verbally, you need to be able to express yourself well
  • A strong feeling for technology, security, and IT - You must be willing to stay current on the most recent developments
  • Aptitude for performing the technical tasks you’ll do daily - Know how to write and read code
  • Know how to exploit software for different types of applications
  • Know how to ethically hack wireless networks, get around detection systems, and evade firewalls
  • Carry out DoS (Denial of Service) attacks

Salary

Penetration testers are well-paid for their efforts; because they focus on the ethical side of hacking, they can find network weaknesses that other employees or managers don’t have the skills to find. If you are planning to work as a penetration tester, your skills also factor into what you can expect as your annual salary. An entry-level penetration tester may earn an annual salary of $68,000. After a penetration tester has been on the job for a few years, they may see their average annual salary increase to $102,000 and in the later stages of their career, their annual salary may jump up to $116,400. The top 10% of penetration testers in the late stage of their careers can make up to $155,000.

Outlook & Jobs

While the Bureau of Labor Statistics (BLS) does not publish statistics on penetration testers specifically, they do say that information security analysts can anticipate a favorable job outlook from 2018 through 2028. They project an increase in these types of positions of 32%, which is significantly higher than all other occupations combined. Other occupations are tallied to grow by 5% over those 10 years and other computer occupations are projected to grow by 12% over the same time period. For Information Security Analyst positions, this means an increase of 35,500 new job created by 2028.

Another report from a Research and Markets forecast, says that the employment of penetration testers will be worth $1.7 billion by 2021. Due to the increase in cyberattacks, penetration testers will be in very high demand. Their skills are necessary to help develop new methods to keep hackers from breaking into networks or stealing personal information and track vulnerabilities in existing systems.

Financial institutions, banks, healthcare industry providers and retail outlets have all been attacked in recent years. This proves how vital it is for each of these industries to strengthen their computer networks; penetration testers and other information security analysts are vital for this. Focusing on the healthcare industry, which is growing its use of electronic medical records, a strong and well-protected network is mandatory, as HIPAA dictates that information privacy is a right afforded to every patient.

In 2016 alone, over one million cyber security positions were available around the world. This shows a high need and demand for cyber security personnel. Due to their specialized hacking and penetration skills, penetration testers are especially valuable.

Sources:

Cyber Security Careers and Jobs

Chief Information Security Officer (CISO)

These executives oversee information systems and company-wide information security, as well as all departments associated with these systems.

Chief Security Officer (CSO)

These executives deal with information and physical security systems, controlling database and facility entry and all departments that deal with security and surrounding policies.

Chief Technology Officer (CTO)

This executive deals with technology development and implementation. They receive company-wide reports on the use and effectiveness of technology.

Computer Forensics Investigator

Analyze computers or web-based applications in the search for forensic evidence of a crime. This is done in support of the law after commission of a crime, or in efforts to support a company by assessing network vulnerabilities.

Cryptographer

Cryptographers are responsible for deciphering encrypted data. They might do after the commission of a crime. They also work to create better encryption to create stronger networks and safer data storage.

Incident Responder

Incident responders work with companies or governments to respond quickly after a possible threat has been detected. They find the source of the issue, determine if it’s a real threat, and discover how the incursion occurred.

Penetration Tester

Penetration testers seek to create an incursion. By doing so, they reveal the weak points of a security system so that these points can be secured better in the future.

Risk Analyst

Risk analysts spend their time looking for systems, procedures, or malware which could cause unintended negative occurrences, such as system crashes or slowdowns. They help create procedures to fix these problems quickly if they do occur.

Security Administrator

Administrators are responsible for dealing with all security and safety issues. They may create procedures or policies in order to maintain security company-wide.

Security Analyst

Security analysts maintain company networks and fix issues that come up during normal operation. They may also identify threats and neutralizing them as quickly as possible.

Security Architect

This position requires you to choose or design security elements, whether physical parts that will become a part of the system or the virtual system that will provide access to all the company’s data.

Security Auditor

These specialists may be kept on retainer or brought in after changes are made to a system. They provide a system-wide audit to make sure there are no chinks in the armor of the network or system.

Security Consultant

Security consultants devise plans for a company should they experience an incursion or help companies that are just getting started set up their security system from the ground up.

Security Director

The director of security helps create and review all policies and procedures related to security. They also ensure compliance with local or federal laws related to security concerns, such as the safety of patient data.

Security Engineer

A security engineer is responsible for creating computing systems which increase their company’s security and they solve any issues turned up by a security audit or incursion incident.

Security Manager

These managers oversee security staff on a day-to-day basis, making sure staffing is steady and all issues are dealt with and reported to the highest-level security professional in the company.

Security Software Developer

Specializing in security software solutions, they create software for individuals to use on home computers or advanced solutions meant for multi-billion-dollar industries or even government agencies.

Security Specialist

This is an entry-level position in which a specialist may monitor or troubleshoot system or network issues. They may perform basic test procedures, reporting all activity and feedback to their manager.

Vulnerability Assessor

These specialists test systems for vulnerabilities, much in the same way penetration testers do. Instead of performing penetration testing, they look through applications or software for possible weaknesses.

Leaders in Cyber Security Education: Find Your Career Today

Get started today on your path to advance your career!