HOW TO BECOME A PENETRATION TESTER
Penetration testers are often called ethical hackers because they attempt to crack into a computer system for the purposes of testing its relative security rather than to steal information or create havoc. In order to become a penetration tester, you'll need to not only know how to write code but also write reports to demonstrate the results of your tests.
A penetration tester has a lot of responsibility on his or her shoulders and their responsibilities only begin when they hack into a system. After that, they become part manager, part technical writer and part security administrator.
Corporations and governmental agencies rely on these specialized professionals to put their security to the test and measure its efficacy against malicious, unethical hackers. If, for instance, a penetration tester determines that a system is sound and incapable of being compromised by criminals or terrorists, the rest of the security team will assume that their job is done.
Penetration testers need constantly update their skills, knowledge and methods for hacking systems. They need to study new security software packages and learn all they can about new protocols in security teams so that they can find the vulnerabilities. A good penetration tester is always learning to stay up to date with current technologies and how they can be exploited.
Not only will they need to assess the weaknesses in a network or certain devices, but they should be able to write reports that communicate these weaknesses. Strong written and oral communication skills are a necessary part of the profession. You will also need to have a good working knowledge of business and management to demonstrate the implications of the weaknesses you find.
For instance, you will need to be able to demonstrate any potential losses in terms of lost work hours, recovery time, loss of intellectual property, and other disruptions once you find a flawed system. If a sales team faces three days of down time after a database is erased or corrupted, it will be important to show the financial impact that it could have for the company. Those findings will be presented to management with all appropriate visual aids to ensure that the case is clear to all stakeholders in the business.
Penetration testers don't only assess problems, but can be instrumental in formulating solutions to those problems. A good penetration test presentation will include suggestions for a network redesign or present a variety of software packages or coding approaches that can help secure the system from attack.
PENETRATION TESTER VS. SECURITY ADMINISTRATOR
Though their work frequently seems to be at odds, the duties of a penetration tester and a security administrator frequently overlap, and each tends to inform the other.
The security administrator is charged with designing and implementing security systems and protocols for his or her department or company.
They need to be able to assess the best security technologies within budget parameters and then assure that their team is capable of rolling out those products in a timely and effective manner.
A penetration tester on the other hand, will try to find ways to undo the security administrator's work. They will spend time researching how to hack into the administrator's systems and then will write reports to show the vulnerabilities and their business implications.
In this way, the two seem like adversaries, but they are both working to strengthen the same system.
When a penetration tester and security administrator work together and strive to find the very best solutions for their network, then the company or department benefits.
POSSIBLE CAREER PATHS
The path to penetration tester is not quite linear as there are many ways to approach this interdisciplinary field. The following graphic should give you an idea of what is involved if you decide to aim your career path towards the profession.
Not many jobs entail quite the scope of a penetration tester, but the career does touch on so many that there are a lot of related specialties for a penetration tester to branch into or from.
Computer and Information Research Scientists study and solve complex problems for businesses, medicine and science, while computer systems analysts help organizations operate more efficiently and safely. Network and computer systems administrators are responsible for the day-to-day security and operation of computer networks in business and almost every type of federal and state agency.
ANNUAL MEDIAN SALARY OF
According to the U.S Bureau of Labor Statistics' current Occupational Handbook, the median annual salary for penetration testers—or information security analysts— is $92,600. With the wide range of knowledge and skills necessary to thrive in this job, it may be possible for a penetration tester to get an MBA and then move into a top position as an Information Security Officer or Information Systems Manager. The Information Systems Manager role position is known to pay above $100,000 per year, with a median yearly salary around $135,800.
The job title penetration tester encompasses a wide range of skills and experiences. In order to succeed and thrive, a great penetration tester will have the coding skill to crack into any system. They should be very familiar with all aspects of computer security, from forensics to systems analysis. It will also be of vital importance for them to have a full working knowledge of how computer security breaches can disrupt business, and a full awareness of the financial and managerial implications of these breaches.