How to become a Penetration Tester
What is an Penetration Tester?
At the heart of it, a Penetration Tester is someone who performs penetration tests on an organization’s networks, systems, apps, etc. to find vulnerabilities for the organization to patch. However, depending on the organization’s size and other factors, you may also have to make pivots, write reports, and work with other departments and teams within an organization.
What is the Average Salary?
According to PayScale, a penetration tester can make anything from $50,000 to $130,000, making the median $80,238.
What are a Penetration Tester’s Responsibilities?
As with most job roles, responsibilities vary greatly from company to company. Here are some common responsibilities we’ve found by researching job listings from corporations, enterprises and smaller companies.
- Penetration Testing on Infrastructure
- Application Vulnerability Assessment
- Wireless Vulnerability Assessment
- Security Audit and Assessment
- Configure, Run and Monitor Automated Security Testing Tools
- Perform Manual Validation of Vulnerabilities
- Perform Manual Penetration Testing of Client Systems
- Thoroughly Document Exploit Chain/Proof of Concept Scenarios
- IT Security Best Practices and Policy Support
- Effective Communications (including findings and strategy to client stakeholders)
- Develop Comprehensive, Accurate Reports
What Educational Background is required?
Most job listings require a bachelor’s degree in a technical field and 1-5 years of relevant experience. The experience required varies greatly between companies, and educational experience becomes more flexible with more, relevant experience. Some companies will want you to have experience specific to certain environments while others will appreciate a broader understanding.
What Certifications should I take?
Extra Credit- CHFI- Computer Hacking Forensic Investigator
Where should I start?
Formal education is always a great place to start. More and more schools offer cybersecurity majors and even masters programs. After this, we usually recommend that you begin your cybersecurity education with CompTIA’s Security+ Certification, because it will give you great foundational knowledge. Also, make sure you join special interest groups online, or capture the flag competitions as they give you real-time, hands-on experience.
Penetration Testing not for you? Learn How to become a Malware Analyst here!