A Penetration Testing Career – Do You Have What It Takes?

Penetration Testing Job

Penetration testing, also known as ethical hacking, is one of the hottest jobs in tech today. What other career lets you pretend you're in The Matrix, working your way into systems like a top-level hacker, all without breaking any laws. Oh, and you're getting paid for it.

With a real-world penetration testing job, though, you're not just playing at hacking into systems. You actually are hacking into systems, and your employer's very existence may depend on your ability to do it.

What to Expect From a Penetration Testing Career

As a penetration tester, often known as a “pen” tester, your job is to identify security vulnerabilities in a company's internal systems and outward-facing applications. You might test a whole system, but you'll probably test only part of a system at a time. 

Either way, you are responsible for finding any weaknesses that a hacker could use to get in, so you need to run a lot of tests. 

lot of tests. 

No real job is as glamorous as the movies, and penetration testing really is no exception. Some of the tests you have to run are repetitive. If the system is strong, you'll get a lot of negative findings and just move on to the next test without much fanfare. 

But sometimes, you'll hit the proverbial pay dirt.

You'll figure out how to breach a system before a criminal does. You'll show your client how to patch up the hole in the system and keep sensitive data out of the wrong hands. On those days, you'll earn your client's unending gratitude.

What Kind of Person Does This?

If you're drawn to ethical hacking jobs, you probably have an analytical mind. You love problems because solving them gets your mind working overtime, and you believe that a brick wall is just a test of how badly you want to get to the other side. 

These are the qualities that you need as a penetration tester. It's a challenging job, but some people really thrive in it. These are the people who have:

  • a genuine interest in how systems work 

  • a tactical mindset 

  • a quick mind 

  • persistence to a fault

Perhaps most importantly, though, you need to be a good communicator. Contrary to the stereotype of the reclusive and awkward tech geek, you won't get anywhere in pen testing unless you can communicate your highly technical work to someone in a different field. Put simply, you need to make your client understand what you've found and why it matters.

Great Expectations

When a company hires you as a penetration tester, it puts its most sensitive and valuable data in your hands. Your clients will want to know that you can do the job, so they expect you to have certain skills. First of all,  you need to know everything possible about operating systems, networks, and scripting. 

Also, there are plenty of automated programs out there that can scan for weaknesses, and a client will need you to know more than the program does. You'll need to be able to find vulnerabilities that have no codes or references within the system because they haven't been found by hackers yet.   

You'll need to be able to integrate new exploits into your existing skill set. Tech is constantly evolving, and hackers are always coming up with new ways to breach barriers. You need to be able to hear about a new exploit, try it out, and figure out how to screen for it.   

Finally, it helps if you know how to code. Some pen testers get by without it, but you'll save yourself a lot of time if you have some basic skills in the most widely used coding languages. 

Let's Talk Money

If you're a good fit, you'll find penetration testing to be a rewarding career in more ways than one. Financially, you start out as an entry-level professional with an average salary around $70,000 and by mid-career, the salary average has crested $100,000.   

By the time you are considered experienced, the average salary is around $115,000. Meanwhile, you will have built up your knowledge of the field and potentially supervise more junior professionals.

Starting a Penetration Testing Career

Naturally, a job like this isn't one you can just walk into from your latest gig at McDonald's or Old Navy. You're working with high-security systems and you might have thousands of people's personal data in your hands. You need training and certifications, not to mention the kind of personality that can handle an intensely high-stakes position. 

So it's not surprising that most penetration testers get into the field from other areas of tech, such as systems administration or programming. The majority of hiring companies want the pen tester that they hire to have at least a bachelor's degree in a field related to IT or cybersecurity. Most also ask for particular certifications.

Entry Level Credentials

If you're just getting started in pen testing, one of the entry-level certifications will show an employer that you're serious about the field. Here are a few of the ones they like to see.

CEH Snapshot (click to enlarge)

Certified Ethical Hacker (CEH) 

The CEH certification is an entry-level credential offered by the EC Security Council.  It requires you to pass a 4-hour, 125-question multiple choice exam that covers the latest tactics hackers use to breach security systems. If you pass this portion, you can take a 6-hour practical exam to demonstrate more advanced knowledge.

CPT

Certified Penetration Tester (CPT)   

The CPT is the entry-level certification offered through the Information Assurance Certification Review Board, more commonly known as the IACRB. The associated multiple-choice exam is two hours and includes 50 questions, 70 percent of which you have to answer correctly to pass.

Intermediate and Advanced Certifications

Even when you're already established in pen testing, you need to show that you're up to date with the latest advances in the field. That's where the more advanced certification programs come in.

ECSA snapshot (click to enlarge)

EC Council Certified Security Analyst (ECSA)

The ECSA is the EC Council's intermediate credential. It requires the candidate to pass a four-hour, 150-question test as well as a 12-hour practical exam. The practical exam presents you with a real organization's network and evaluates your ability to use network scanning, vulnerability analysis, and other common pen testing techniques to get into it.

CompTIA PenTest+

PenTest+

The PenTest+ certification is offered through CompTIA. It is an intermediate-level exam that features written questions as well as a practical questions. Over the course of 2.75 hours, these challenges evaluate our ability to find a system's weaknesses and develop strategies to address them.

CEPT Penetration Testing Exam

Certified Expert Penetration Tester (CEPT)

The CEPT test is the IACRB's follow-up to the CPT exam, and it covers the nine domains of penetration testing knowledge.  These include: 

  • Penetration Testing Methodologies 

  • Network Attacks and Recon 

  • Memory Corruption and Buffer Overflow Vulnerabilities 

  • Reverse Engineering 

The nine domains are covered in a 50-question multiple choice test. The candidate has two hours to complete at least 70 percent of the questions correctly to receive a passing score.

Licensed Penetration Tester (LPT)

The LPT is the EC Security Council's most elite certification. Not for the faint of heart, it requires aspiring recipients to endure a three-level, 18-hour exam. Those who succeed are considered to be the industry's top experts. 

Each level of the exam is six hours long and presents you with three challenges. You advance to the next level if and only if you are able to complete at least one of the three challenges.  In all, you need to complete five of the nine challenges to pass the test. 

You can prepare for the LPT by taking EC-Council’s Advanced Penetration Testing course.

OSCP Certification

Offensive Security Certified Professional (OSCP)

This exam gives you a real-world security situation and 24 hours to solve it. You present your results in the form of notes and screenshots that show what you have learned about the system and its vulnerabilities. Your score depends on the complexity and depth of the vulnerabilities you find.

OSCE Certification

Offensive Security Certified Expert (OSCE)

This one's a real marathon. It takes 48 hours to complete, but it shows that you know how to tackle the security issues that less advanced ethical hackers can't handle. It's one of the industry's most difficult tests. If you've passed it, companies know that you can take on the toughest problems out there.

Passing the Tests

These are not tests you want to mess around with. It's one thing to have to re-take an exam in undergrad, but not when you're investing up to 18 hours in taking the test alone.  Also, you're depending on these tests to start or advance your career. 

Alpine Security understands what's on the line. That's why we offer preparation courses for all of the most commonly requested tests in cybersecurity, many of which come with an exam pass guarantee and exam voucher. 

Most importantly, Alpine hires successful working penetration testers as its trainers and routinely performs penetration testing - it is one of their main services. This real-world experience assures that you're getting the latest knowledge in the field. Don't wait to start hacking for a living. Contact Alpine today and start hitting the books.