Welcome to TechCybero. Today you’ll learn “How to Become a Penetration Tester” and what are the requirements for Penetration Tester (pen-tester) Jobs? Before going into depth, we’ll learn “what is penetration testing (pen-testing)? “
What is Penetration Testing:
A Penetration Testing or Pen Testing means to find and exploit the vulnerabilities that might be used by attackers and assess what might hackers can gain after vulnerabilities exploitation. The Pen-Tester is responsible for finding these vulnerabilities.
Penetration Testing Stages:
There are 7 (seven) stages of Penetration Testing. A brief description of stages is given below:
1. Pre Engagement phase
In this phase of pen-testing, Pen-Tester and the client discuss their goals for pen-test. Penetration Tester set the scope for pen-testing. After the client agree about the scope, the actual pen-testing begins.
2. Information Gathering phase
This is the phase in which Pen-Tester gather publicly information about the client and identifies the potential ways to connect to its system.
3. Threat Modeling phase
After successful information gathering, this phase of penetration testing is about developing plans for an attack on the client system based on the information gathered in the previous phase. In this phase, Penetration Tester thinks like the attacker.
4. Vulnerability Analysis phase
This is the phase of pen-testing, in which Penetration Tester discover vulnerabilities that the attacker can exploit to gain unauthorized access in the client system.
5. Exploitation phase
Exploitation phase is for exploiting the discovered vulnerabilities to gain access to the client system.
6. Post Exploitation phase
Post Exploitation phase is about stealing sensitive data or looking for interesting files. Some say that real pen-testing starts from the post exploitation phase.
7. Reporting phase
Reporting phase is about conveying our findings to the client in a meaningful way. Penetration Testing report contains discovered vulnerabilities and how to fix them.
Prerequisites To Learn Penetration Testing:
Now I hope you have a better understanding of what pen-testing is, what are its stages and what are the roles of Penetration Tester. Let’s move to the main topic “How to Become a Penetration Tester“. The prerequisites to start learning pen-testing are:
- Solid TCP/IP understanding
- Linux and Networking understanding
- Bash Scripting
- Python programming Basics
If you don’t have Bash Scripting and Python skills you can still start learning pen-testing but I’ll recommend you to learn the Bash Scripting and Python before moving towards pen-testing. Here are the links from where you can get basic knowledge of the above prerequisites:
- For TCP/IP Basic Understanding:
- For Kali Linux Training: (You can also download a Free Kali Linux Book)
- For Bash Scripting Basics:
- For Python Programming Basics:
Penetration Tester Careers:
A Pen-Tester is also known as Ethical Hacker. There are different career opportunities for the Pen-Tester within the IT industry. A Penetration Tester can work as a:
- Security Architect
- Penetration Tester (Senior/Junior)
- Security Consultant
- Security Administrator
Penetration Tester Salary:
An average salary of Penetration Tester according to PayScale in 2019 is:
You can find more about the salary of Penetration Tester at PayScale.
Penetration Tester Job Requirements:
There are a lot of requirements for Pen-Tester jobs for different positions with a work experience. Work Experience required for Junior Pen-Tester is 1 year in many companies. For Senior Pen-Tester, work experience range can be from 3 to 5 years or more with Advanced Pen-Testing certifications. One of the best Advanced Penetration Testing certification is LPT (Licensed Penetration Tester) offered by EC-Council.
Penetration Testing is the field of skills and many Penetration Testers don’t hold any specialized degree. Mostly the Pen-Tester comes from BS Cyber-Security or from BS Computer Science, IT or Software Engineering. Almost all Pen-Tester jobs requirement is that a candidate must hold a Bachelor’s or Master’s degree in Cyber-Security, Computer Science, IT or Software Engineering. But holding a Bachelor’s or Master’s degree is not enough for your job in the industry. Many companies prefer the certified Penetration Testers. A lot of certifications are available in the world. Some of the popular certifications are described in the next section. Some of the best Cyber-Security programs are:
- Bachelor’s of Science in Cyber-Security offered by EC-Council
- Graduate and Undergraduate Program in Cyber-Security offered by SANS
- Master’s of Cyber-Security offered by EC-Council
Certifications to Become a Penetration Tester:
If you have a great knowledge of the prerequisites to start pen-testing (mentioned in the previous section), then you can apply for the best certifications of penetration testing. After these certifications you’ll be a Pen-Tester. To become a Penetration Tester, you need to pass any of the below mentioned certification:
- OSCP (Offensive Security Certified Professional)
- CEH (Certified Ethical Hacker)
- CPT (Certified Penetration Tester)
- GPEN (GIAC Certified Penetration Tester)
There are some other certifications in the world but these are the popular within the IT industry. You can apply for any certification but I’ll recommend you to go for OSCP as it is the real pen-testing certification with hands-on exam of 24 hours. OSCP focuses only on pen-testing and is offered by Offensive Security Team (the developers of Kali Linux). CEH is also a beginner level certification but it contains basics of different topics and an exam of 125 multiple choice questions in 4 hours. GPEN and CPT certifications are far better than CEH.
After reading this guide, I hope you’ve a better understanding of penetration testing, penetration testing stages and “How to Become a Penetration Tester”. If you are interested for this job, then go for the certification first before applying anywhere.
Looking for your Comments……!!!. Comment here and share your experience with us.