Though it sounds like a guy who just clicks a Bic over and over until it breaks, a pen tester is truly the unsung hero of modern cybersecurity. Penetration testers, or pen testers as they are known for short, are essentially good-guy hackers who uncover vulnerabilities before the bad guys do.

 

What they do

Much of the cybersecurity actions we discuss focuses on what to do after an attack has happened, but pen testers serve a more offensive, proactive role. They are hired by companies to test their digital systems and networks to identify holes and vulnerabilities that might otherwise be taken advantage of by hackers. They not only review code, devices, and applications for risk, they also conduct simulated social engineering attacks to test how well employees respond to softer attacks.

 

How they can help

Pen testers can uncover vulnerabilities that might only otherwise come to light AFTER serious damage has been done. Since they act like hackers, they can anticipate steps a hacker might take and fix those weak spots BEFORE a hack can happen. Once those deficiencies have been addressed, they can also retest the fixes to ensure airtight security going forward.

 

What tools they can use

While some of the social engineering efforts may require some soft communications skills and technical writing proficiency, the pen tester’s toolbox is tech heavy. They will be proficient in one more programming languages (e.g., Python, BASH, Java, Ruby, etc.), cryptography, and remote access technologies, as well as being comfortable in Linux, Windows, and macOS environments. They will also rely on tools unique to their position such as Nmap, Wireshark, John the Ripper, and Burp Suite.

 

How they got there

Most pen testers start in entry-level IT positions with many beginning as network or systems administrators where they build a solid foundation before gravitating to more cybersecurity specific positions.

 

 

Where you can start

Like many IT positions, a degree will be helpful but not required. Obtaining cybersecurity certificates, however, will demonstrate a level of expertise and a willingness and aptitude to learn (and beefs up your resume). Consider a ComTIA Pen Test + or a GIAC  certification, or become a Certified Penetration Tester by passing the CTP exam administered by Global Association for Quality Management.

 

If you’re looking for a fast-paced technical job, where you get to work with the newest technologies, and act like a hacker—but always for good—pen testing may be the perfect fit for you!