Job profile: Become a penetration tester
As cybersecurity breaches continue to rise, the onus is on organizations to intensify protection of their systems and data. It is crucial for companies and government entities to ensure that information security is robust enough to withstand attacks by malicious hackers.
In order to secure systems and data it is necessary to know how an adversary thinks and acts. This is where ethical hackers or penetration testers come in. The best among them understand how an attacker’s mind works and are well-versed in the methods and devices employed by cyber infiltrators.
2018 was a bad year for end users and organizations. There were lots of data leaks and unsecured databases. Amazon, Facebook, and other major players suffered big breaches. Cybersecurity has for some time been a top priority for CEOs across the globe, but the pressure to secure and protect assets is building.
Indeed, the demand for skilled penetration testers is expected to rise in 2019 as small, medium and large organizations emphasize effective threat management.
Pen testers are responsible for in-depth testing of the security of information systems in order to assess whether infrastructure, data, and applications are impervious to hacking by criminals and terrorists. This entails intricate and meticulous evaluation of all aspects of an organization’s computer systems, creation of status reports, and suggestions about solutions to flaws in the system.
● Meeting with clients and ascertaining their security test requirements
● Reviewing system infrastructure and making a list of items to test in order of priority
● Devising testing processes, including writing code using different technologies, designing and employing tools to identify and exploit weaknesses, and determining penetration techniques and analyses
● Conducting assessment of systems, networks and applications in order to identify weaknesses and hack into the system. This may include remote testing of networks
A pen tester must also communicate his or her findings to all stakeholders so as to enable them to understand the functional and business outcomes of these flaws, as well the importance of implementing appropriate security controls, following best practices, and changing their behavior.
These audiences need to be made aware of how a system, network or application works, how it can be penetrated, the operational impact of an exploit, and how to fix vulnerabilities and minimize risks.
An ethical hacker operates by employing the same methods as a malicious hacker, but with the intention of identifying vulnerabilities and helping clients to address security issues in order to protect their systems and data from exploits.
In a Forbes article, Jeff Williams has helpful advice for aspiring penetration testers: “Don’t try to learn everything all at once. Focus on a single critical risk and everything about it. Then you can be an effective part of a team and expand your skills as you go.”
To be an effective penetration tester, you will need to develop or acquire the following skills and knowledge:
Deep understanding of every facet of complex computer systems and how they operate.
A sound grasp of a wide range of software and other technologies so that you can test them. It is necessary to have adequate coding skills to develop applications to identify and exploit vulnerabilities. Hands-on experience with widely-used tools is essential.
A sharp eye for detail in order to plan and develop penetration processes and applications that put clients’ systems to a thorough test.
Organizational skills and discipline in order to complete each project successfully on time.
Perseverance to use different testing techniques where necessary to identify weaknesses so that no flaw escapes detection.
Understanding of normal user behavior so as to be able to spot unusual activity that could pose a risk.
Superior oral and written communication skills in order to explain the financial and operational implications of vulnerabilities to non-technical and technical stakeholders.
Basic knowledge of the business in order to explain the business outcomes of vulnerabilities detected to the management.
Ability to write detailed reports, clearly describing weaknesses in a system, and the potential effects on operations and the business.
Expertise to formulate solutions to security flaws.
Experience and training
Penetration testing is not an entry-level role. Ethical hackers are normally expected to have at least 2 to 4 years of industry experience in cybersecurity.
Many penetration testers have a degree in an IT-specific subject, such as computer science, systems engineering, information systems, network engineering, or electrical engineering. New graduates don’t normally find work as ethical hackers, however, straight out of college. Of late, a few companies have begun inducting graduate trainees.
In most cases, a candidate is required to have a few years of relevant work experience. Some organizations also view professional certifications as validation of industry-specific skills, knowledge and experience.
There are several vendor-neutral as well as vendor-specific credentials available today. What you choose to pursue will depend on education, experience, area of specialization, professional goals, and employer requirements. Some popular certifications include:
Certified Ethical Hacker (CEH)
The vendor-neutral CEH credential from the EC Council validates knowledge of ethical hacking. To become a Certified Ethical Hacker, a candidate needs to pass a 125-question, 4-hour, multiple-choice exam.
Though some job adverts specify the CEH certification, it may not be suitable for those looking for in-depth hands-on training. This credential doesn’t emphasize practical training as much as some others do.
The GPEN certification is offered by the SANS Institute. This credential demonstrates hands-on expertise in information security. There are a number of exam prep options, including courses from SANS Institute, which have a comprehensive practical component.
According to SANS, there are 7,964 certified GPEN analysts as of Jan. 3.
The OSCP is a vendor-specific credential from Offensive Security, the company that maintains Kali Linux. It validates the ability to identify and hack into a range of operating systems and applications. To earn this certification, candidates need to complete the Penetration Testing with Kali Linux (PwK) course and pass the 24-hour totally practical exam (no questions and answers, just hands-on demonstration of your skills).
This certification is generally considered one of the most technical certifications available today.
Other credentials include (ISC)²’s all-purpose Certified Information Systems Security Professional (CISSP) credential, EC-Council’s Licensed Penetration Tester (LPT), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), and the newly introduced PenTester+ offered by tech industry association CompTIA.
It’s a good idea to discuss different options with your peers and seniors in the industry before deciding on a certification.
While many hackers target exposed systems, some aim at secured databases, using sophisticated methods that are not easy to detect. An adept penetration tester stays abreast of the latest developments in cyber space and keeps learning about current tools and technologies in order to stay ahead of attackers and stop them in their tracks.