What experience do I need for a penetration testing role?

‘Penetration testing’ is one of those pieces of tech-speak that can strike one as slightly strange on first encounter. In fact, it stands for a common technical process which forms a crucial part of the corporate and governmental armoury deployed against cyber-crime. Sometimes shortened to ‘pen testing’, the phrase encapsulates the planned simulation of a cyber-attack against a business’ IT system in order to highlight vulnerabilities.

If you are interested in working as a penetration tester, there’s a range of experience that will give you the best chances, as is not unusual in the IT business generally.

Informal personal interest and experience

Penetration testing is one of those roles where the dividing line between work and personal life tends to be thin. Penetration testers are usually steeped in the tools of their trade, following the latest IT security trends and keeping up with the latest ruses of cyber criminals. Meanwhile, nothing can beat acquiring a deep personal knowledge of the ins and outs of computer networking. As one IT security blogger, Keatron Evans, puts it:

“[Gain a] good knowledge of networking and network protocols. Being able to list the OSI model DOES NOT qualify as knowing networking and network protocols. You must know TCP in and out. Not just that it stands for Transmission Control Protocol, but actually know that structure of the packet, know what’s in it, know how it works in detail.”

Related industry roles/transferrable skills

One career path you could follow is to gain a foothold in a parallel business – working, for example, as a security auditor or administrator. You could then express an interest in getting into security testing, perhaps talking to the manager concerned. You could also get a job in a junior role within a company that specialises in security testing, perhaps working as a customer representative. Other possibilities include getting work on an IT helpdesk, then seeking promotion to a network admin role. From here, you could make more of a sideways move in to pen testing, perhaps getting some professional certifications (such as CREST) under your belt.

Be part of a team with CHECK accreditation

The CESG (Communications-Electronics Security Group) is a government-linked body which provides advice and assistance to the Government on cyber security matters. CESG runs a ‘CHECK’ accreditation scheme for companies. A CHECK-accredited company has been quality-assured by the CESG to provide IT health checks for government departments. Being a member of a CHECK-accredited team could prove to be very effective for future employment prospects.

Update: CESG is now the National Cyber Security Center

Take part in a Cyber Security Challenge competition

This is another CESG-based initiative. Regular competitions allow ethical hackers to test their mettle against various challenges. The Cyber Security Challenge UK website states:

“From identifying software vulnerabilities, to designing new ways of communicating the importance of taking cyber security seriously, our competitions represent the true scope of competencies required [to succeed] as a cyber security professional.”

Success in such a competition could be an ideal springboard for winning your dream pen tester job.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy