‘Penetration testing’ is one of those pieces of tech-speak that can strike one as slightly strange on first encounter. In fact, it stands for a common technical process which forms a crucial part of the corporate and governmental armoury deployed against cyber-crime. Sometimes shortened to ‘pen testing’, the phrase encapsulates the planned simulation of a cyber-attack against a business’ IT system in order to highlight vulnerabilities.
If you are interested in working as a penetration tester, there’s a range of experience that will give you the best chances, as is not unusual in the IT business generally.
Penetration testing is one of those roles where the dividing line between work and personal life tends to be thin. Penetration testers are usually steeped in the tools of their trade, following the latest IT security trends and keeping up with the latest ruses of cyber criminals. Meanwhile, nothing can beat acquiring a deep personal knowledge of the ins and outs of computer networking. As one IT security blogger, Keatron Evans, puts it:
“[Gain a] good knowledge of networking and network protocols. Being able to list the OSI model DOES NOT qualify as knowing networking and network protocols. You must know TCP in and out. Not just that it stands for Transmission Control Protocol, but actually know that structure of the packet, know what’s in it, know how it works in detail.”
One career path you could follow is to gain a foothold in a parallel business – working, for example, as a security auditor or administrator. You could then express an interest in getting into security testing, perhaps talking to the manager concerned. You could also get a job in a junior role within a company that specialises in security testing, perhaps working as a customer representative. Other possibilities include getting work on an IT helpdesk, then seeking promotion to a network admin role. From here, you could make more of a sideways move in to pen testing, perhaps getting some professional certifications (such as CREST) under your belt.
The CESG (Communications-Electronics Security Group) is a government-linked body which provides advice and assistance to the Government on cyber security matters. CESG runs a ‘CHECK’ accreditation scheme for companies. A CHECK-accredited company has been quality-assured by the CESG to provide IT health checks for government departments. Being a member of a CHECK-accredited team could prove to be very effective for future employment prospects.
Update: CESG is now the National Cyber Security Center
This is another CESG-based initiative. Regular competitions allow ethical hackers to test their mettle against various challenges. The Cyber Security Challenge UK website states:
“From identifying software vulnerabilities, to designing new ways of communicating the importance of taking cyber security seriously, our competitions represent the true scope of competencies required [to succeed] as a cyber security professional.”
Success in such a competition could be an ideal springboard for winning your dream pen tester job.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.