The Career Path of the Penetration Tester

October 10, 2016 | Views: 16835

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The path of a penetration tester is a path of many possibilities and options that can lead to the primary goal of obtaining and advancing in cyber security as a penetration tester. I’ve been asked more than once about the necessary steps to enter into the world of cyber security yet there isn’t a single guideline that suits everyone. However, I will say that you should be sure about yourself in regards to a specific focus within cyber security and if it is truly a career. Penetration testing should not be viewed as a “job” and an approach that expresses this way of thinking can create a serious disadvantage in the interview process.  This blog covers several areas of importance such as education and/or acquiring of skills, applicant process, and advancing as a penetration tester within an agency or a company.

Preparation for The Career


There are multiple paths to preparing for a career as a penetration tester yet the most common route involves coursework at either a community college or four-year university. Although many employers desire penetration testers with a bachelor’s degree, do not underestimate the value of an associates degree at a community college. For example, many community colleges are recognized as a Center for Academic Excellence by the joint relationship between the National Security Agency and the Department of Homeland Security.

  • Research and find colleges that are recognized as a CAE (Center of Academic Excellence).
  • Choose a program that involves hands-on training.
  • If possible, choose a specialty or take coursework that focuses on ethical hacking.
  • Check into internships if they are available within the program of the college.


Certifications are a strong topic within the information security world and they have become one of the industry standards of qualification in penetration tester.  Although certifications vary by area of content, the certifications that meet the standards of the DOD 8570 bring an efficient level of strength to the background of a penetration tester. Certifications are not the replacement of an undergraduate or advanced degree but rather a supplement to a resume. Also, certifications are another method of expressing interest into cyber security yet the resume is the key to displaying continuous interest or passion about penetration testing.

Gaining Experience

Experience is by far the one of the most discussed topics in the field of cyber security and an enormous number of college graduates are faced with the obstacle of gaining experience in the field. Earlier in this article, it was recommended to pursue or consider universities that offer hands-on training and internships. Hands-on training and internships allow someone to gain a specific type of training and knowledge that cannot be obtained via a classroom.  Also, the combination of hands-on training and internships help to reduce any learning curve that may be present before starting the desired occupation in a company. It is a common fact that many companies do not have training programs or procedures for penetration testers and it is expected for a penetration tester to already have the ability to perform the duties upon start date.

You may also discover other alternative means of gaining experience or demonstrating your knowledge of penetration testing. For example, there are numerous “capture the flag” type of competitions that are excellent for not only strengthening ethical hacking skills but showing the ability to work with other testers if the competition is based on teams. In addition to CTFs, white papers are a great way to demonstrate your knowledge of cyber security as communication of vulnerabilities and mitigation practices is a worthwhile attribute in the workplace.

I sincerely hope that this brief article provides some insight on how you can proceed with the pursuit of a career as a penetration tester. Although it may be an arduous road for you in the beginning, persistence is key (no pun intended).


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. I’ve been fortunate to be on the interviewing side of pen testing when I was asking questions that potential candidates had to answer during the interview. As a result, I prefer to come from personal experience and it is evident that many employers prefer candidates with EXPERIENCE and education to supplement the education. Although certifications are important, they do not form the base of a good resume. If a resume is overloaded with certifications but lacks experience, it will raise a few questions on some recruiters and the managers of the prospective employer. Also, many companies DO NOT have entry-level training programs or the ability to train anyone in the area of pen testing thus it is the reason why the most of the advertised positions prefer “five or six years minimum of experience”.

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?