The Career Path of the Penetration Tester

October 10, 2016 | Views: 16868

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The path of a penetration tester is a path of many possibilities and options that can lead to the primary goal of obtaining and advancing in cyber security as a penetration tester. I’ve been asked more than once about the necessary steps to enter into the world of cyber security yet there isn’t a single guideline that suits everyone. However, I will say that you should be sure about yourself in regards to a specific focus within cyber security and if it is truly a career. Penetration testing should not be viewed as a “job” and an approach that expresses this way of thinking can create a serious disadvantage in the interview process.  This blog covers several areas of importance such as education and/or acquiring of skills, applicant process, and advancing as a penetration tester within an agency or a company.

Preparation for The Career


There are multiple paths to preparing for a career as a penetration tester yet the most common route involves coursework at either a community college or four-year university. Although many employers desire penetration testers with a bachelor’s degree, do not underestimate the value of an associates degree at a community college. For example, many community colleges are recognized as a Center for Academic Excellence by the joint relationship between the National Security Agency and the Department of Homeland Security.

  • Research and find colleges that are recognized as a CAE (Center of Academic Excellence).
  • Choose a program that involves hands-on training.
  • If possible, choose a specialty or take coursework that focuses on ethical hacking.
  • Check into internships if they are available within the program of the college.


Certifications are a strong topic within the information security world and they have become one of the industry standards of qualification in penetration tester.  Although certifications vary by area of content, the certifications that meet the standards of the DOD 8570 bring an efficient level of strength to the background of a penetration tester. Certifications are not the replacement of an undergraduate or advanced degree but rather a supplement to a resume. Also, certifications are another method of expressing interest into cyber security yet the resume is the key to displaying continuous interest or passion about penetration testing.

Gaining Experience

Experience is by far the one of the most discussed topics in the field of cyber security and an enormous number of college graduates are faced with the obstacle of gaining experience in the field. Earlier in this article, it was recommended to pursue or consider universities that offer hands-on training and internships. Hands-on training and internships allow someone to gain a specific type of training and knowledge that cannot be obtained via a classroom.  Also, the combination of hands-on training and internships help to reduce any learning curve that may be present before starting the desired occupation in a company. It is a common fact that many companies do not have training programs or procedures for penetration testers and it is expected for a penetration tester to already have the ability to perform the duties upon start date.

You may also discover other alternative means of gaining experience or demonstrating your knowledge of penetration testing. For example, there are numerous “capture the flag” type of competitions that are excellent for not only strengthening ethical hacking skills but showing the ability to work with other testers if the competition is based on teams. In addition to CTFs, white papers are a great way to demonstrate your knowledge of cyber security as communication of vulnerabilities and mitigation practices is a worthwhile attribute in the workplace.

I sincerely hope that this brief article provides some insight on how you can proceed with the pursuit of a career as a penetration tester. Although it may be an arduous road for you in the beginning, persistence is key (no pun intended).


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. It is good to educate about cyber security..

  2. good article about pentesting career path
    though sometimes even mere self study and practice can work out without having to step a foot in class

  3. Very interesting. What hand on skills are crucial for the role?

  4. Is it possible to get a job in network security field without a degree and prior experience?
    With my full time job not related to networking or security, it is hard to get a degree, also i’m familiar with the learning system of only college in my area and i don’t think it provides any knowledge in this area, so even if i would somehow accomplish to do it parallel with my job, it would be 3 years of spending my free time without advancing in network security,and i don’t think that’s a good choice, so what are chances to get a job without degree and with certifications? i recently got my CCENT and i plan to move on that path- CCNA->CCNA cyber ops/security ->security+ …
    BTW good article!

    • yeah it will be good for u to move in the cyber security feild

    • I have a Information security / Cyber Security degree, and CCNA. IMO if you achieve CCNA security there is not any need for the beginning level of Security+. Here is my personal experience in getting into the field which is the lack of corporate experience.

      • Security + is a widely recognized cert by employers that is fairly easy to get. Why not do it first? No one will hire a newbie pen tester anyway, so get Security +, which is a gateway to an entry level job, then work on the higher level certs while working within the industry. The deeper information will make more sense when you are actually working in a security job, and then when you get your higher level certs, you’ll show industry experience as well, making it easier to get a better job.

        One thing to note. Of security jobs, pen testing is the glamour job that everyone wants. There is actually an oversupply of pen testers looking for those uncommon jobs. On the other hand there is a huge shortage of security analysts… that’s a good place to get going.

  5. I have found the combination between college educational courses to gain either an add-on to a already gained bachelors or to earn an entirely new degree is one the most important steps to take to prepare for this area of the IT world. DOD 8750 is now being replaced with DoD 8140 and will take the combination of skills sets earned through education, certification, and skills to begin to transition from what they listed as certifications needed to those other vendors that deliver the same. If nothing else, a 2 yr degree and a few CompTIA cert’s will land you a pretty good position. Take that position to strengthen our skill set while adding to your education in earning a B.S/B.A and then a higher certification. After a few years you will either be promoted or ready to seek the position you really want.

    I started with CompTIA A+ and Sec+ while taking digital forensics training from AMU. That prep’d me to earn a digital forensics certification and land me a govt. contracting job. I’ve added ethical hacking and penetration testing to that as well – plus yrs on the job experience. I’m about to add Linux as well. Note: CompTIA is about to launch it’s CSA+ in JAN 2017…something to think about. I took the beta and found it to be a high competitor to CEH.

    Look for the skill set when selecting both educational universities and certification vendors. Check out CompTIA’s IT Roadmap to select the best options for your budget and time commitment. It will pay dividends in the end!!!

Page 1 of 212»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?