The path of a penetration tester is a path of many possibilities and options that can lead to the primary goal of obtaining and advancing in cyber security as a penetration tester. I've been asked more than once about the necessary steps to enter into the world of cyber security yet there isn't a single guideline that suits everyone. However, I will say that you should be sure about yourself in regards to a specific focus within cyber security and if it is truly a career. Penetration testing should not be viewed as a "job" and an approach that expresses this way of thinking can create a serious disadvantage in the interview process. This blog covers several areas of importance such as education and/or acquiring of skills, applicant process, and advancing as a penetration tester within an agency or a company.Preparation for The CareerEducation
There are multiple paths to preparing for a career as a penetration tester
yet the most common route involves coursework at either a community college or four-year university. Although many employers desire penetration testers with a bachelor's degree, do not underestimate the value of an associates degree at a community college. For example, many community colleges are recognized as a Center for Academic Excellence by the joint relationship between the National Security Agency
and the Department of Homeland Security
- Research and find colleges that are recognized as a CAE (Center of Academic Excellence).
- Choose a program that involves hands-on training.
- If possible, choose a specialty or take coursework that focuses on ethical hacking.
- Check into internships if they are available within the program of the college.
Certifications are a strong topic within the information security world and they have become one of the industry standards of qualification in penetration tester. Although certifications vary by area of content, the certifications that meet the standards of the DOD 8570 bring an efficient level of strength to the background of a penetration tester. Certifications are not the replacement of an undergraduate or advanced degree but rather a supplement to a resume. Also, certifications are another method of expressing interest into cyber security yet the resume is the key to displaying continuous interest or passion about penetration testing.Gaining Experience
Experience is by far the one of the most discussed topics in the field of cyber security and an enormous number of college graduates are faced with the obstacle of gaining experience in the field. Earlier in this article, it was recommended to pursue or consider universities that offer hands-on training and internships. Hands-on training and internships allow someone to gain a specific type of training and knowledge that cannot be obtained via a classroom. Also, the combination of hands-on training and internships help to reduce any learning curve that may be present before starting the desired occupation in a company. It is a common fact that many companies do not have training programs or procedures for penetration testers and it is expected for a penetration tester to already have the ability to perform the duties upon start date.You may also discover other alternative means of gaining experience or demonstrating your knowledge of penetration testing. For example, there are numerous "capture the flag" type of competitions that are excellent for not only strengthening ethical hacking skills but showing the ability to work with other testers if the competition is based on teams. In addition to CTFs, white papers are a great way to demonstrate your knowledge of cyber security as communication of vulnerabilities and mitigation practices is a worthwhile attribute in the workplace.I sincerely hope that this brief article provides some insight on how you can proceed with the pursuit of a career as a penetration tester. Although it may be an arduous road for you in the beginning, persistence is key (no pun intended).