A Day In The Life Of A Pentester (Ethical Hacker)… What’s It Like?

A Day In The Life Of A Penetration Tester/ Ethical Hacker

There is demand for experienced IT Security Professionals, (one million in fact); especially folk that can defend networks and keep prying eyes away from sensitive data. Key to the demand are Cybersecurity Professionals that have the actual skills to defend (Blue Team) or attack/ offensive (Red Team); and typically we think about Penetration Testers when this subject come up.

Update! We wrote this blog post years ago when the landscape was different. Things have only gotten worse. Anyways, we have an awesome new post that is updated on a much more regular basis in which we interview Professional Penetration Testers and ask them for their advice and experience on how they became Professional Hackers.

We’ve interviewed DOZENS of Professional Hackers…

See The Interviews Here…

What Does Being A Pentester Involve?

Are pentesters (often referred to by the more sexy term ‘ethical hackers’) having a ball, is it a glamorous espionage-type job full of excitement or is it deadly boring or a mix of the above?

Let’s get the definition right straight off the bat: a penetration test that is executed by pentesters is a series of methodologies that are commissioned to evaluate computer and network security by simulating real-life cyber attacks. Simply said, if they find a vulnerability then they have earned their wage and deserve a ‘pat on the back.’ Typically the processes involved are a mix of ‘fun’ and ‘boring’ bits:

The Fun Bits:

  • Being able to establish the viability of a particular set of attack vectors (also referred to as an ‘attack-surface’).
  • Researching known vulnerabilities within their clients’ software and hardware stacks.
  • Identifying and patching weaknesses using common pentesting hacking tools (i.e. thinking like a hacker and using their same weapons).
  • Being a legal con-artist through social engineering (i.e. trying to solicit employees passwords etc).

The Boring Bits:

  • Auditing the ability through concise (documented) research how network defenders can successfully detect and respond to known cyber attacks.
  • Being able to demonstrate, using evidence, how financial investments will help firm up the clients security profile.

Is It Well Paid?
According to PayScale the average 2013 salary is between $43,279 – $115,574. Not bad. As usual it all depends on experience and specific task knowledge.

A Final Tip and Summary
Specialize is our number one tip. Become the forensics guy, or for example become a financial services penetration tester expert. If you can demonstrate industry know-how with regards to credit card transactions and the ability to firm up financial processes then clearly you will be more in-demand. Alternatively, be a social engineering guru. The weakest link in the IT Security chain is the human. How many ‘dumb’ employees place system admin passwords on a post-it note attached to their monitor and use stupid passwords like ‘password’ – the answer is millions.

If you are new to the information security space then we suggest you learn how to use a Linux Penetration Testing Distro or at least the mostly widely used hacking tools.

Information security certifications? Get qualified and certified? Sure, we’ll leave that up to you to decide if they are worth it (we have had a poll on that). If in doubt, take one of our 5 minute practice tests to see if you pass. Although our 5 minute test is a crude benchmark it will give you an insight into your knowledge.

Bottom line – if you are passionate about IT Security and genuinely love it – then go for it and become a professional pentester and we wish you all the luck in the world.

Are you already a pentester? If so we’d love to hear your feedback and comments especially with regards to the accuracy of this post. We censor nothing so be kind or be ‘cruel-to-be-kind!’

Leave a comment or reply below...thanks!