This article is part of an IT Career News series called Your Next Move. These articles take an inside look at the roles related to CompTIA certifications. Each article includes the responsibilities, qualifications, related job titles and salary range for the role. As you consider the next move in your IT career, check back with CompTIA to learn more about your job prospects and how to get there.
Attackers are sophisticated and unpredictable, so it’s important to try and understand their motives and approach. Penetration testers are security experts who act like bad guys to identify weaknesses in a network. These weaknesses, also called vulnerabilities, must be managed properly to avoid compromise. Penetration testing and vulnerability management helps prevent cyberattacks.
What Is a Penetration Tester?
A penetration tester, or pen tester, is considered a white hat or good hacker. Although they must think like a bad guy, the end goal is to help organizations improve their security practices to prevent theft and damage. Pen testers target traditional operating systems and devices as well as emerging technology, including Internet of Things (IoT) devices, mobile devices, embedded systems and more.
Some responsibilities include:
- Applying appropriate tools for penetration testing
- Performing social engineering tests and reviewing physical security where appropriate
- Keeping up to date with latest testing and hacking methods
- Collecting data and deploying testing methodology
- Locating, assessing and managing vulnerabilities
- Making suggestions for security improvements and preparing technical responses to security questions
How to Become a Penetration Tester?
Penetration tester is not an entry-level job – you must gain IT and cybersecurity experience first. To start out, you could work as a systems administrator or programmer to become knowledgeable about how systems work, so finding flaws becomes second nature to you. Having a good understanding of computing operating systems, such as Linux and network technology is important. Being able to comprehend scripting language also helps, but to be effective you will need operational experience as well. Certifications like CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), CompTIA PenTest+ and CompTIA Linux+ can help you validate the skills and experience you have as you work toward your next move.
The average salary for a penetration tester is $103,000 a year (CyberSeek.org).
Penetration tester employment is projected to grow 31% from 2019 to 2029, much faster than the average for all occupations (U.S. Bureau of Labor Statistics (BLS)).
Job Titles Related to Penetration Testers
- Security analyst
- Application security analyst
- Vulnerability assessment analyst
- Lead security analyst
Read about more IT jobs featured in Your Next Move.