A day in the life of a pentester (ethical hacker). What’s it like?

A Day In The Life Of A Penetration Tester.

There is demand for experienced IT Security Professionals, especially folk that can defend networks and of course keep prying eyes away from sensitive data, but is the job what most people think it is? Are pentesters (often referred to by the more sexy term ‘ethical hackers’) having a ball, is it a glamorous espionage-type job full of excitement or is it deadly boring or a mix of the above?

Let’s get the definition right straight off the bat: a penetration test that is executed by pentesters is a series of methodologies that are commissioned to evaluate computer and network security by simulating real-life cyber attacks. Simply said, if they find a vulnerability then they have earned their wage and deserve a ‘pat on the back.’ Typically the processes involved are a mix of ‘fun’ and ‘boring’ bits:

The Fun Bits
1. Being able to establish the viability of a particular set of attack vectors (also referred to as an ‘attack-surface’).
2. Researching known vulnerabilities within their clients’ software and hardware stacks.
3. Identifying and patching weaknesses using common pentesting hacking tools (i.e. thinking like a hacker and using their same weapons).
4. Being a legal con-artist through social engineering (i.e. trying to solicit employees passwords etc).

The Boring Bits
1. Auditing the ability through concise (documented) research how network defenders can successfully detect and respond to known cyber attacks.
2. Being able to demonstrate, using evidence, how financial investments will help firm up the clients security profile.

A while back we had a Hacker Hotshot web show with a pentester telling us how he was hired to hack into a well known Las Vegas casino; now that is sexy and cool, but of course, he would have had to document whether he did find vulnerabilities or not. Like every job in the world, there are perks and pros and cons – being a professional penetration tester is no different.

Is It Well Paid?
According to PayScale the average 2013 salary is between $43,279 – $115,574. Not bad. As usual it all depends on experience and specific task knowledge.

A Final Tip and Summary
Specialize is our number one tip. Become the forensics guy, or for example become a financial services penetration tester expert. If you can demonstrate industry know-how with regards to credit card transactions and the ability to firm up financial processes then clearly you will be more in-demand. Alternatively, be a social engineering guru. The weakest link in the IT Security chain is the human. How many ‘dumb’ employees place system admin passwords on a post-it note attached to their monitor and use stupid passwords like ‘password’ – the answer is millions.

If you are new to the information security space then we suggest you learn how to use aLinux Penetration Testing Distro or at least the mostly widely used hacking tools.

Information security certifications? Get qualified and certified? Sure, we’ll leave that up to you to decide if they are worth it (we have a poll on that). If in doubt, take one of our 5 minute practice tests to see if you pass. Although our 5 minute test is a crude benchmark it will give you an insight into your knowledge.

Bottom line – if you are passionate about IT Security and genuinely love it – then go for it and become a professional pentester and we wish you all the luck in the world.

Are you already a pentester? If so we’d love to hear your feedback and comments especially with regards to the accuracy of this post. We censor nothing so be kind or be ‘cruel-to-be-kind!’

Comments

Best Web Design Company in Pondicherry

#Technology has two faces. We all feel it, but sometimes can’t find words to describe it. #Ebooks are the best example to show the 0-1 nature of emotions the #technology evokes. #itwhere provide a #Best #solutions to #Growyourbusiness feel free to drop a #Mail info@itwheretech.co.in www.itwheretech.co.in

Phoenix OS is (another) Android-as-a-desktop

Google Android may have been developed as a smartphone operating system (and later ported to tablets, TVs, watches, and other platforms), but over the past few years we’ve seen a number of attempts to turn it into a desktop operating system. One of the most successful has been Remix OS , which gives Android a taskbar, start menu, and an excellent window management system. The Remix OS team has also generated a lot of buzz over the past year, and this week the operating system gained a lot of new alpha testers thanks to a downloadable version of Remix OS that you can run on many recent desktop or notebook computers. But Remix OS isn’t the only game in town. Phoenix OS is another Android-as-desktop operating system, and while it’s still pretty rough around the edges, there are a few features that could make it a better option for some testers. Some background I first discovered Phoenix OS from a post in the Remix OS Google Group , although I’ve also found mentions of th

HOW TO CREATE UEFI BOOTABLE USB DRIVE TO INSTALL WINDOWS 8/8.1

Before comes Windows 8 and Windows 8.1 you made the bootable iso for Windows 7. Boot from USB and start to setup the Windows 7. Windows 8/8.1 don’t include the traditional BIOS . They use UEFI firmware so you must follow another way to create a bootable USB . If you interest to read what is UEFI you can find a small description here and more details here . UEFI is more secure and faster than traditional BIOS but here comes the problem when you try to boot from an iso file to install Windows 8/8.1 . I have spent lot of hours until found the right way to boot from a USB to install Windows 8/8.1 . As an IT when Windows 8 realeased I download the iso, create the bootable usb to start the installation but never boot.I change USB , download again the iso , create multiple times the bootable usb but every time the same results. After lot of search I understand that must create a UEFI bootable USB to start the installation of Windows 8/8.1 . Follow I will exp

How ad-free subscriptions could solve Facebook

At the core of Facebook’s “well-being” problem is that its business is directly coupled with total time spent on its apps. The more hours you pass on the social network, the more ads you see and click, the more money it earns. That puts its plan to make using Facebook healthier at odds with its finances, restricting how far it’s willing to go to protect us from the harms of over use. The advertising-supported model comes with some big benefits, though. Facebook CEO Mark Zuckerberg has repeatedly said that “We will always keep Facebook a free service for everyone.” Ads lets Facebook remain free for those who don’t want to pay, and more importantly, for those around the world who couldn’t afford to. Ads pay for Facebook to keep the lights on, research and develop new technologies, and profit handsomely in a way that attracts top talent and further investment. More affluent users with more buying power in markets like the US, UK, and Canada command higher ad prices, effectively

So, when will your device actually get Android Oreo?

Google officially just took the wraps off of Android Oreo, but there are still some questions left to be answered — most notably, precisely when each device will be getting the latest version of the mobile operating system. Due to Android’s openness and a variety of different factors on the manufacturing side, it’s not an easy question to answer, but we’ll break it down best we can. First the good news: If your device was enrolled in the Android Beta Program, you’ll be getting your hands on the final version of the software “soon,” according to Google. Exactly what that means remains to be seen, but rest assured that you’ll be one of of the first people outside of Google to take advantage of picture-in-picture, notification dots and the like. No big surprise, Google handsets will be the first non-beta phones to get the update. The Pixel, Nexus 5X and 6P are at the top of the list, alongside Pixel C tablet and ASUS’s Nexus Player set-top box, which will be receiving the upgrade i

Exciting Technology

Search This Blog