There is demand for experienced IT Security Professionals, especially folk that can defend networks and of course keep prying eyes away from sensitive data, but is the job what most people think it is? Are pentesters (often referred to by the more sexy term ‘ethical hackers’) having a ball, is it a glamorous espionage-type job full of excitement or is it deadly boring or a mix of the above?
The Fun Bits
1. Being able to establish the viability of a particular set of attack vectors (also referred to as an ‘attack-surface’).
2. Researching known vulnerabilities within their clients’ software and hardware stacks.
3. Identifying and patching weaknesses using common pentesting hacking tools (i.e. thinking like a hacker and using their same weapons).
4. Being a legal con-artist through social engineering (i.e. trying to solicit employees passwords etc).
1. Auditing the ability through concise (documented) research how network defenders can successfully detect and respond to known cyber attacks.
2. Being able to demonstrate, using evidence, how financial investments will help firm up the clients security profile.
According to PayScale the average 2013 salary is between $43,279 – $115,574. Not bad. As usual it all depends on experience and specific task knowledge.
Specialize is our number one tip. Become the forensics guy, or for example become a financial services penetration tester expert. If you can demonstrate industry know-how with regards to credit card transactions and the ability to firm up financial processes then clearly you will be more in-demand. Alternatively, be a social engineering guru. The weakest link in the IT Security chain is the human.
If you are new to the information security space then we suggest you learn how to use a Linux Penetration Testing Distro or at least the mostly widely used hacking tools.
Are you already a pentester? If so we’d love to hear your feedback and comments especially with regards to the accuracy of this post. We censor nothing so be kind or be ‘cruel-to-be-kind!’