Monday, December 25, 2017

A Day In The Life Of A PenTester (Ethical Hacker)!

There is demand for experienced IT Security Professionals, (one million in fact); especially folk that can defend networks and keep prying eyes away from sensitive data. Key to the demand are Cyber Security Professionals that have the actual skills to defend (Blue Team) or attack/ offensive (Red Team); and typically we think about Penetration Testers when this subject come up.

What Does Being A PenTester Involve?

Are pentesters (often referred to by the more sexy term ‘ethical hackers’) having a ball, is it a glamorous espionage-type job full of excitement or is it deadly boring or a mix of the above?

Let’s get the definition right straight off the bat: a penetration test that is executed by pentesters is a series of methodologies that are commissioned to evaluate computer and network security by simulating real-life cyber attacks. Simply said, if they find a vulnerability then they have earned their wage and deserve a ‘pat on the back.’
Typically the processes involved are a mix of ‘fun’ and ‘boring’ bits:

The Fun Bits:

  • Being able to establish the viability of a particular set of attack vectors (also referred to as an ‘attack-surface’).
  • Researching known vulnerabilities within their clients’ software and hardware stacks.
  • Identifying and patching weaknesses using common pentesting hacking tools (i.e. thinking like a hacker and using their same weapons).
  • Being a legal con-artist through social engineering (i.e. trying to solicit employees passwords etc).

The Boring Bits:

  • Being able to demonstrate, using evidence, how financial investments will help firm up the clients security profile.

Is It Well Paid?

  • According to PayScale the average 2017 salary is between $48,015 – $128,018.
  • As usual it all depends on experience and specific task knowledge.

Source: Here!

No comments:

Post a Comment