Career Definition of a Penetration Tester
Penetration testers work in the information technology (IT) field with computers and computer networks. Their job is to ensure that the technology is secure so that individuals without authorization cannot access data. They may attempt to hack into their network in order to identify aspects of their system that are vulnerable to attack. They also analyze their system and its components and produce reports concerning their testing methods and results.
They may create their own testing tools as part of their work and in addition to testing computer networks they may also test applications. Once they've identified potential issues with the system they may make changes to the hardware or software.
|Educational Requirements||Bachelor's degree; certification preferred|
|Job Skills||Computer programming skills, strong written communication skills, attention to detail, analytical skills, problem-solving skills, time-management skills|
|Median Salary (2017)*||$80,397|
|Job Outlook (2016-2026)**||28% (information security analysts)|
Sources: *PayScale; **U.S. Bureau of Labor Statistics
In some cases, employers may consider several years of experience in lieu of a degree but most employers seek applicants who have at least a bachelor's degree in a relevant field, such as computer science. Other degree fields that employers may consider include computer engineering or information systems. Depending on the systems used by employers, applicants may need to be experienced with Unix or Linux operating systems so pursuing opportunities to learn about and work with a wide range of operating systems, programming languages and security software is recommended.
Ethical hacker programs last five days and include intense hands-on experience using the latest hacking tools and techniques. These programs prepare individuals to take the certification exam to earn their ethical hacker certification. Certified Information Systems Security Professional (CISSP) certification covers training in a number of topics, including security policies, cryptography and ethics. These are two of the certifications that are required or preferred by employers. Other security certifications or IT certifications, such as Global Information Assurance Certification (GIAC) or Certified Information System Auditor (CISA), may be an asset to those pursuing a career as a penetration tester.
Penetration testers need to have excellent computer skills and familiarity with computer hardware and computer network equipment, as well as computer programming skills. Since they must produce written reports based on their tests and results they need to have strong written communication skills. They need to have the ability to pay careful attention to details and have problem-solving skills to accurately assess the effectiveness of security systems. These skills are also needed to help them effectively identify vulnerabilities and determine how to correct security issues. In order to perform those tasks they also need excellent analytical skills so that they can effectively review relevant data.
Career Outlook and Salary
Penetration testers are encompassed within the U.S. Bureau of Labor Statistics (BLS) listing for information security analysts. From 2016 to 2026, the BLS forecasts a job growth rate of 28% for these professionals. This is considerably higher than the average job growth rate for all occupations during this time period, which means that those interested in becoming penetration testers should find many openings in their field to pursue. According to PayScale, penetration testers earned a median annual income of $80,397 as of 2017.
If a career as a penetration tester sounds appealing, there are other career options in the IT field that involve using similar skills and training that may also be interesting. The list below provides links to information about some of these occupations.