Penetration Testing: Hacking for a Cause1 | 2 |
Successful pen testers will also supplement their solid technical knowledge with good communication skills.
“There’s still a lot of confusion out there in the market space, so one has to be able to educate on what the difference is [between] this kind of penetration test versus a vulnerability assessment, [or] what the advantages of client versus remote exploit are,” Austin said. “It’s communication skills, documentation skills.”
A typical day for a penetration tester is varied yet full. The initial stages of a project involve working with a client to identify goals.
“So the first phase may be identifying how large their network is, what components they want to identify, and then create a longevity plan in terms of identifying all the risks and exposures,” Austin said. “Then what we’ll do is actually create the penetration testing phase — some people will call that the simulated hacking process — and that’s where we’ll try to compromise the systems, devices and applications from a hacker’s perspective.”
The next stage involves explaining to the client how the penetration testers managed to break into the networks and offering a remedy.
Austin said another aspect of his job involves networking with other penetration testers across the globe to stay abreast of attack trends, methodologies and requirements.
“One of the biggest things that you have to stay up on is education, and not necessarily just certifications,” he explained. “The certifications are really just the foundation. A good penetration tester has to dedicate time almost on a weekly basis just to stay up to date on all the latest threats or techniques that are changing almost daily.”
Once a pen tester has worked his way up the ranks, he can expect to do a fair amount of traveling. Austin said he logs about 100,000 air miles each year.
“Part of my job is actually going out and giving public presentations,” he said. “[Each year], I probably give 60 public presentations on what the latest attacks or trends or new techniques are, so I’m kind of always in a different city.”1 | 2 |