Penetration Tester

Overview and Key Facts

What Do They Do?

A penetration tester could...

Overview

Listen to this section

In movies and in the media, computer hackers are often portrayed as the bad guys—criminals who steal money or important information. What if you could be a good hacker? Somebody whose job is to find security flaws in computer systems; but rather than exploiting them for personal gain, you help fix the problems before criminals can find them? That is what penetration testers—also called "white hat" or "ethical" hackers—do. Companies pay them to intentionally try to break into their systems to expose vulnerabilities. It is a bit like paying somebody to try and break into your house so you can fix a broken lock or loose window if they find their way inside. If you have always dreamed of being a hacker, but do not want to break the law, this could be the career for you!

Do You Have the Skills and Characteristics of a Penetration Tester?

1. Critical Thinking: ? Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
2. Original Thinking: ? Seeking new and creative ways to solve problems or invent solutions.
3. Complex Problem Solving: ? Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
4. Judgment and Decision Making: ? Considering the relative costs and benefits of potential actions to choose the most appropriate one.
5. Systems Evaluation: ? Identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.

6. Quality Control Analysis: ? Conducting tests and inspections of products, services, or processes to evaluate quality or performance.

Core Tasks

Think about if you'd like the typical tasks a Penetration Tester might do:

• Assess the physical security of servers, systems, or network devices to identify vulnerability to temperature, vandalism, or natural disasters.
• Collect stakeholder data to evaluate risk and to develop mitigation strategies.
• Conduct network and security system audits using established criteria.
• Configure information systems to incorporate principles of least functionality and least access.
• Design security solutions to address known device vulnerabilities.
• Develop and execute tests that simulate the techniques of known cyber threat actors.
• Develop infiltration tests that exploit device vulnerabilities.
• Develop presentations on threat intelligence.
• Develop security penetration testing processes, such as wireless, data networks, and telecommunication security tests.
• Discuss security solutions with information technology teams or management.
• Document penetration test findings.
• Evaluate vulnerability assessments of local computing environments, networks, infrastructures, or enclave boundaries.
• Gather cyber intelligence to identify vulnerabilities.
• Identify new threat tactics, techniques, or procedures used by cyber threat actors.
• Identify security system weaknesses using penetration tests.
• Investigate security incidents by using computer forensics, network forensics, root cause analysis, or malware analysis.
• Keep up with new penetration testing tools and methods.
• Maintain up-to-date knowledge of hacking trends.
• Prepare and submit reports describing the results of security fixes.
• Test the security of systems by attempting to gain access to networks, web-based applications, or computers.
• Update corporate policies to improve cyber security.
• Write audit reports to communicate technical and procedural findings and recommend solutions.