How to become a pentester
In the first of our series on "how to become" we look at pentesting. Pentester jobs typically have starting salaries of around £25000 and some of the top earners have basic salaries of £90000. It is common for those in pentesting jobs to work for themselves once the have experience, often commanding daily rates of £6-700. So how do you get into this lucrative and interesting space?
You will be hungry to learn and posses excellent technical skills, understand what pen testing / ethical hacking is really all about and have a high (borderline obsessive) interest in this sector.
Alongside sound technical abilities the right candidate will need to posses strong interpersonal and communications skills and have the ability to be client facing when needed. Most penetration testers spend their hours on client sites and explaining the process to both technical and non technical clients detailing complex technical issues in terms or risk and organisational impact when needed.
An excellent way into a career in Penetration testing is in building labs at home or whilst you are at university. This will be highly advantageous for life in this role and allow you to start thinking like a Pen tester and working out problems on your own.
Useful books on Penetration Testing include:
-> Penetration Testing: A Hands-On Introduction to Hacking
-> Violent Python
-> Google hacking
-> Unauthorised Access: Physical Penetration Testing For IT Security
Penetration testing is unique in that it isn't all about finding the right answers but the way that you managed to get there and the style in which you work.
Knowledge of multiple operating systems and a basic knowledge of networking is often required at entry level so get familiar with your port numbers and your TCP-IP.
The different in a good and a great penetration tester is the level of interest in the space the individual has. Some of the UK's top Testers live and breathe pen testing and want to be the best at what they do. It's a wonderful opportunity to have a lucrative career doing something you have a true passion for.
To become a PenTester you should be the type of individual who is constantly exploring how things work and always breaking computers apart and putting them back together again to see how they work - you'll be using KaliLinux and working across a variety of different operating systems preferably whilst running several different labs at home as well as taking all of the relevant online training courses that are available.
Useful free online Penetration Testing training courses include:
Working experience with Kali Linux, basic Networking knowledge - home / uni labs experience and any cyber security related certifications will be highly advantageous for you to get into penetration testing.
If you have any Experience with the main penetration testing tools such as burp, hydra , dirb, and nmap will later come in very useful in this role and if you know exactly what metasploit and wireshark is then you are ready to begin looking for entry level roles!