THE PENETRATION TESTER’S CAREER

FROM SCRIPT KIDDIE TO PENTESTER: TAKE YOUR PASSION TO THE NEXT LEVEL

When you think of what a hacker is, you think of a talented individual capable of entering inside a protected system (a computer, a network and so on), using his great skills to overcome all the difficulties he has to face.

The word “hack” has nonetheless a broader and less negative meaning, signifying a sort of workaround not always elegant, but certainly effective, to problems of every genre. In these terms, I view a hacker not necessarily as a bad man who wants to steal your identity or to take all your money, but as a person who uses his brain to resolve problems. The way this person uses his skills, identifies him as a black hat, a white hat or a penetration tester.

Today something is changing: a new class of very automated tools on autopilot hacking activities that some time ago would have required a great “manual” effort. Thanks to these tools, a lot of people with no talent have started to be hackers but they didn’t know they were only script kiddies, individuals capable of clicking a button and waiting for the result. Obviously there’s a whole world of skills and experiences which separates them from a professional penetration tester. Now let’s say you have a great passion for hacking (intended in the most noble and ethical form), what could you do to take your passion to a professional level ?

THE PENETRATION TESTER’S JOB

Let’s start with trying to define the penetration tester’s job and how it differentiates itself from the hacker. A penetration tester is a “legalized hacker”, hired by a company to test the security of the system. Thus, the pentester is paid to act and think like a hacker but without really compromising anything. While a hacker is generally interested in achieving a particular goal, a penetration tester does a wider job that often includes examining the whole system through its whole attack surface. To give an example, a hacker might be interested in stealing a password or taking control of a database, while the penetration tester systematically searches for ALL the breaches in the system’s defenses. More than this, once a hacker has done the job, he is done with that, while the penetration tester must document every performed action, possibly suggesting a way to patch the vulnerability. You can also consider that a hacker can target casual victims depending on his knowledge about the technologies implemented, their obsolescence and the kind of vulnerabilities he’s able to exploit. On the other hand, a penetration tester has to attack any kind of system his employer wants, thus he must have good or excellent knowledge of all the technologies used in all the existing information systems.

The penetration tester’s job is similar to the vulnerability assessor’s one, but this last is more focused to make a list of the vulnerabilities, while the former wants to actually break into the system. If you want more hints about starting this kind of career try to look at cyberdegrees’ website.

A MATTER OF SKILLS AND EXPERIENCES

You’ll be surprised. Today you’re asked for a degree for every kind of job but when we come to talk about penetration testing, generally no specific degree is required. Employers often search for security related experiences as network administrator, system administrator, network engineer and so on. The best part of this job, in my opinion, is that everyone with the right skills, passion and experiences, can have a chance. Here there’s a list of tips you’ll find useful:

• read the more that you can. All you need for this job, you’ll find it on the web, literally !
• every time you acquire a good amount of knowledge in a specific branch, search if some kind of online certification exists. It’s not enough for you to know everything about, e.g., Unix systems, because you also want people to know that you know ! For this you’ll find that online certifications are widespread and well considered by employers. Anyway, a lot of different certifications exist, so take a look at this link to have an idea.
• try to get practical experiences. This is a practical job, and even if it requires a lot of theory, in the end you’ll always have to put your hands on the keyboard and demonstrate what you can do. Set up a penetration testing lab, try to obtain a job related to system administration, network administration and so on.

WHAT KIND OF CERTIFICATION ?

Certifications are generally released by third-party organizations and are often divided in entry level, intermediate and expert level. The cost of these certifications can go from $200 to $3,000 but there are also free courses like those issued by Cybrary. To help you in choosing the right one, this site maintains a list of more than 1,300 courses divided in different specialty areas:

• All Source Intelligence
• Collections Operations
• Computer Network Defense Analysis
• Computer Network Defense Infrastructure Support
• Customer Service and Technical Support
• Cyber Operations
• Cyber Operations Planning
• Data Administration
• Digital Forensics
• Education and Training
• Exploitation Analysis
• Incident Response
• Threat Analysis

And more…

Among many existing certifications , CPTC, OSCP, CPT, CEPT and GIAC are the most penetration-testing focused. OSCP in particular is issued by Offensive Security, the private company whose members founded the Backtrack project, today Kali-Linux. The exam consists in having 24 hours to compromise a network and then submitting a detailed report of the penetration test.

CONCLUSIONS

If your biggest ambition is to amaze your friends with your script-kiddie tricks, then forget about these certifications, because I warn you, this is the hard way. Some of these courses are for expert network administrators, many other are entry level, but they all require to study for months and to take difficult exams. But if you really want to be a hacker, then start to save your money, the world is waiting !