Penetration testing

Penetration testing: Professional development and training roadmap

Daniel Brecht
July 7, 2019 by
Daniel Brecht

There's a global shortage of experienced pentesting experts. Organizations cannot find enough skilled IT security professionals to meet the demand, and the opportunities for qualified penetration testers are expected to grow as employers search for those who can help identify and evaluate potential vulnerabilities before they get exploited by bad actors.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Through penetration testing, security experts collaborate with clients to check an organization's defenses to see if they are operating as intended. With the system owner's permission to take full control of computers on the network, "white hat hackers" will be able to check for holes that could be exploited and discover potential security weaknesses for which the organization should establish safeguards that will protect devices and critical data before they become compromised and used illegally.

A pentest is a critical component for detecting and responding to information security risks. Are you thinking about a job in penetration testing? Learning about this line of work and understanding its unique requirements will help you determine whether a career in this field is in your future.

What does it take to be a pentester?

Penetration testing allows organizations to test their resistance to real-world attacks in a controlled environment. Pentesters don't simply audit the systems to identify issues that can lead to breaches and intrusions, but apply techniques similar to those employed by malicious hackers in order to test the infrastructure's resilience, the real-life effectiveness of the defense measures, the efficacy of the security policies and the ability of staff to recognize social engineering attempts. Organizations resort to both external and internal penetration testing — be it through white box, black box or gray box access methods (see: "The types of penetration testing") — to identify potential security problems so that they can fix them or avoid them altogether. Using real-world attack techniques, including any number of penetration testing tools and social engineering techniques, pentesters perform a threat assessment and formulate analytic responses to relay their findings.

A career in penetration testing can be exciting, rewarding and challenging! Also, professionals with good security testing skills currently have great earning potential.

In deciding to be a pentester, one must first identify the essential skills that are required. Here are some of the fundamentals of what it takes to succeed in this profession:

  • Solid theoretical knowledge. Penetration testing skills can be perfected only after being fully versed in the technologies that need to be evaluated and on core solutions
  • Acquisition of professional qualifications (e.g., CPT, CEH, OSCP) to demonstrate different levels of competence derived from experience; various certification objectives include penetration-testing methodologies and use of techniques specific to conduct a pentest
  • Recertification and continued learning (e.g., training courses, workshops, conferences) to keep skills up to date in relation to penetration testing

Also, soft skills are also very important. Technical abilities are just part of the make-up of a pentester. Creativity and the ability to think "outside the box" are essential components in always devising newer ways to defeat security countermeasures, just as they are essential components in the make-up of malicious hackers. As a pentester, one must have the mindset of a hacker, the analytical skills for testing cyber control defenses in a network, and the ability to identify issues and perform system assessments of any potential vulnerability long before they are actually under attack.

Pentesting careers: Training and certification options available

Penetration testing is a methodical profession; you must be prepared to be a problems solver and an analytical thinker. It can be one of the most uniquely exciting career paths a cybersecurity professional may undertake. The same can be said about an ethical hacking career. Though very closely related and often used interchangeably, it's important not to confuse the terms "ethical hacking" with "penetration testing" as they have a different objective, focus and outcome (see Ethical hacking vs. penetration testing.) Ethical hacking covers a wider range of techniques to penetrate systems (that can include pentesting). Pentesting is a more focused approach and includes cyber security assessments of specific systems.

So, how do you become a pentester? Pentesters can come from different walks of life. A common profile is that of professionals who have attended tech-centric schools or have information security backgrounds. They are often acquainted with network security hardening principles and investigative methods for conducting comprehensive threat analysis and risk identification for remediation of identified issues. Professionals with this type of background might be suitable for this profession after acquiring practical familiarity with computer hacking methodologies and techniques.

IT professionals, such as network engineers and software developers, may seek to specialize in this field. However, some testers might simply be students hacking for a hobby or actual malicious hackers changing hats.

Whatever their background, good pentesters have a mix of theoretical knowledge and hands-on skills. There are a number of training opportunities available, ranging from university programs to on-demand courses. The important thing is to look for a training provider where you can practice your skills in a cyber range or virtual lab environment so you can build transferable, real-world skills.

Some students prefer live, instructor-led training, such as Infosec's Ethical Hacking Dual Certification Boot Camp, which prepares you for two popular certifications, Certified Ethical Hacker (CEH) and CompTIA PenTest+, and comes with an Exam Pass Guarantee. Other students prefer to learn at their own pace using a hands-on training platform such as Infosec Skills. Other educational sites exist, as well as free resources like YouTube and community forums.

It's always good to check review sites and look for reputable vendors with specific training courses or methodology that can meet your needs and certification requirements. It's especially important to gain hands-on skills. To be fit for this occupation, one will need to master the latest advanced-level methodologies, tools and manual techniques used by ethical hackers, and that cannot be done through videos and reading alone. Education is an asset, but demonstrated experience with a deep level of technical knowledge and know-how on the use of existing tools is often more important to an employer than formal degrees.

The roadmap to pentesting

A roadmap is designed to help people determine what career path and training is right for their specific job needs or career goals. The Workforce Framework for Cybersecurity is one such example, as is the NICE CyberSeek model.  Needed skills and certifications at various stages of a career are listed and can guide a professional in choosing the best and most meaningful options to grow in the field. Some of the common penetration testing certification's available include:

Infosec Institute Certification

  • CPT - Certified Penetration Tester
  • CEPT - Certified Expert Penetration Tester
  • Certified Cloud Penetration Tester (CCPT)
  • Certified Mobile and Web Application Penetration Tester (CMWAPT)
  • Certified Red Team Operations Professional (CRTOP)


  • CEH - Certified Ethical Hacker (see: Roadmap to CEH certification)
  • CHFI - Certified Computer Hacking Forensic Investigator
  • ECSA - EC-Council Certified Security Analyst
  • LPT - Licensed Penetration Tester


  • PenTest+


  • GIAC Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

Although certifications provide a way to validate your skills to employers, they are not always required. You can also focus on building your skills through on-demand courses, cyber ranges, hands-on projects and other methods.


Pentesters find system flaws in a targeted environment with the aim to help improve or strengthen the infrastructure's security defenses as well as mitigate any risks. Why businesses need pentesters is obvious. The rise of information security concerns push organizations of all sizes and industries to increase efforts in security testing and improve their security posture. In addition to the work of internal, traditional security professionals or external consultants, modern organizations are learning to include the work of pentesters who are able to apply hacking techniques and creatively bring "real world" attacks to the network to discover faults and expose vulnerabilities — prior to them being exploited by malicious hackers.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Such a vital service can only be entrusted in the hands of a capable professional that can show their employer a proven track record of continuing education and training. That's why it is essential pentesters have the up-to-date skills and knowledge as they progress in their careers and try to earn the trust of their clients and employers.

Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.