Penetration Tester

Build the skills a successful penetration tester — or ethical hacker — needs with our library of role-based courses and learning paths. Learn how to plan and perform authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses.

 

THE ROLE

What does a penetration tester do?

Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.

THE DETAILS

Penetration tester career paths

Domain knowledge

  • Exploitation analysis
  • Vulnerability assessment and management

Related job titles

  • Ethical hacker
  • Assurance validator

Common certifications

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • Exploitation Analyst
  • Target Network Analyst
  • Threat/Warning Analyst

Training Material

Suggested courses for penetration testers

Ethical Hacking

The Ethical Hacking skill path helps you master a repeatable, documentable penetration testing methodology. You'll learn how to use the same techniques used by malicious hackers to carry out an ethical hack and assess your organization's vulnerabilities.

Threat Modeling

This path introduces you to threat modeling with RTMP. Beginning with a top-level view of threat modeling, you'll look at core security frameworks, elements of a threat model, threat modeling basics, agile architecture and more.

Python for Pentesters

This path is an in-depth look at Python for penetration testers. It begins with a Python refresher, before we move on to network penetration testing, Python hacking tools and using Python to attack web applications.

Web Application Pentesting

The web application penetration testing path will cover all of the essentials for those wanting to become a web app pentester. You'll learn how to ethically emulate real-world attacks in order to discover and responsibly disclose an organization's vulnerabilities.

Advanced Adversary Tactics

The Advanced Adversary Tactics learning path will give an overview of techniques and tactics used by real-world adversaries. Through completely hands-on exercises you'll get experience with some of the most common methods adversary groups use to gain access to networks and machines by trying them out yourself. You'll learn about techniques from each of the MITRE ATT&CK® tactics starting with Reconnaissance and Resource Development techniques and ending with Exfiltration and Impact.

Machine Learning for Red Team Hackers

The Machine Learning for Red Team Hackers Learning Path covers various techniques related to hacking machine learning.

Mobile Application Pentesting

The Mobile Application Pentesting skill path teaches you how to discover and exploit vulnerabilities in mobile apps. You'll learn how to use popular penetration testing tools to perform an analysis of mobile applications, assess their weaknesses and better defend them from malicious attacks.

Advanced Cybersecurity Concepts

The Advanced Cybersecurity Concepts skill path goes beyond the topics covered in entry-level security courses. You'll learn about reverse engineering malware, ethical hacking, Web application penetration testing and popular security frameworks.

Plans & pricing

  • Infosec Skills Personal

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Penetration tester FQA

Frequently asked questions

  • What does a penetration tester do?
    • Penetration tester jobs require you to essentially act like a hacker and hack into your organization’s resources. If you were wondering “what is ethical hacking”, it is just this – ethical application of hacking skills. The purpose is to simulate a real hack and cyber security penetration testing is a safer way for organizations to gauge their security than to wait for a real-time hack. On a more granular level, pen testers identify security vulnerabilities in an organization’s digital and physical systems and policies.

  • How can I become a penetration tester or ethical hacker?
    • Penetration testers and ethical hackers use a combination of their work experience and ethical hacking skills that they have acquired to help land their first job in this role. The good thing is that you can learn various skills involved in penetration testing online for free.

  • What education does a penetration tester or ethical hacker need?
    • Whether your career path will require education is more a function of the job you are applying for than anything else. Some organizations hiring for the role of penetration tester or ethical tester do not have any education requirements, in which case certification is all you need. Other organizations do have an education requirement, so you will need both a degree and certification. For those that do require a degree, there is no one degree they require – whether it be the level of degree or the major.

  • What certifications does an ethical hacker need?
    • The top certification, and the only one that you can say you need with firm veracity is the Certified Ethical Hacker cert offered by EC-Council. This cert is the standard and is recognized across multiple industries, so chances are that organization is looking for it. Below are some other certifications that you may want to look into:

       

  • What skills does a penetration tester and ethical hacker need?
    • Mastering these skills and improving your penetration testing skills is the name of the game when it comes to keeping up with the most up-to-date ethical hacking. The skills you will need as a pen tester are:

      • Coding skills in multiple languages to penetrate organizational systems and networks
      • Comprehensive information security knowledge
      • Computer forensics and system analysis
      • Understanding how breaches affect your organization
      • Being a clear communicator
      • Understanding the human factor
      • Being able to plan and create penetration tests
      • The ability to test, test, test because that will be much of your day-to-day work
  • How much can a penetration tester earn?
    • According to PayScale, the average salary for an ethical hacker/pen tester is $70,096. Those that are at the mid-career level make well over $100,000 per year with the top 10% of ethical hackers earning $149,000. The certified ethical hacker certification will be arguably more than those without a cert, but there is no data specifically on how much that cert will boost your earning level.

  • Where do penetration testers or ethical hackers work?
    • One thing about working as a pentester is the wide variety of industries that are looking for penetration testers to test an organization’s security. Below is a sampling of the industries that typically hire pen testers:

      • Financial services
      • Healthcare
      • Government
      • Tech
      • Enterprise

Unlock 7 days of free penetration tester training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments