A penetration and vulnerability tester, or pen tester, uses their hacking knowledge to test digital security systems for flaws. A pen tester simulates cyberattacks to help security experts find and close vulnerabilities against malicious attacks.
Pen testers work directly with cybersecurity personnel and software engineers. They may not communicate with security before certain tests to simulate real cyberattacks, otherwise known as double-blind testing. After conducting tests, a pen tester summarizes the results and presents their findings to the security department.
Discover our recommended podcast to listen about Penetration Tester!
1. What does a penetration tester do? | Cybersecurity Career Series
What does a penetration tester do?
Penetration testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.
2. How to excel at penetration testing | Cyber Work Podcast
How to excel at penetration testing
Gemma Moore of Cyberis Limited talks about her incredible pentesting career and shares her advice for aspiring pentesters. She also discusses security as it regards the human cost of social engineering, which is the title of a recent article Gemma wrote.
3. Red teamers arrested conducting a penetration test
Red teamers arrested conducting a penetration test
The story of today’s guests is ripped straight from the headlines. Gary DeMercurio and Justin Wynn, both of the company Coalfire, were arrested at the Dallas County Courthouse while doing red team pentesting for the State of Iowa’s judicial branch. Their story is fascinating, and they discuss that fateful night as well as ways in which similar incidents could be avoided in the future. You can’t be too timid as a red teamer, they say. “If you’re bragging as a red teamer about how you’ve never been caught, you’re not pushing the operation as far as you should. You SHOULD be caught sometimes.”
4. Inside a purple team: Pentesting, vulnerabilities and other key skills
Inside a purple team: Pentesting, vulnerabilities and other key skills
We love red teaming here at Cyber Work, and this week we’re excited to explore a topic just few shades down the spectrum: purple teaming! Luke Willadsen of EmberSec dives into the ways combining red and blue team operations can help stress-test your security department — and explains the benefits of a purple team better than we’ve ever heard it before. He also has some great stuff to say about the importance of soft skills like writing, reporting and, most crucially, empathy, since it may feel like a pentester holds the security team’s career in their hands.
5. How to become a penetration tester
How to become a penetration tester
It’s been a while since we’ve talked penetration testing and offense-oriented network security on the show, and I know some of you have been asking for it, so today’s your lucky day!
On the show we have Dr. Wesley McGrew, the director of Cyber Operations for HORNE Cyber. We’re going to talk about going on the offense as a good defense, the current state of pentesting and the raw work of reverse engineering malicious software and vulnerability testing. If you’re looking for the type of job that gets you out on the cybersecurity battlefield and fighting the bad guys, you’re going to want to give this episode your undivided attention!
