MAY 04, 2022

Key Takeaways  

  • The goal of pen testing is to identify an organization’s weak security spots by testing a computer system, network, or web application. There are five pen testing methodologies: information gathering, vulnerability identification, exploitation, post-exploitation, and reporting.   
  • Individuals who want to pursue a career in ethical hacking may start by learning basic skills such as programming, effective utilization of OS, and proper exploration of the internet. They may also take courses and certifications such as eLearnSecurity, eJPT, eCPPT, eWPT, and OSCP.  
  • Anyone can become a pen tester. They only need to harness their passion for it, continuously develop their skills, take training courses and certifications, and connect with the community of pen testers and ethical hackers.   

Pen testing as a career is not about “Mr. Robot Stuff.” Emman A., a Technical Lead for Offensive Security Operations at Theos, debunked the common perception on ethical hackers during his talk last April 22 at Recruitday’s Community Socials “Career in Ethical Hacking and Pen Testing.” The event, which attracted more than 80 participants, was meant to unmask the work of ethical hacking and pen testing for job seekers who want to create a path in IT security.  

Rather than Hollywood’s depiction of hackers living a risky life behind computer screens, Emman said it’s nothing like it. Penetration testing, or the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit, mostly involves research.   

To identify an organization’s security weaknesses, pen testers carry huge responsibilities. They faced the task of checking whether an environment’s security is at par with industry standards. Working in a fast-paced environment, pen testers need to be quick on their feet and able to integrate other people’s methodologies into theirs to create a new one for themselves. Pen testers should continue discovering new tools and approaches.   

Another topic that Emman talked about was the difference between Penetration Testing and Vulnerability Assessment. In a nutshell, vulnerability assessment is about getting a diagnosis while pen testing solidifies VA findings and reveals a system's overall vulnerabilities. 

Emman A. also tackled the five pen testing methodologies: information gathering, vulnerability identification, exploitation, post-exploitation, and reporting. However, before an individual can become a pen tester, they need to learn basic hacking skills such as programming languages like Python /C/C+, Perl, Java, and ASP. They should know the effective utilization of OS and the internet. Beginners can also take courses such as eLearnSecurity, eJPT, eCPPT, and eWPT. For a more difficult challenge, they can go for OSCP, which Emman believed is worth taking.   

Hacking may sound like a crime for some people, but ethical hacking follows good practices including competencies, sanctions, and responsible reporting. Anyone can become a pen tester even if they don’t have a formal background. Emman said that if a person has the heart for this career field, they can achieve their goals given the resources they can access, courses to take, and community to learn from.  

Join us in our upcoming events for more learning and upskilling opportunities! 

MAY 04, 2022