Blog of a Penetration Tester – Issue 2 -Unique Demands of the Role

Penetration testers face unique demands on their lives that are not found in other IT and Cybersecurity careers.  One of these is the need for constant learning. While all IT professionals are required to keep-up with changes in technology or the latest cybersecurity threats, penetration testers must be constantly learning or practicing to be effective in their roles. This is because Pentesting is all about skills, hacking skills, and hacking requires knowledge, practice, and dedication. This is why most penetration testers engage in CTF exercises on Virtual Hacking Labs, Hack-the-Box, HackingLab.com, Offsec Proving Grounds and others when they are not on an actual engagement.

Pentesters also need extra security and fault tolerance in their networks if they work from home, and a home lab in which to safely examine malware, try new exploits, or reconstruct a target environment for experimentation. Like a malicious hacker or threat actor, Pentesters need to fully enumerate their targets and explore every potential entry point in order to find and exploit vulnerabilities to gain a foothold, elevate privileges, move laterally and compromise a domain controller. But unlike malicious hackers or threat actors, Penetration Testers must work against the clock, because penetration tests, like other projects, have set beginnings and ends. In this way a Penetration Test becomes both a race against the clock, and an endurance challenge. Findings pay the bills. Therefore it is not unusual for Penetration Testers to work 24/7 with very little sleep during an engagement in search of findings.

Due to these unique requirements not every Cybersecurity Professional can or should be a Penetration Tester, only those that are willing to embrace constant learning and can relentlessly pursue exploitable vulnerabilities would be effective in the role. Penetration testing is, in fact, a way of life.