Penetration testing (pentesting) positions are quickly becoming common in IT job listings across the country. This is especially true in areas like Washington, DC where the high number of government agencies and defense contractors increases the need for effective data defense and the ability to identify potential network weaknesses on-demand.
Consider: The federal government recently rolled out new cybersecurity directives including the Presidential Executive Order on Strengthening Cybersecurity of Federal Networks and Critical Infrastructure, while policies such as the Federal IT Modernization Report require agencies to both upgrade and increase their overall security. As noted by Space News, meanwhile, the Air Force now requires mandatory cybersecurity audits of all satellite communications providers.
Put simply? There’s a massive market for penetration testing, especially in areas with high concentrations of federal government agencies and contractors.
But how do you get a pentesting job with one of these companies? What does that job look like — and what skills and certifications do you need to succeed?
Why is Pentesting so Important?
Penetration testing is critically important to organizations because it helps identify key IT areas where assumed security strengths may be weaknesses. For example, many companies believe their authentication and identification practices are better-than-average; pentesters help find previously-unknown issues such as failures to lock out users after multiple password attempts, or discover the presence of open-source vulnerabilities that make it possible to circumvent critical defenses.
Without effective penetration testing, companies are left in a position of deploying security measures that should offer protection but could open the door for malware, ransomware or data theft.
What Does a Pentester do?
The role of a penetration tester is to think — and act — as an attacker. Using popular hacking strategies and tools, pentesters attempt to breach the security of their own organization. They discover where security controls fail to offer as much protection as previously thought and design new solutions that provide improved defense.
Also called white-hat hacking, pentesters are often tasked with duties such as:
- Performing penetration tests on networks, computer systems and applications.
- Conducting physical assessments of security systems, network devices and servers.
- Creating new strategies and devising new testing methods to find critical weaknesses.
- Identifying new vulnerabilities across web applications, cloud-based software and local networks.
- Minimizing IT downtime and reducing overall productivity loss due to systems failure.
- Documenting and reporting security issues and communicating them with C-suite teams to improve overall defensive posture.
How do You Learn Pentesting?
Considering a career in pentesting? It would be best if you had the right skill set and certifications. While there’s no standard for the “perfect” pentester, there are several certifications commonly requested by companies to verify your skills in both detecting and remediating potential infosec issues. These include:
- CompTIA Security+ — This entry-level security certification remains one of the most-requested by organizations looking for IT security professionals. Providing a basic overview of enterprise security best practices, CompTIA Security+ is a great starting point for pentesters.
- CompTIA PenTest+ — This pentest-focused certification assesses your skill in creating and executing penetration testing frameworks that effectively highlight potential weaknesses and provide actionable insight for remediation.
- EC-Council Certified Ethical Hacker (CEH) — CEH provides the skills you need to hack corporate systems from the inside — without damaging critical components or causing significant downtime. One of the top courses for potential pentesters, this certification confirms you understand the tools and techniques used by hackers to compromise critical systems.
- EC-Council Computer Hacking Forensic Investigator (CHFI) — Designed for security experts with substantial industry experience, the CHFI certification affirms your ability to both detect system attacks as they happen and extract crucial evidence from these attacks to help reduce the chance of future compromise.
- EC-Council Certified Security Analyst (ECSA) — This certification goes beyond CEH certification to provide unique pentesting methodologies across multiple network verticals and IT environments.
Each of these certifications requires an exam, and pre-test training is recommended to maximize your chances of success. While it’s possible to pay for each course and exam individually, this comes with a significant cost — especially if you’re planning a pentest-focused career. Training packages that bundle all five courses, exam vouchers, exam kits and all necessary courseware both save you money and help streamline your penetration testing education.
What do Pentesters Make?
Given the critical nature of cybersecurity — especially for government organizations — it’s no surprise that the average salary for pentesters in Washington, DC is $125,000. For more experienced ethical hackers and pentesting professionals, the upper salary range breaks $200,000 and comes with an extremely stable job outlook.
Penetration testing also offers career choice: From network pentesting to information security engineer positions, security operations analysts, vulnerability assessors and risk management officers, there’s always industry demand for experienced infosec professionals with the skills and certifications necessary to help companies better defend their critical assets.
How do you get a pentesting job? Start with the right training — and jumpstart your job search with valuable course bundles — then apply in high-demand areas to maximize your earning and career potential.