Penetration Testing and Ethical Hacking. Where to start.

Penetration Testing and Ethical Hacking.  Where to start.

Looking at the job landscape, it’s clear that the prospects for cybersecurity jobs are excellent and growing, but what about the commercial viability of that “grey side job,” ethical hacking and penetration testing? While the notion of “being bad to help good people” is certainly lucrative and very interesting, where can we begin to find such a role? What skill set do you need to cultivate to gather the knowledge needed to land one of the most in-demand positions in cybersecurity?

A penetration tester, or pentester, routinely performs authorized vulnerability assessments and audit tests on computer systems. This is done in the context of exposing weaknesses in organizational cybersecurity that could be exploited by bad actors in the future. Often specializing in particular systems, such as local networks of hybrid environments, pentesters can hold internal, permanent positions in organizations as part of IT or cybersecurity red teams, they can be freelancers, or they can work for specialized agencies that offer this. business customer service.

A white hat hacker or ethical hacker is a role almost identical to that of a pentester, but it is a broader and more general term. It is often used to describe lone cybersecurity professionals who are more specialized in bug bounties (where people can receive compensation and recognition for reporting exploitable vulnerabilities) and more independent (but legal) work. An ethical hacker reports identified vulnerabilities to the organization (rather than exploiting them), often provides remediation advice, and, with the consent of the organization, may retest networks and systems to ensure that any vulnerabilities found have been fixed. fully resolved.

Summarizing these very similar job titles, Penetration Tester might be how you describe yourself on LinkedIn. Ethical/White Hat Hacker is probably how you would describe yourself on hackforums.net, and may imply a more ronin attitude (but with the same ethical goals).

What do you need to know now?

The background knowledge you will need to become a pen tester or ethical hacker is a solid foundation in information technology and security systems. These are exciting, fast-paced jobs perfect if you’re interested in IT, cyber security, and problem solving. They can be rewarding, but they need a certain mindset to stay one step ahead of the problems, vulnerabilities, and bad actors out there.

A strong understanding of the following disciplines is recommended to support your initial steps in penetration testing and ethical hacking. Time served in IT support, IT security, or in a junior capacity on a cybersecurity team is a great foot in the door:

  • Windows, MacOS and Linux operating environments.
  • Application and network security: asset protection and traffic analysis at the network and application level.
  • Creation of technical documentation, such as writing instructional illustrations for users, writing product and API documentation, guides, and tutorials.
  • Programming languages, particularly those used for scripting, such as Python, Perl, Java, PHP, Bash, Powershell, Golang, or Ruby.
  • Threat modeling: identification of structural vulnerabilities or missing security safeguards.
  • Security evaluation tools, such as WireShark, Nmap, Metasploit and ours. Diving Imperva or Imperva Snapshot.
  • Cryptography: guarantees the confidentiality, integrity, availability of data and secure communications in general.
  • Cloud Architecture: A strong understanding and appreciation of how components come together to build and access a cloud environment.
  • Remote access technologies: know the ins and outs of VPNs, PAM/VPAM or desktop sharing. Some knowledge of port security would also be helpful here.
  • Familiarization with general security best practices, from using multi-factor authentication and password managers to anti-spear phishing tactics and general peer training. Familiarity with firewalls, IPS/IDS systems, communications protocols, virtual environments, data encryption, etc., is obviously important.

Knowing which of these skills you already have, and which ones you’ll need to address to gain a solid foundation for further development, is a great first step on the ladder to the career you want: ethical hacker, penetration tester, and all-round white hat digital hero. .

Developing your cybersecurity skills

Once you have the basics, where do you go from there? If you work internally, volunteering for red hat exercises or software and security audits is a good way to expand your skill set.

Expanding your knowledge of the leading penetration test management platforms is a distinct advantage, as nmap, wire shark, kali linux, John the Ripper, nessus, burping suiteor OWASP ZAP Proxy.

There are many great courses you may want to consider including college and university classes, volunteer work involvement, safety training providers, and self-study. The web, both traditional and dark, is packed with forums and networks that specialize in hacker news, white hat training, and the latest cybersecurity information. Eventually, you’ll have to become part of the hacker community to stay on top of new exploits, workarounds, and exploits, so dipping your toe into this world now won’t hurt and broaden your horizons.

Sites to visit can be hack the box, VulnHub, TryHackMe, co-hackers, we will defend, PENTESTONor hackthissite. For more formal qualifications and the kinds of things you can do to get your employers to pay for IBM, offer professional certification through your Professional Certificate of Cybersecurity Analystwhich may be worth considering, as is the Open University BSc (Hons) Cyber ​​Security. Local institutions may offer cybersecurity degrees and general qualifications, but these won’t be as specialized in ethical hacking or penetration testing as most of the independent links above.

Find Penetration Testing Jobs in a Busy Market

Once you have the relevant qualifications, how do you get a job and experience in penetration testing/ethical hacking?

If you decide to seek help from agencies, don’t go to a general employment agency. Instead, use a specialized IT recruitment company that will have a better understanding of the role of a pentester. However, this is not a common first approach, and there are other ways to enter the market.

There are several specialized job boards for cybersecurity roles, such as Dice or CyberSecJobs.com. sites like UpWork and Fiver have penetration testing categories, and it may be worth considering advertising your services on places like this.

If you’re looking for potential bug bounty opportunities, there’s an excellent and up-to-date list, beware. Bug bounty program.

The demand for cybersecurity professionals will be high and will continue to grow for the foreseeable future. There is a current shortage of information security professionals across all disciplines, which is expected to continue for years to come. If you’re considering a career in the valuable and lucrative side job of ethical hacking and penetration testing, now may be the perfect time to chart your course and take the plunge.

The charge Penetration Testing and Ethical Hacking. Where to start. first appeared in Blog.

*** This is a syndicated Security Bloggers Network blog from Blog written by Nik Hewitt. Read the original post at: https://www.imperva.com/blog/ethical-hacking-and-penetration-testing-where-to-begin/

Leave a Comment