Penetration Tester

What is a Penetration Tester?

Penetration Testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration Testers often specialize in a number of areas such as networks and infrastructures; Windows, Linux and Mac operating systems; embedded computer systems; web/mobile applications; supervisory control data acquisition (SCADA) control systems; cloud systems and internet of things (IoT) devices.

How this role helps my organization

Penetration Testers require a solid understanding of systems and infrastructure in order to properly uncover all the potential risks facing your organization. A number of tools are available to help automate pentesting tasks, but training programs need to go beyond basic scanning and teach advanced tactics, which is where many of the most important issues are often found. As Penetration Testers’ skills grow, they can specialize in certain areas to fit your organization’s needs, such as cloud or mobile pentesting.

What Students learn

The Penetration Tester Role in Infosec Skills aligns with 70 Knowledge Statements and 15 Skill Statements in the NICE Framework, which primarily roll up to the following competencies:

»  Vulnerabilities assessment

»  Computer networkdefense

»  Infrastructure design

»  Threat analysis

»  Information systems/network security

» Identity management 

» Operating systems
» Network management 

» Information assurance » Encryption

» Data privacy and protection

Common tools and technology

»  Wireshark

»  Hashcat

»  John the Ripper

»  Hydra

»  Aircrack-ng

»  Xray

» SimplyEmail

» Zmap
» Powershell-suite 

» Burp Suite
» Metasploit
» Nikto