As more organizations turn to penetration testing for identifying gaps in their defense systems, the demand for skilled penetration testers has been growing. While other types of security practitioners can probe information systems and networks for their vulnerabilities, pentesters are highly specialized, trained to think like hackers when exploiting security weaknesses.
CyberSeek (a project of the National Initiative for Cybersecurity Education) included vulnerability analysts/penetration testers on its list of top nine most-in-demand cybersecurity job titles in 2019-2020 for the United States. According to CyberSeek, there were a total of 15,386 total job listings in this field between from June 2019 to May 2020 (out of a total of 507,924). For comparison, there were 33,432 openings for cybersecurity analysts — another mid-level security job that’s historically been one of the highest in demand.
While there’s a shortage of cybersecurity talent in general, penetration testing is one of the jobs that companies seem to have especially difficulty hiring. The (ISC)2 2019 cybersecurity workforce study showed that penetration testing was one of eight areas where organizations with 500 or more employees were understaffed.
If you’re interested in a career path as a penetration tester, you will need a mix of technical hands-on skills and broad cybersecurity knowledge. Obtaining a specialized certification is one way to gain the technical skills while at the same time proving those skills to a potential employer. Here are some of the options for pursuing a pentesting certification.
EC-Council Certified Ethical Hacker (CEH)
The EC-Council (International Council of E-Commerce Consultants) bills itself as the “world’s largest cybersecurity technical certification body.” Their Certified Ethical Hacker cert is a comprehensive certification that is designed to teach you to think like a hacker. The cert is valid for three years.
To be eligible for the four-hour certification exam, candidates must (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Claudio Dodt. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/U6xmg1-AFsk/