CompTIA PenTest+: A New Certification Option

So, you want to be a pen-tester, a.k.a. white-hat hacker. Penetration testers protect an IT infrastructure from malicious hackers by simulating real-world attacks to identify possible entry points for beaches, weaknesses in systems and organizational structures, deficiencies in policies and training. They aim to ensure an organization takes preventive, corrective, and protective measures to safeguard at-risk systems even before a malicious attacker attempts to breach them.

Penetration testing is a rapidly growing field with lucrative job opportunities, ideal for those with the right aptitude and passion for increasing the safety and security of network connected systems (computers and devices) to prevent others from attacking it. Employing penetration testing with the clients’ permission to understand any weaknesses and vulnerabilities of a system is far from the glamorous activity often portrayed in many movies, but it still is an interesting and challenging profession that requires a solid theoretical foundation and hands-on experience, as well as creativity, resourcefulness, and flexibility.

So, what does it take to be a pen-tester? First and foremost, a professional ethical hacker needs crucial soft-skills. They need to be good problem solvers, for example; this is important to find the appropriate solutions for any possible security issue identified. However, they also need vision and imagination, to find all possible ways an attacker might try to compromise systems. Excellent communication skills are also important to deliver findings and solutions to a client who might not have technical expertise. So, how can this be achieved? Through continuous education which is also essential. As the threats scenario is in continuing evolution so must be the skills and knowledge of those that work hard to oppose the systems’ intruders.

A solid theoretical foundation is however also needed. However, to make penetration testing a career it might not be essential to be (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Daniel Brecht. Read the original post at: