Degree vs. certification: Late-career penetration tester - Security Boulevard

Degree vs. certification: Late-career penetration tester


Positioning can be everything in life. Whether you are trying to apply the appropriate amount of torque to a nut when changing a tire or trying to establish the optimum amount of control over a jiu-jitsu opponent, this statement holds true. The same applies to a career in cybersecurity: you want to position yourself for success. When establishing position as a late-career penetration tester, there is a particular approach that will be most useful to you. 

This article will detail the two different paths to reaching the late career for a penetration tester — the degree path and the certification — and will conclude with a solid recommendation for which approach you should take toward path selection.

What is penetration testing?

For those first encountering penetration testing through this article, penetration testing is a type of ethical hacking that tries to break into, or find exploits in, an organization’s network, computers, and systems. Penetration testers, or pentesters, run predetermined penetration tests or tests they designed themselves, and then fill out assessments explaining the test’s findings which are communicated/presented to the organization. You can think of it as a sort of tune-up to the organization’s information security by filling in weaknesses in security and then periodically retesting to continually improve. 

Late career is the pinnacle of one’s career path and getting to this point will put you in an elite group of pentesters. In fact, the late-career field is composed of only 3.9% of all pentesters in the workforce, based on a survey of active pentesters.

Degree path

Aiming for the late career of a pen testing role positions you well for earning an advanced degree. However, before you reach the graduate level, you will have to first earn your bachelor’s degree. Many hiring organizations will require (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: