Introduction: Ethical hacking and pentesting are crucial

Cybercrime statistics suggest that unethical attackers have become more innovative in their ways to exploit vulnerabilities on internet-connected systems to target sensitive data or wreak havoc. Therefore, a security plan is needed to protect the confidentiality, integrity or availability of all information assets.

One solution is to invest in IT security specialists who can carry out ethical hacking and/or penetration testing in a controlled environment. Ethical hackers and pentesters can identify critical cybersecurity risks through real-world attacks and, after a detailed analysis of the found vulnerabilities, find out their root cause. By utilizing techniques similar to those of malicious hackers, these security professionals are in the best position to help mitigate the widest range of cyberthreats in today’s digital landscape.


Ethical hackers/penetration testers wanted: The hottest job in the IT security industry

These days, there is no shortage of opportunities for professionals knowledgeable in penetration testing and ethical hacking. According to Credence Research, a worldwide market research and counseling firm, “globally, the penetration testing market is expected to grow with a CAGR of 26.5% during the forecast period from 2019 to 2027, starting from $850.2 Mn in 2018”  with North America accounting for around 35% of the total market.

The Occupational Outlook Handbook also shows how entering the profession nowadays is a very good idea. Looking at the figures for information security analysts (under which penetration testing duties are listed), we can see how employment is projected to grow 32 percent from 2018 to 2028, which is much faster than the average for all other occupations.

The National Institute of Standards and Technology informs us of the shortage of cybersecurity professionals: a whopping three million are needed, with a special demand for more talent who strive to be pentesters and for ethical hackers that have these skill sets. According to the ISACA State of Cybersecurity 2018: Workforce Development, it takes an average of six or more months to fill a new cybersecurity position.

How to become a white-hat hacker or ethical security pentester

Any IT security professional with a knack for examining network activity for suspicious patterns and behaviors will find this profession of interest. But they should be aware: far from the glamorous image portrayed in many movies, ethical hackers and penetration testers actually need to be ready to tackle tedious and painstaking research and possess both a strong work ethic and great reporting abilities. They also need to be creative and inventive and have the will to keep constantly up to date in a field that moves faster than any other.

So do you have what it takes to become an ethical hacker or penetration tester? Let’s see which discipline suits you best. Check out the Infosec webpages on …

Also, see the differences between ethical hacking and penetration testing.

Once you’ve decided which profession you are most interested in, then it is important to pursue certifications specific to the field.

Ethical hacking/pentesting career paths and certs:  GPEN vs. OSCP

There are several certifications aspiring ethical hackers and pentesters may pursue. Options include the GIAC® Penetration Tester (GPEN), which requires working knowledge and skills in relation to the field, and the Offensive Security Certified Professional (OSCP) program, which focuses on hands-on offensive information security skills. But which of the two qualifications is best for such a career?

Of course, the answer is not so easy and depends on many factors, including the professional’s background (coming from hands-on-learned skills or the academic world, for example).

One of the first, evident differences between the two certifications is actually in the way candidates are tested. GPEN is a typical question-based test in a proctored test center. The candidate has three hours to answer 82 to115 questions. A passing score is 74%.

OSCP is delivered online and is lab-based; in fact, the candidate is given access to a virtual network containing various targets and operating systems. Within 24 hours, the professional has to submit a comprehensive penetration test report, with notes and screenshots detailing findings.

GIAC’s GPEN certification is ideal for security personnel who are asked to find vulnerabilities in networks, systems and applications as required during a penetration test, but also need to go beyond the knowledge of the correct methodologies to cover all legal aspects involved in penetration testing. OSCP has a much more practical nature and is ideal for professionals that want to prove their ability in defensive and offensive roles and that want to show their persistence as well as their problem-solving and analytical thinking abilities. OffSec’s cert is particularly geared towards evaluating skills in identifying and exploiting vulnerabilities and is relevant to jobs in many different industries and work environments.

So if a choice needs to be made, the professional should decide whether he or she is more interested in certifying hands-on, real-world skills or knowledge of theory and mastery of topics in the field. Accordingly, certification is used to complement one’s skills and experiences.

Whatever the choice, both GPEN and OSCP are among the top penetration testing certifications for IT professionals who are or wish to be highly specialized and trained to think like hackers. Obtaining such a specialized certification is one way to gain the technical skills while at the same time proving them to a potential employer.

GPEN

To obtain this credential, candidates must complete the certification application/registration, pay the GIAC exam voucher of $1,899 and pass the certification exam. GIAC certification proctored exams are open-book format, but not open-internet or open-computer.

This certification requires renewal every four years, and GPEN holders need to accumulate 36 Continuing Professional Experience (CPE) credits in order to maintain their certifications. The initial renewal fee is $429 and successive renewals are $219 each.

OSCP

An OSCP (Offensive Security Certified Professional) may utilize pentesting tools such as Kali Linux and the Exploit-DB to check for system vulnerabilities in the manner of a white-hat

This credential is based on a hands-on test session geared towards the application of hacking exploitation skills. In order to become a certified OSCP, the candidate must complete the Offensive Security’s Penetration Testing with Kali Linux (PwK) course (price is $800 USD, which includes the certification exam fee) and subsequently pass a 24-hour hands-on test that consists of successfully hacking/penetrating various live machines located on different networks with various vulnerabilities. The cert’s exam results (pass/fail) is based on the candidate’s ability to successfully defend a system. (See the OSCP certification and exam for specifics.) Putting theory into practice is where the OSCP really shines.

Note: OSCP is an “open-book” exam. It’s done with proctors that are full-time employees of Offensive Security, and who use screen sharing software and a webcam during your entire test session. It’s also worth noting that OffSec’s cert OSCP does not expire and does not need to be renewed; therefore, no need for students to maintain their certification status by earning continuing education credits periodically or by paying an annual fee.

How to study and prepare for the GPEN or OSCP certification

There are a variety of ways to get ready for the exam, including:

  • Utilizing GIAC Practice Tests. If you wish to purchase a practice test, you may do so for a cost of $159, via online registration through your SANS/GIAC portal account
  • Exploiting OffSec’s curriculum for Penetration Testing with Kali Linux (a prerequisite course for the OSCP cert exam), which includes hands-on exercises to try out and practice sessions in a pentesting virtual lab environment
  • Using websites like SkillSet to test exam readiness in various topic areas. Try Ethical Hacking Fundamentals and/or Penetration Testing
  • Enrolling in a training boot camp, such as the GPEN certification training provided by Infosec. The Penetration Testing Boot Camp would also be worth considering in order to gain hacking skills that are highly in demand. Infosec’s course gives exposure to the Linux operating system. Note: OSCP exam takers need to be familiar with the Linux distro
  • Infosec Skills are also available for Ethical Hacking and Penetration Testing, with hands-on labs covering penetration testing methodologies, Web app hacking, SQL injection and related topics

GPEN and OSCP are among the dedicated certs that either involve performing attacking (Red Team) or defensive (Blue Team) activities; therefore it might be a good idea to consider the Red Team Operations Training Boot Camp.

Conclusion

Ethical hackers are today’s security heroes, who help address the growing cybersecurity needs of an increasingly interconnected society. More organizations are embracing penetration testing and threat intelligence services through white-hat-powered security.

Professionals looking to enter the field will find there are a lot of opportunities for work and training. However, it takes a certain mindset and approach, as well as a certain level of skill, to secure the best positions and build a career. While a degree may get you an interview, those with globally recognized certifications (GPEN or OSCP) will be able to compete for better positions in a field where qualified professionals are truly in demand.

 

Sources

  1. Ethical Hacking vs. Penetration Testing, Medium
  2. Cyber Security Certification: GPEN, GIAC
  3. Offensive Security Certified Professional (OSCP) Overview, Offensive Security
  4. Ethical Hacking: How to Hire a White Hat Hacker for Penetration Testing, BizTech
  5. Can You Hack My Network? Why Ethical Hacking is Essential for Improving Your Security, Lastline Inc.
  6. What is the Difference Between Black, White and Grey Hat Hackers?, Norton Symantec Corporation