What is it like being a freelance penetration tester?
There are as many ways to conduct a penetration test as there are to shield a network. But when it comes to employment as a penetration tester, the possibilities sometimes seem just as wide open, and that can be intimidating. Many pentesters work in teams, attempting to break into huge firms using dozens of different methods. But others get into the game because they want to act as a lone wolf, working for themselves and going where the work takes them.
In this article, we will discuss the pros and cons of working as a freelance pentester, as well as the day-to-day experience of pentesting as a freelancer, how to break into the industry and where to begin your professional journey.
Is freelance penetration testing a good way to get started in the industry?
Freelance pentesting is perhaps one of the most rewarding opportunities you can get as a pentester. However, the skills and experience required to get to this point will demand that you understand how the basics of pentesting work. These skills will be learned from an internship position at a reputable cybersecurity company.
Assuming you have never executed a pentest before, you will be placed with a team that is responsible for conducting pentests for clients. You will learn how to deliver within the stages of pentesting and do this based on different methodologies, to acquaint yourself with the different environments in the real world. One very important thing you will gain is client-facing experience. This is something that will give you the confidence needed to face your clients and engage them professionally.
Reporting your findings and communicating to C-suite using non-technical language is something most pentesters struggle with. A maximized internship opportunity will reward you with a good understanding of how proper reporting is conducted and how language should be geared toward top management so as not to lose them with technical jargon. So if you’ve never done a pentest but have basic computer science or IT skills, you might want to consider an internship opportunity at a cybersecurity company.
Another thing to note is that passion and constant practice are key when considering freelancing as a pentester. The curiosity and urge to discover things will keep you at the edge as a pentester. As said by Deral Heiland, senior security consultant with Rapid7: “Most of the people who are good at pentesting have always had an interest in understanding how things work.”
For those who are completely green but would still consider a career as a freelance pentester, Heiland has some advice for you: “At a minimum, you need a good understanding of computing operating systems – Windows and Linux. You need to have a good working understanding of networks and network technology.”
Finding work as a penetration tester
It’s a pretty common worry: how difficult is it to find work as a freelance penetration tester? How much time is spent looking for work as opposed to actually doing the work?
The biggest challenge freelance pentesters face is simply starting off. When starting off, your resume is slim, you lack industry-wide coveted certifications and your profile has no clients. At this point, most of your time will be spent looking for clients. As your profile and experience grow, you will start getting more work and the challenge will shift from finding work to managing the work you already have. You will find your hands full most of the time.
Striking a balance between finding work and doing actual work is very important, as it increases your efficiency. This is not something that is definite, as different freelancers have varying flexibility. Determining how much work is “too much” or “too little” for you will help manage the work you have and assist in striking a balance between acquiring and completing work.
How do You find the work? Are there job sites for freelance pentesters?
Freelance pentesting is very exciting. You have your own freedom and work at your own comfort and pace. The workload will depend on the freelance opportunity, as different clients require different tasks to be completed.
There are multiple websites that make it possible for pentesters to earn from freelancing. Let’s examine a few:
Upwork: Freelance pentesters will find numerous jobs posted on Upwork, ranging from vulnerability assessments to actual pentests. Despite the high rates that Upwork charges, this is one of the best websites to find freelance work.
Freelancer: This website is similar to Upwork in that pentesters bid for pentest jobs posted by clients. Clients will assess the profiles of bidders and pick the best bid.
BugCrowd: This platform allows pentesters to identify security loopholes within applications and domains, authorized by companies seeking security flaws in their products. Pentesters will find that such programs are very rewarding and have no other restrictions, apart from a few rules as to what tools to use for the tests and the scope to follow.
HackerOne: Similar to BugCrowd, HackerOne is a community of hackers who seek to find loopholes in products. The pay corresponds the severity of the vulnerabilities discovered, as determined by the companies being tested.
Hours and challenges
Can freelance penetration testers work the hours they want? Can they live anywhere they choose to? Can they work from a laptop at home or in a cafe? What are the security challenges of conducting penetration testing from an unsecured Internet connection, if any?
The answer to all of those is “it depends.” The jobs that freelance pentesters work on will determine how many hours they can choose to work. Some engagements will require the pentester to put in more hours, while others will allow for the freedom of working at hours of the pentester’s choice.
Freelance pentesters have the liberty of working from wherever they want, unless they get subcontracted to work on on-site jobs that require them to travel. Otherwise, they can work from the comfort of their homes if they have reliable Internet connections, or from cafes or malls.
It should be noted, however, that public Internet connections are not secure enough for sensitive work such as pentests or financial transactions. This is because you are never aware of the individuals connecting to these networks. There might be people connecting to such networks with the sole intention of conducting man-in-the-middle attacks and harvesting sensitive information. If you must work from a public Internet connection, install a reliable VPN solution.
How hard is it for freelancers to access the necessary tools? Are there cheaper alternatives?
Most tools that are accessible to freelance pentesters are freemium or open-source. That means they can be downloaded for free and premium features paid for, or their source code is made available for pentesters to modify according to their desires.
The first and most important thing freelance pentesters will want to do is download the Kali Linux Operating System. This OS contains hundreds of freemium and open-source tools that can be used for penetration testing and security auditing. It is itself Open Source, meaning that you won’t have to pay a dime to run it.
If you were required to purchase the pro features of some of the Kali Linux tools, you would end up spending quite a lot. For example, Burpsuite is one proxy tool commonly used by web application pentesters. Burpsuite offers two versions: the community version and the pro version. The community version is free of charge but has certain features not made available. The pro version has those features but is currently priced at $349 per user, per year.
And that’s not all. Combine that with $15,000 per year for Metasploit Pro and you’ll clearly see that things get costly. Nessus, a vulnerability scanner, will cost $2,367 per year. Together, these three tools would cost you $17,716 annually. That is expensive, especially for someone getting started with freelance pentesting.
It’s thus advisable to use the community versions. There are some cracked versions of these, but then you would run the risk of infecting yourself with malware. So before even considering running the pro versions, make yourself comfortable with the freemium and open-source ones. You will still be able to conduct a decent pentest with what Kali Linux offers.
What types of pentesting do freelancers do? Are these jobs closer to entry-level in terms of challenge?
You will notice that penetration testing is wide and has a number of internal classifications. The classifications are:
Web application penetration testing
This is mostly concerned with web applications that will either be internal to an organization or publicly available on the Internet. Freelance pentesters will find that online web app pentest jobs are by far the most common online. This is because most organizations often roll out Internet-accessible services and require thorough tests to assess their security. Black-hat hackers can also gain access to internal networks through exploiting web apps and propagating within internal networks. This results in this type of pentest being highly demanded online.
Mobile application penetration testing
Mobile app pentests will also be frequent on freelance job listings. There are many companies whose business model focuses on mobile apps. As a freelance pentester, you need to familiarize yourself with tools that are used to analyze mobile apps for security flaws. These kinds of jobs will not be as numerous as web app pentests, but it is worth developing the skills required for such pentests just in case.
Network penetration testing
Once in a while, freelance pentesters will encounter job listings where clients will require an on-site pentest. These will often require a network pentest to assess vulnerabilities within a network context. This is necessary, as disgruntled employees or unauthorized individuals may find ways of connecting to internal networks. Again, these jobs will not be as many as web app pentests but be assured you will encounter them once in a while.
Forensic and incident response assessments
The jobs you are least likely to encounter as a freelancer will be forensic-based. You will see job posts from clients who’ve been infected by ransomware or damaging malware and are interested in recovering their data. Some will also require investigations to be conducted into incidents of fraud within their organizations. It can be quite rewarding to develop these skills.
The pentest scenarios discussed above will often vary in complexity and that is one reason that it isn’t advisable to join the industry through the freelance route. You will often encounter jobs that will require different sets of skills. It’s much better to sharpen your skills to an intermediate level before considering becoming a freelancer.
What is generally agreed on by most pentesters is that mindset is a very important thing. “What I tell people is, the penetration testers who do well have a mindset,” D.J. Vogel, head of security and compliance with Sikich, told Dark Reading. (See Sources.) “You have to think like a bad guy, how a bad guy gets into a system, because it is a bit of a game in that fashion,” he says.
The right mindset will allow you to function effectively across the different aspects of pentesting. And as pentesters can be specialists or generalists, more experience and skills across multiple domains will always be useful to you.
Freelance penetration testing will come with its challenges. For instance, you may encounter new technologies that will require learning and skills-sharpening. Nevertheless, it is an exciting career: it allows pentesters to travel far and wide for onsite-related jobs and the flexibility of working the preferred number of hours at a desired location makes it ideal for a young professional with an eye to flexibility.
Even though freelancing as a pentester is not recommended for completely green pentesters or those recently joining the field, it is definitely an opportunity that is prefered by many and should be considered by pentesters interested in exiting the normal workplace routine.