What’s it like to be a pentester for a penetration testing company?
Introduction
Penetration testers are the “ethical hackers” of the cybersecurity world. Not only does the job put you in the exciting position of trying to crack corporate security systems, but it also pays well and leads to solid opportunities for career growth. Pentesters most often work either in-house for a business or corporation, as freelancers or for a pentesting company.
In this article, we’ll take a look at what it’s like to be an ethical hacker at a company that specializes in penetration testing. By the time you finish reading, you’ll be able to make an informed and confident decision about whether working at a penetration testing company is the right choice for you.
FREE role-guided training plans
What is a penetration testing company?
As we mentioned above, penetration testers usually work in one of three work environments: in-house, freelance or at a penetration testing company. While the nuts and bolts of the job won’t change much, the work environment can be quite different. Someone who loves freelancing, for example, might hate working full-time for a single company, and vice versa.
To make sure you’re working in the environment that makes you happiest, we’re taking a deep dive into what pentesting looks like at the three options we named above. This article is part of a series about pentesting, so be sure to check out it’s like to work in-house and freelance so you can compare all three options!
Now, let’s talk about penetration testing companies and what they do. Pentesting companies contract out penetration testing services to other businesses and organizations on a project basis. Sometimes you’ll see pentesting companies referred to as “third party,” because they’re not an internal department of the companies they perform testing for. Instead, they function as independent, impartial teams of expert penetration testers who are hired to ethically hack into a company. Once the testing is done, they share their feedback and suggestions with the company to help them strengthen their security systems.
Why do businesses hire third-party pentesters?
Businesses like working with pentesting companies because they offer a couple of distinct advantages.
Third-party companies provide a totally unbiased, impartial glimpse into the organization’s security system. It’s true that internal staff are intimately aware of their security strengths and limitations, but there’s a massive benefit to having a fresh pair of eyes look things over. Third-party pentesters will be able to find weaknesses or exploits that were overlooked and unknown to the internal staff.
Pentesting companies also have a reputation for being experts in threat detection and risk analysis. After all, that’s what they do all day, every day! Businesses understand that when they hire a pentesting company, they’ll be working with pros who are highly skilled, have all the relevant certifications and have their finger on the pulse of emerging threats.
Job titles and career paths
Pentesters at third-party companies may go by one of a few different titles in addition to just plain old “penetration tester.” These other titles include ethical hacker and assurance validator.
Just getting started in cybersecurity? Pentesting companies often hire experienced individuals with a few years of in-house or freelance pentesting experience under their belts. However, some companies do offer entry-level roles as junior pentesters, so you may still be able to break into a company as a newcomer.
Pentesting companies also have great opportunities for long-term career growth. Once you have some solid experience, you can move into a management role if that fits your career roadmap. Managers at pentesting companies supervise and train junior employees and take point when communicating with the client companies. If you enjoy the technical aspects of the job in addition to having strong communication skills and an interest in leadership, then working long-term for a pentesting company may be the right plan for you.
Which companies offer penetration testing?
Do any of these sound familiar? You may have heard of a few of the big names in third-party pentesting:
- Rapid7
- Offensive Security
- FireEye
- CA Veracode
- CoalFire
- Rhino Security Labs
There are obviously a lot more pentesting companies out there, but since these are all well-known in the field, they’re a good place to start if you want to see examples of the kinds of projects pentesters tackle.
What services do third-party pentesters provide?
Working at a penetration testing company means you’ll partner with many different companies to help them find weaknesses in their networks, applications and IT systems. To find those weaknesses, you’ll have to think and act just like a real-life hacker. Using simulated cyberattacks, your team will find weak spots in corporate defenses and help the business strengthen their overall security.
As a pentester for a third-party company, you’ll primarily be part of Red Team operations. This means your job is to mimic an attacker and break through the security system via vulnerabilities you discover. Once you discover exploits, you’ll document them and analyze the results to share them with your client. Your discoveries will ultimately help the client strengthen and improve their security.
As a third-party penetration tester, you’ll be responsible for:
- Determining parameters for the simulated attack, including targets, vectors and methods of attack
- Testing the client’s networks, computer systems, Web applications and cloud applications
- Detecting exploits and holes in the client’s network and systems that attackers may use to gain access
- Documenting your findings and sharing them with your client
- Creating and implementing new tools and penetration tests to best simulate the latest threats and attacks
What will you be expected to pentest?
Businesses hire third-party pentesting companies to target different areas of their network and systems, including network and wireless infrastructure, or Web, mobile, and cloud applications.
Instead of performing full-spectrum tests, clients will typically want small, targeted pieces of their IT infrastructure assessed in a controlled environment.
Each project is typically completed in a limited amount of time, ranging from a couple of days to a few weeks depending on the project’s scope and complexity. You may also have to be on-site to perform the tests, which can involve extensive regional, national or even international travel.
Let’s take a look at a few areas you’ll be expected to pentest:
Web application penetration testing
When you test a company’s Web applications, you’re looking for vulnerabilities like SQL injections, encryption flaws and cross-site scripting, to name just a few. You’ll test the system’s strength, first by first mapping the application to build an understanding of the code and then running a series of tests against it (such as checking for misconfigured settings).
Infrastructure and wireless
Businesses often hire pentesters to uncover vulnerabilities in their network devices and systems. You’ll be tasked with activities like identifying protocols, figuring out the models of network devices and the versions of software currently in use. While digging around, some of the most common vulnerabilities you’ll encounter are weak passwords and missing patches.
Cloud applications
Cloud application testing can be vast, so what you end up testing will have to first be defined by the scope of the project. Applications, visualization, storage and compliance can all be pentested in the cloud. Common issues you’re likely to uncover range from weak passwords to non-compliant encryptions and more.
Mobile application penetration testing
When pentesting mobile applications, your job includes assessing the operating system and mapping the application. By analyzing factors like runtime and file system, you’ll uncover vulnerabilities such as SQL injections and insecure APIs.
Challenges of working for a penetration testing company
Life at a penetration testing company is unlike life as an in-house pentester in a couple of key ways. Depending on your personality and work style, these differences could be deal breakers or big selling points.
The first thing to be aware of is the potential for travel — lots of it. Pentesting companies work with clients across the country, and to run these tests you’ll often have to be on-site working directly with the IT staff. If you’re a homebody and prefer working in the comfort of the same zip code every day, this may not be for you. However, if you’re itching to travel and experience other parts of the country, a pentesting company can open those doors for you.
Some pentesting companies do allow their pentesters to work remotely, so if that’s what you’re gunning for, be sure to research the company to familiarize yourself with their work and travel expectations before you apply.
Assignments are short, usually lasting between a couple of days to a few weeks. During that time, you’ll be working on-site to perform simulated attacks. Some pentesters like the ability to jump from assignment to assignment, but others feel the short duration is a huge limitation. Pentesters only have a couple of weeks to find weaknesses that hackers can spend months searching for. As a result, you have to work fast and try to accomplish as much as possible in that short time without missing anything that a hacker could exploit later.
Lastly, and perhaps due to the limitations mentioned above, pentesters often work crazy hours. Workdays longer than eight hours aren’t uncommon and you may have to work late into the night or early mornings so the tests don’t interfere with business hours. Keep in mind that this isn’t something unique to pentesting companies; in-house and freelance pentesters also have intense work schedules.
Conclusion: Is working for a pentesting company right for you?
Penetration testing companies offer a number of exciting advantages that working for an in-house company does not. If you enjoy interfacing with a variety of different companies, jumping from project to project and potentially doing some travel, then pentesting companies have a lot to offer you. However, if you prefer the routine and stability of an in-house role, then you may want to pass on working for third-party companies.
FREE role-guided training plans
Sources
- So You Want To Be A Penetration Tester, Dark Reading
- Why and How to Become a Penetration Tester, InfoSecAddicts
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- What’s it like to be a pentester for a penetration testing company?
- Intelligence-led pentesting and the evolution of Red Team operations
- Red Teaming: Taking advantage of Certify to attack AD networks
- How ethical hacking and pentesting is changing in 2022
- Ransomware penetration testing: Verifying your ransomware readiness
- Red Teaming: Main tools for wireless penetration tests
- Fundamentals of IoT firmware reverse engineering
- Red Teaming: Top tools and gadgets for physical assessments
- Red teaming: Initial access and foothold
- Top tools for red teaming
- What is penetration testing, anyway?
- Red Teaming: Persistence Techniques
- Red Teaming: Credential dumping techniques
- Top 6 bug bounty programs for cybersecurity professionals
- Tunneling and port forwarding tools used during red teaming assessments
- SigintOS: Signal Intelligence via a single graphical interface
- Top tools for mobile android assessments
- Top tools for mobile iOS assessments
- Red Team: C2 frameworks for pentesting
- Inside 1,602 pentests: Common vulnerabilities, findings and fixes
- Red teaming tutorial: Active directory pentesting approach and tools
- Red Team tutorial: A walkthrough on memory injection techniques
- Python for active defense: Monitoring
- Python for active defense: Network
- Python for active defense: Decoys
- How to write a port scanner in Python in 5 minutes: Example and walkthrough
- Using Python for MITRE ATT&CK and data encrypted for impact
- Explore Python for MITRE ATT&CK exfiltration and non-application layer protocol
- Explore Python for MITRE ATT&CK command-and-control
- Explore Python for MITRE ATT&CK email collection and clipboard data
- Explore Python for MITRE ATT&CK lateral movement and remote services
- Explore Python for MITRE ATT&CK account and directory discovery
- Explore Python for MITRE ATT&CK credential access and network sniffing
- Top 10 security tools for bug bounty hunters
- Kali Linux: Top 5 tools for password attacks
- Kali Linux: Top 5 tools for post exploitation
- Kali Linux: Top 5 tools for database security assessments
- Kali Linux: Top 5 tools for information gathering
- Kali Linux: Top 5 tools for sniffing and spoofing
- Kali Linux: Top 8 tools for wireless attacks
- Kali Linux: Top 5 tools for penetration testing reporting
- Kali Linux overview: 14 uses for digital forensics and pentesting
- Top 19 Kali Linux tools for vulnerability assessments
- Explore Python for MITRE ATT&CK persistence
- Explore Python for MITRE ATT&CK defense evasion
- Explore Python for MITRE ATT&CK privilege escalation
- Explore Python for MITRE ATT&CK initial access
- Top 18 tools for vulnerability exploitation in Kali Linux
- Explore Python for MITRE PRE-ATT&CK, network scanning and Scapy
- Kali Linux: Top 5 tools for social engineering
- Basic snort rules syntax and usage [updated 2021]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Penetration testing
Intelligence-led pentesting and the evolution of Red Team operations
Penetration testing
Red Teaming: Taking advantage of Certify to attack AD networks
Penetration testing
Penetration testing
Ransomware penetration testing: Verifying your ransomware readiness