Cyber Security Analyst: The Pentester

Published on 23 December 2019

Reading time 2 minutes

We interviewed "BLUE", our Pentester Trainer, to better define and, above all, better understand this profession in high demand.

Pentester? … Can you repeat?

Blue: "A Pentester ("penetration tester") is a technical auditor to assess the security of information systems.

Its scope of action is:

  • intrusion tests for:
  • websites
  • servers
  • mobile apps
  • softwares
  • homemade tool audits

In other words, a company will use a Pentester to test the reliability and safety of its system.”

How do you recognise a Pentester?

Blue: ”There is no standard profile to become a Pentester, one becomes one by legitimacy based on one's own proven skills.

In order to gain legitimacy, one often goes through technical exercises online via rootme /hackthebox with a publicly listed number of points that gives real added value.

Another solution: bounty bugs. A platform that shares a client case and calls on everyone to find potential flaws (e.g. HackerOne and YesWeHack).

It may seem strange to go online to test your skills, but the reality is that there are big differences and therefore different ways to increase one's value.

When you're not familiar with the tech world, it's sometimes complicated to find your first job in this world. The easiest is to have a first security label (e.g. the cyber security analyst training programme at Wild Code School) and some technical skills (HacktheBox references)”.

The Pentester's job

Blue: "Pentester missions are often short, 1-2 weeks. 

2 categories:

  • Blackbox: Intrusion without any info. Very realistic test ... but less accurate.
  • Whitebox: all the information to audit at best ... more advanced.

Sometimes he can also be hired for longer missions:

  • RedTeam: physical intrusion, full permission from the company, only the management knows about it.

The pentester can also work as a service provider, or in a specialised in-house department in large companies.

Usually, this is a job that one rarely works for more than 10 years. Logically, the next step is to become manager of a technical team or to specialise in research (always in IT security).

From the start, the pentester earns around 38/45,000 €/year and will go up to 50K after 4 or 5 years of experience”.

Blue, tell us more about one of your missions:

Blue: "Unfortunately, I can't! Privacy agreement obliges, it is impossible for me to even mention one (the privacy agreement lasts for 30 years).

The easiest way if you want to know more is to look, for example, at the case of General Motors on the hackerone platform, and dive into the world of Cybersecurity without any further delay!”

Thanks again Blue for the insight, and don't worry, we "Blued" your photo.