Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
All organizations have vulnerabilities, but they can’t fix them until they find them. It’s the job of penetration testers to put themselves in an attacker’s shoes and find flaws before the bad guys do.
Penetration testing, also known as pen testing, involves testing networks, computer systems, and Web and mobile applications to discover vulnerabilities that could potentially put an organization at risk. Pen tests may simulate human- or technology-based social engineering attacks against an organization’s employees to see how people could put a business at risk.
Some companies have penetration testers on their internal security team to test products and systems for vulnerabilities. Many outsource pen testing to consulting or professional services firms, which are staffed with professionals who are trained to break into systems and report back to the client which applications or systems were breached, how they were exploited, and how the organization can mitigate those issues to defend against future cyberattacks