Complete Lab - Researching PenTesting Careers

Objectives

In this lab, you will complete the following objectives:

  • Conduct a Penetration Tester Job Search
  • Analyze Penetration Tester Job Requirements
  • Discover Resources to Further Your Career

Background / Scenario

When preparing for any career, it is important to understand the prospective job market. The help wanted postings on internet job boards contain a wealth of information regarding the qualifications and preparation required for the jobs that you will be applying for. For careers in ethical hacking, you can see the certifications, knowledge, and skills that are required along with descriptions of what the ethical hacker will be doing for the company. In addition, you can see the kinds of organizations that hire ethical hackers, their locations, and other corporate information that is useful to know when applying for positions.

Required Resources

  • Kali VM customized for Ethical Hacker course
  • Internet access

Instructions

Part 1: Conduct a Penetration Tester Job Search

In this part of the lab, you will conduct a search for ethical hacker/penetration tester jobs on various internet employment sites.

Step 1: Search internet job boards.

  1. Open a browser and search for jobs related to ethical hacking and penetration testing. Use employment sites such as indeed.com, glassdoor.com, linkedin.com, monster.com, etc.
  2. Consult at least three different employment sites. Search specifically for entry-level postings, although feel free to look at more senior positions. Find some jobs that look interesting to you.

  1. Complete Table 1: Jobs Table with at least five jobs that you have found from different employment sites. You can complete the tables in this document, or recreate the tables in another file or on a piece of paper.
  2. Bookmark these jobs or open each job in a new tab. Keep the sites available for the next part of the lab.

Table 1: Jobs Table
1 - Job Title2 - Company Name3 - Level (Entry, Mid, Senior)4 – Location5 – Internet Job Board Source
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
1 - Job Title2 - Company Name3 - Level (Entry, Mid, Senior)4 – Location5 – Internet Job Board Source
Penetration Tester / Ethical Hacker
Technology Design Concepts Inc.
Entry
Towson, MD USA
indeed.com
Application Security Analyst I
Fletchers Federal Credit Union
Entry (Level I)
Albany, NY
indeed.com
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.

Part 2: Analyze Penetration Tester Job Requirements

Now that you have collected some jobs that are interesting to you, go through and complete Table 2: Duties and Required Training and Certification.

Step 1: Complete the table.

  1. Copy the five jobs from Table 1 into the Job Title column in Table 2: Duties and Required Training and Certification.
  2. Read through the job postings and summarize the duties that you would be responsible for in the position. Focus on the diversity of duties that are required by the different positions.
  3. What skills are required? Focus on the pentesting-related skills, but also any general skills that are required.
  4. Explore the postings further and complete the Required Experience column. What kind of experience is required for each job? How many years of experience do they require? If the employment site interface permits, filter or search for entry-level positions that require no experience. There are some out there !
  5. Finally, what certifications are mentioned as required or desirable?

Table 2: Duties and Required Training and Certification
Job TitleDutiesRequired SkllsRequired ExperienceRequired Training and Certification
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Answer Area
Job TitleDutiesRequired SkllsRequired ExperienceRequired Training and Certification
Penetration Tester / Ethical Hacker
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Application Security Analyst I
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.

Part 3: Discover Resources to Further Your Career

You likely noticed several certification and training requirements that were mentioned in the job postings. In this part of the lab, you will investigate pathways to gain the level of training and the certifications that are suitable for the type of job that you are looking for.
a. Which certifications are most commonly required?
Answer Area
Answers will vary. The ISACA Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications are often mentioned. The (ISC)2 Certified Information Systems Security Professional CISSP exam is also mentioned frequently. (Note that the (ISC)2 also offers Certified in Cybersecurity (CC) certification for entry-level job candidates). The GIAC Security Essentials (GSEC) certification is also suitable for entry-level positions. Furthermore, the CompTIA PenTest+ and Security+ exams are mentioned. Also relevant are the Cisco CCNP and CCIE Security certfications. Finally, the EC-Council offers the Certified Ethical Hacker (CEH).
b. Investigate training options for the certifications that you identified as being appropriate to the prospective positions. Where can you take courses to prepare you for those certifications?
Answer Area
Answers will vary. There are many ways to prepare for cybersecurity certifications. Aside from books and free internet videos, formal education is available from colleges and universities, either remotely or in person near you. Education course sites, such as Coursera and Udemy, offer pathways to careers in Ethical Hacking. In addition, the organizations that offer the certifications often also offer training. Cybersecurity institutes, such as sans.org and InfoSec institute, have training courses. Finally, Skills for All by Cisco offers a cybersecurity pathway which will be adding new courses in the future.

Reflection

From your internet search results, please answer the following questions.
1. Do you find that jobs are concentrated in any one area, or are they distributed?
Answer Area
The jobs are usually distributed because security services, such as penetration testing, are required by many businesses.
2. What are the most common duties mentioned?
Answer Area
Answers will vary. Examples: Conduct penetration tests of applications, APIs, web services, and networks. Assess physical security. Conduct security audits. Write assessment reports. Verbal and written communication skills and reporting. Conduct internal and external penetration testing and vulnerability assessment of servers, web applications, web services, and databases.
© 2017 - 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public