Many entering the field of computer security are fascinated with the prospect of working as penetration testers. In your opinion, what are the prerequisites one has to posses in order to become good at this job?
From a personal perspective, an inquisitive mind and thirst for knowledge are critical to perform penetration testing. An inquisitive mind will want to discover how things work and how they can be broken, while a thirst for knowledge will make the long hours of research possible.
From a Human Resource perspective, it used to be that penetration testers had to have years of experience to compete for a spot on a pentest team. Recently, I have seen requests from companies that are looking for college students with zero practical experience to fill security positions. This shift indicates two possibilities: One, that security professionals are in short supply; and two, penetest engineers can be trained. Not too many years ago, the methodologies behind penetration testing were considered obscure and simply not understood by corporate management. Today, companies are understanding the need for "red team" attacks, and able to grasp the processes behind such assessments.
In terms of the future, it is probable that the prerequisites for a position as a professional penetration tester will include college and certifications. And speaking of college, I cannot emphasize enough the value of writing and communication. Students interested in becoming penetration testers will spend a lot of their time documenting their findings and explaining the results in a manner that must be persuasive and understandable by those not familiar with information technology. English classes are your friend - trust me.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.