How to become a penetration tester
If you’re exploring cyber security careers, you’ve probably come across the role of penetration tester. Also known as a ‘pen tester’ or an ‘ethical hacker’, a penetration tester identifies vulnerabilities in computer systems and network infrastructure, and finds solutions to patch those weaknesses.
Here we look at what a penetration tester does and how you can get into this rapidly growing field.
What does a penetration tester do?
A penetration tester uses automated and manual hacking processes to discover potential security vulnerabilities in computer systems. They then use their knowledge of the flaw to find a solution so no one else can exploit it.
Although all penetration tests involve a simulated attack, different tests target different security controls. For instance, penetration testing can be done on applications, networks, hardware or personnel.
A penetration tester starts by conducting a detailed security assessment. In this assessment, they will review code for security vulnerabilities, design and conduct engineering attacks, and evaluate how computer systems perform against these attacks.
They then write a vulnerability report to explain how these tests were performed and provide recommendations to strengthen system defences. It’s crucial that penetration testers write these reports for both technical and non-technical audiences so that the relevant people in a business can understand the threats that have been identified.
Cybercrime and cyberattacks are a growing problem for Australian businesses; the cost to businesses increased by 14 per cent during the 2022-2023 financial year. With penetration testing, you identify security vulnerabilities and proactively address them before a malicious attack occurs, safeguarding businesses, government organisations and individuals from potential attacks.
Why is the demand for penetration testers rising?
According to the Australian Federal Government’s latest Annual Cyber Threat Report, cybercrime is a persistent and disruptive threat that everyone needs to be aware of.
“Critical infrastructure organisations should adopt a stance of ‘when’ not ‘if’ a cyber security incident will occur. All organisations should have a cyber security incident response plan and test it regularly to ensure an effective response and fast recovery,” the report said.
While we often hear about high-profile security breaches in the health, aviation or telecommunications industries, we don’t hear about more pervasive, lower-profile breaches that target small to medium-sized businesses.
In Australia, the three most common self-reported cybercrimes among businesses are email compromise (20 per cent), online banking fraud (13 per cent) and business email compromise fraud (13 per cent).
Information and communications technology, and operational technology are growing in Australia. They’re becoming increasingly interconnected, which can create business efficiencies but also create cyber vulnerabilities.
As a result, this is a growing sector with an increasing need for workers. According to Australia’s Cyber Security Sector Competitiveness Plan 2023, the industry will need 85,000 dedicated cybersecurity professionals by 2030 to meet demand, an increase of 66 per cent from 2023. This is an extra 4,813 dedicated roles each year.
The plan highlighted that, in order to remain globally competitive, Australia needs to build partnerships between government and industry to grow and train its cyber workforce. Based on the current pace of growth, the Gross Value Added (GVA) of the Australian cyber security sector is forecast to be $5.2 billion by 2030.
Steps to become a penetration tester
Becoming a penetration tester requires a blend of education, technical skills and practical experience in the field of cybersecurity. Here are the essential steps to embark on a successful career in penetration testing.
Step 1: Get a degree qualification
If you're wondering how to become a penetration tester, a bachelor’s degree in a relevant discipline, such as IT, cyber security or computer science, is a good foundation.
Alternatively, if you have not completed a bachelor’s degree, you could be eligible for the Graduate Certificate in Cyber Security through UNSW Online if you have at least two years of relevant or professional experience in cyber security or other cyber-related positions.
Relevant experience includes being responsible for tasks within a cyber-related role, which may encompass technical or governance roles, managing a small team or leading a relevant project.
After completing the Graduate Certificate in Cyber Security, you could advance to a Graduate Diploma in Cyber Security and then a Master of Cyber Security. Developed in collaboration with industry experts from UNSW Canberra at the Australian Defence Force Academy (ADFA), these programs give you an edge, as they are the only Australian academic institution with an integrated defence focus.
The UNSW Online’s Master of Cyber Security program offers two dedicated courses in this critical area of cybersecurity: Penetration Testing and Advanced Penetration Testing.
Whether you choose to pursue the Security Management and Leadership specialisation or the Security Engineering specialisation, these two courses deliver a thorough and in-depth understanding of penetration testing, equipping you with essential skills in this vital area of cyber security.
This fully online accelerated master’s program lets you study anytime, anywhere, making it easy to upskill and advance your career in just two years – all without stepping away from the workforce.
Step 2: Skills that you’ll need to succeed
Alongside your formal qualifications, honing a robust set of skills is crucial for success in penetration testing. Familiarity with penetration testing tools, security controls and technical aspects of network infrastructure will greatly enhance your capabilities in this dynamic field.
Proficiency in programming languages such as Python, PowerShell, Golang and Bash can also provide a distinct advantage.
A solid understanding of network protocols, as well as operating systems like Windows, Linux, macOS, iOS and Android, is essential. Knowledge of data encryption, firewalls and virtual machine environments will further strengthen your skillset.
When it comes to specific technical skills that employers look for in penetration tester roles, the following are often in demand:
- vulnerability assessment and management
- penetration testing techniques
- security tool utilisation.
While obtaining certifications such as the Certified Ethical Hacker (CEH) or CompTIA Security+ can certainly enhance your credentials and showcase your commitment to the field, they are not mandatory. Many professionals achieve success through a combination of education, practical experience and continuous self-learning.
It's important to remember that technical skills alone are not enough. Essential soft skills – critical thinking, problem-solving, effective communication and a keen attention to detail – play a significant role in your success as a penetration tester.
By combining technical expertise with strong interpersonal skills, you will be well-prepared to navigate the challenges of penetration testing.
Step 3: Gain experience and connections in the penetration testing field
Certifications and qualifications are one thing, but in order to really progress in the penetration testing field, you need to show that you’re committed to building your experience. At UNSW, there are plenty of ways to boost your portfolio before you become a penetration tester.
The UNSW Institute for Cyber Security works with partners across defence, government, industry and community groups. Our partners are involved in many aspects of our courses through joining research projects, providing guest lectures and collaborating with us in webinars and seminars. When you become a student of UNSW, you instantly work on real-world problems and deliver real-world impact.
Another way to build your penetration testing portfolio is through the Cyber Security Games.
University students across Australia work on a series of challenging scenarios, including cryptography, network security and web vulnerabilities. It gives the next generation of students a chance to learn from industry experts, showcase their talents and get to know their peers and professionals in the field.
You can also get job penetration testing experience through internships. This is an excellent way to get exposed to a variety of penetration testing tools and technologies. They can help you learn as much as possible to prepare you for working as a penetration tester.
Career outlook and opportunities for penetration testers
The cybersecurity workforce is growing, reaching a historic high of 5.5 million professionals globally in 2023. Penetration testing is considered a mid-career position with roles ranging from junior to senior penetration tester, all the way to the more advanced roles of cyber security architect or cyber security engineer.
Penetration testing is valuable across all industries, as every business is vulnerable to cyber threats. However, there are some industries that tend to be more vulnerable and are more likely to hire a penetration tester, including government, defence, healthcare, manufacturing, finance and tech.
How much do penetration testers earn?
According to AUCyberExplorer, the average salary in 2023 and 2024 was $118,573; however, advertised roles ranged from $92,500 to $167,500. By increasing your skills and experience, your career trajectory and earning potential will take off.
Achieve career success in penetration testing with UNSW
UNSW is ranked first in Australia for Engineering and Technology studies, and our graduates earn the highest average salaries among graduates in Australia. The UNSW Online Master of Cyber Security is for ambitious people who want to become technical experts or leaders in this growing field. Our programs are designed by leading cyber security academics and industry experts with a goal to equip students to remain relevant in a continuously developing sector.
If you're eager to elevate your career to new heights, this course is exactly what you need. With intakes every two months, every course you study will add instant value to your career and organisation. It’s 100% online and accelerated, so within two years, you could be a fully trained penetration tester.
Cybercrime is on the rise, and the skills and expertise of cyber security professionals are in high demand. Want to advance in this rapidly growing industry?
Enrol in UNSW Online’s Master of Cyber Security today and become a leader in the fight against cybercrime. Reach out to our Student Enrolment Advisors to learn how you can kickstart an exciting career in this booming field.
