Become a Cyber Security Analyst / Penetration Tester and improve the security of organizations by using penetration tools to locate and exploit security vulnerabilities. You will learn how to footprint and ethically break into a company with the goal of exposing key issues in computer systems or software.
In this program, you will learn what it takes to become a Penetration Tester. Last year, Penetration Testers ranked as one of the 3 most in-demand jobs in the growing cybersecurity job market. As a skills-based profession, a college degree is not necessary; and anyone with the ability to learn the right skills will be wanted by employers. Through practical, virtual lab environments, you will gain real-world, hands-on skills with today’s latest tools and technologies; and, with help from a mentor, be guided down the path of a new career.
Through practical, virtual lab environments, you will gain real-world, hands-on skills with today’s latest tools and technologies; and, with help from a mentor, be guided down the path of a new career. This career path aligns to the Vulnerability Assessment Analyst and Exploitation Analyst NICE/NIST work roles.
Why take this Penetration Tester career path?
Brick-and-mortar cybersecurity and IT training help you gain theoretical knowledge, but they do not provide you with enough practical experience to prepare you for a job. You need guidance; so, you spend $3,000+ on classroom-based cybersecurity and IT training to get access to instructors and mentors. After 5, 8-hour days, and $3,000 later, you still walk away unprepared and unsure where to go from there.
Welcome to the Transfotech Academy Career path. Confidently, be guided down the path towards your next job and a new career. This three-month program helps you take the right training, get the right hands-on experience, and prove your ability through online assessment tools. No experience? No problem. Work with industry-leading mentors as they help you get started and guide you through the program.
Session 1: Course Introduction
- Introduction to Ethical Hacking
- What is a website?
- How websites work
Session 2: Lab Preparation – Creating a Penetration Testing Lab
- Lab overview and needed software
- Installing Kali Linux
- Installing Metasploitable
- Configuring Lab Network and Virtual Machines
Session 3: Fundamental knowledge
- Overview of Linux
- Terminal and Basic Linux Commands
- Networking basics
- Scripting Basics
Session 4: Information Gathering
- Active Reconnaissance/Passive Reconnaissance
- Passive Information Gathering
- Identifying Technology and Software on Websites
- Active Information Gathering/Scanning
- Discovering Sub-Domains & Files
Session 5: Exploitation
- File Upload Vulnerabilities
- Understanding File Upload Vulnerabilities
- How to discover and exploit File Upload Vulnerabilities
- Fixing File Upload Vulnerabilities
Session 6: Cross-Site Scripting (XSS)
- Understanding Cross-Site Scripting (XSS)
- How to discover & Exploit Stored XSS
- How to discover & Exploit Reflected XSS
- Fixing XSS Vulnerabilities
Session 7: Insecure Session Management
- Exploiting Cookies to gain access
- Discovering & Exploiting Cross-Site Request Forgery Vulnerabilities (CSRF)
- How to fix CSRF Vulnerabilities
Session 8: Brute Force & Dictionary Attacks
- Brute force a Login Page
- Creating a Wordlist for Password Cracking
Session 9: Command Execution/Remote Code Execution
- CE vs RCE Explained
- Discovering & Exploiting Command Execution Vulnerabilities
- Discovering & Exploiting Remote Code Execution Vulnerabilities
- Fixing code Execution Vulnerabilities
Session 10: SQL Injection
- Understanding SQL Injection
- Discovering & Exploiting SQL Injection Vulnerabilities
- Fixing SQL Injection Vulnerabilities
Session 11: File Upload Vulnerabilities
- How to discover and exploit file upload vulnerabilities
- Fixing file upload vulnerabilities
Session 12: Bonus Section
- Using ZAP to find vulnerabilities
- CVSS Scoring
- Report writing and Presentation
Session 13: Bonus Section
- Resume workshop
What Are Some Penetration Tester Roles and responsibilities?
Penetration testers seek to identify security vulnerabilities in an organization’s networks, and then resolve them, sometimes creating new or improved security protocols. This involves many responsibilities and tasks.
As a penetration tester, you will likely be required to:
- Perform penetration tests on computer systems, networks, and applications
- Create new testing methods to identify vulnerabilities
- Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection
- Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
- Search for weaknesses in common software, web applications, and proprietary systems
- Research, evaluate, document, and discuss findings with IT teams and management
- Review and provide feedback for information security fixes
- Establish improvements for existing security services, including hardware, software, policies, and procedures
- Identify areas where improvement is needed in security education and awareness for users
- Be sensitive to corporate considerations when performing testing (minimize downtime and loss of employee productivity)
- Stay updated on the latest malware and security threats
While the above are typical responsibilities for a penetration tester, you may have additional duties depending on the organization you work for. Sometimes there is overlap in IT positions, so it is important to be flexible and to work as part of a cohesive team.
What Are Some Penetration Tester Job Requirements?
While it may be possible to find a job as a penetration tester based solely on having the right set of skills, most employers prefer to hire penetration testers who have previous relevant work experience. Some employers want employees who have at least a bachelor’s degree. The U.S. Bureau of Labor Statistics indicates that employers prefer to fill entry-level positions in the field of information security analysis with applicants who have a bachelor’s degree in computer science, information security, or another comparable field of study. Some employers may want penetration testers to have programming skills in specific programming languages and operating systems. Additionally, employers may require that penetration testers have certification in ethical hacking and other IT security areas.
In addition to education, penetration testers are required to have certain skills. They must have excellent computer skills to be able to attempt hacking systems. They require solid analytical skills to evaluate and analyze the processes involved in resolving existing and potential security threats. It is also important for penetration testers to have proficient communication skills as they will be writing reports and working closely with other IT professionals and departments. Most importantly, penetration testers must have exceptional problem-solving skills to be able to determine the best course of action when resolving issues and protecting networks from potential threats or breaches.
A Day in the Life of a Penetration Tester
A typical day for one penetration tester may look a lot different from another’s depending on the organization they work for. For some, there may be travel required between different sites, they may be required to work evenings or weekends to not disrupt the workflow of the company, or they may be able to perform some duties remotely or by telecommuting. But the heart of the penetration tester position is identifying security system vulnerabilities by attempting to exploit them and then coming up with solutions to resolve the weaknesses to keep their organization’s information safe.
A normal day for a penetration tester may include the following tasks:
- Plan a specific penetration test
- Create or select the appropriate testing tools
- Perform the penetration test on networks, applications, or systems
- Document methodologies
- Identify vulnerabilities using the data gathered
- Review and evaluate findings
- Establish possible solutions for the weaknesses
- Provide feedback and recommendations to management or clients