<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Everyone Wants to Be a Penetration Tester

There is a lot more to cyber security than just hacking...

NCIS Hacking GIFSo… Everyone wants to be a penetration tester!

Lately I’ve been speaking at events, conducting interviews, mentoring new security professionals and students and every single person when asked how they want their career to progress or what they are interested in doing, like clockwork every single person says, “penetration tester”. Maybe I’m the only one, but this is a huge pet peeve of mine!

Penetration testing is the hot topic due to the popularity of Mr. Robot, Edward Snowden, and TV shows depicting hacking that gives the wrong impression. Even YouTube and video games such as Fortnite has bread this idea of a “hacker” to the younger generation that think it’s cool to do.

Don’t get me wrong, Pentesting is a great skill but there is a lot more to cybersecurity than pentesting… Pentesting is the act of attempting to “hack” into systems as a way of testing security. It can help you get a good understanding of attacks and how they are conducted but there is also boring and monotonous work associated with it like any other job.

So why does this bother me? I mean, it is getting people interested in cybersecurity, right? A good penetration tester can be a major asset, but everyone has this fantasy of hacking into something. For example, see the ever-famous meme of two people hacking while typing on a single keyboard on NCIS. How cool is that?!?! Did my sarcasm come through on this blog post?

There isn’t enough education on all the various skills and jobs available in cybersecurity. One major issue is that most of these positions people post want people with a thousand years of experience with hundreds of certifications and can do everything including fart rainbows… According to ISC2 the job gap has grown to over 3 million jobs; in order to fix this, we need to be spending more time and effort educating. We need to hire professionals with experience and then allow them time to train and educate others. To be a security professional all you need is analytical skills, the ability to think critically, and a desire to learn.  

At Datashield along with seasoned security professionals we try to hire both college graduates and IT people with various backgrounds such as desktop engineers, database administrators, network engineers, and system administrators. As the security hire gap increases, we have to think outside of the box and have better training programs. First a good culture fit is important and secondly someone eager and open to learning new skills. We also pride ourselves in having a pretty high percentage of female security professionals. The industry also needs to focus on training younger people, we need to get involved in school programs on training cybersecurity.

No matter the position, you may find that other areas interest you besides hacking the planet! Yes, I know it’s an old reference and a lot of people maybe haven’t seen the 90’s hacker movie… If you’re interested in cybersecurity learn about ethical hacking/red team but also learn about forensic investigations, detection and blue team, application security, network security, risk analysis, auditing, and other subjects. For individuals wanting to get into cybersecurity do your research and understand all of the fascist of cybersecurity and be open minded, there is a place for you to learn and grow your skills out there.

Topics from this Article

Penetration Testing, Hacking, Career Development, Application Security, Blue Team

Jeff Marshall
Jeff Marshall
Jeff Marshall was the previous Chief Information Security Officer at Datashield and contributed technical content to the Datashield resource library. Jeff worked at Datashield for nearly 4 years and provided thought leadership and educational content for the Datashield resource library.

Related Posts

What is Microsoft Defender for Endpoint and How Does it Work?

Microsoft Defender for Endpoint, formerly known as Microsoft Defender Advanced Threat Protection, provides enterprise-level protection to endpoints to prevent, detect, investigate, and respond to advanced threats.

What is the Zero Trust Framework?

Zero Trust security concept is a model and framework developed by former Forrester analyst John Kindervag in 2010. Since then, the Zero Trust model is widely adopted, with leading researchers at Gartner, Microsoft, and Google all developing and implementing their variations of Zero Trust frameworks while keeping the core concept intact.

Behavioral Indicators of Insider Threat Activity

Contrary to popular beliefs, an insider threat is not always a security risk within an organization's immediate perimeter. Current employees and managers aside, an insider threat could be a former employee who had access to specific information, a third-party consultant, or a business partner.