<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Everyone Wants to Be a Penetration Tester

There is a lot more to cyber security than just hacking...

NCIS Hacking GIFSo… Everyone wants to be a penetration tester!

Lately I’ve been speaking at events, conducting interviews, mentoring new security professionals and students and every single person when asked how they want their career to progress or what they are interested in doing, like clockwork every single person says, “penetration tester”. Maybe I’m the only one, but this is a huge pet peeve of mine!

Penetration testing is the hot topic due to the popularity of Mr. Robot, Edward Snowden, and TV shows depicting hacking that gives the wrong impression. Even YouTube and video games such as Fortnite has bread this idea of a “hacker” to the younger generation that think it’s cool to do.

Don’t get me wrong, Pentesting is a great skill but there is a lot more to cybersecurity than pentesting… Pentesting is the act of attempting to “hack” into systems as a way of testing security. It can help you get a good understanding of attacks and how they are conducted but there is also boring and monotonous work associated with it like any other job.

So why does this bother me? I mean, it is getting people interested in cybersecurity, right? A good penetration tester can be a major asset, but everyone has this fantasy of hacking into something. For example, see the ever-famous meme of two people hacking while typing on a single keyboard on NCIS. How cool is that?!?! Did my sarcasm come through on this blog post?

There isn’t enough education on all the various skills and jobs available in cybersecurity. One major issue is that most of these positions people post want people with a thousand years of experience with hundreds of certifications and can do everything including fart rainbows… According to ISC2 the job gap has grown to over 3 million jobs; in order to fix this, we need to be spending more time and effort educating. We need to hire professionals with experience and then allow them time to train and educate others. To be a security professional all you need is analytical skills, the ability to think critically, and a desire to learn.  

At Datashield along with seasoned security professionals we try to hire both college graduates and IT people with various backgrounds such as desktop engineers, database administrators, network engineers, and system administrators. As the security hire gap increases, we have to think outside of the box and have better training programs. First a good culture fit is important and secondly someone eager and open to learning new skills. We also pride ourselves in having a pretty high percentage of female security professionals. The industry also needs to focus on training younger people, we need to get involved in school programs on training cybersecurity.

No matter the position, you may find that other areas interest you besides hacking the planet! Yes, I know it’s an old reference and a lot of people maybe haven’t seen the 90’s hacker movie… If you’re interested in cybersecurity learn about ethical hacking/red team but also learn about forensic investigations, detection and blue team, application security, network security, risk analysis, auditing, and other subjects. For individuals wanting to get into cybersecurity do your research and understand all of the fascist of cybersecurity and be open minded, there is a place for you to learn and grow your skills out there.

Topics from this Article

Penetration Testing, Hacking, Career Development, Application Security, Blue Team

Jeff Marshall
Jeff Marshall
Jeff Marshall was the previous Chief Information Security Officer at Datashield and contributed technical content to the Datashield resource library. Jeff worked at Datashield for nearly 4 years and provided thought leadership and educational content for the Datashield resource library.

Related Posts

What are Managed Security Services?

The use of managed services is growing as organizations struggle supervising multiple sophisticated software systems and advanced corporate networks. One specific area of company outsourcing is the implementation and management of cyber defenses to protect digital assets against ever-evolving security threats. 

The Happy Medium: Hybridized Security Infrastructure

Migrating from a traditional on-prem security infrastructure to a scalable cloud platform is the dream. But in practice, the process of restructuring a legacy framework can become a costly and troublesome endeavor.

RSA NetWitness Network: Visibility-driven Threat Defense

The sophisticated nature of today’s threat landscape and actors continue to wreak havoc on enterprise infrastructures. The lack of inadequate response from security teams is due to the dependency on parameter-based security solutions that are not agile enough to deal with sophisticated threats.