What's it like to be a penetration tester/Ethnical Hacker?

I'm probably going to come across sounding like a noob in this thread so I apologize in advance for my ignorance. I'm HCPS123, HC for short, nice to meet you. I have a degree in Criminal Justice with a minor in Cyber security and to cut a long story short I've made a lot of mistakes I see people on this forum warn about/get annoyed with. Mistakes such as thinking being an FBI/NCIS agent was like how they portrayed it on TV, mistakes like thinking that a Crim degree with a minor in Cyber Security would be enough to land me a job in the InfoSec field (this one would be particular hilarious if I hadn't f-ed myself career wise).

So I want to try and avoid those mistakes by asking more about the job BEFORE I invest a large amount of time and money to get into the field. So what is it like to be a Penetration Tester/Ethical Hacker? Is a Penetration Tester the same as an Ethical Hacker or are they two different types of jobs? What's the lifestyle like? What do they do on a day to day basis? What do you enjoy about it? What kind of salary do they normally make (*Crosses fingers* 6 figure, 6 figure, 6 figure)? What do you hate about it? Are their any kind of liabilities with this job? (For example a liability with being a youtuber is youtube itself, in that they will often change rules regarding video posting and monetary output without warning so you can get SUPER F-ed if you don't have a backup plan in place) and just any information you feel someone trying to pursue this career should know.

Find more posts tagged with

Comments

yoba222

I occasionally contribute to pen tests at my company but mainly do other security-related things. I find it can be a little emotionally jarring because of the context switching.

The levels of effort, energy, and commitment are more demanding with pen testing when compared to my usual work routines, where I'm watching how many hours I put into a project, whereas pen testing tends to be an all-out affair.

This one is a good one by John Strand, a SANS instructor: https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/

eLearnSecurity did a podcast a couple of months ago, "See through the eyes of a pentester." This may or may not be relevant (I did NOT see it) but it sounds like it may be and wonder if the recording is archived somewhere. https://blog.elearnsecurity.com/see-through-the-eyes-of-a-pentester.html

There are a ton of recordings of all the annual cons out there (Black Hat, Def Con, etc.) and there's bound to be one that talks about the pen testing career but I draw a blank right now.

HCPS123

yoba222 wrote: »

I occasionally contribute to pen tests at my company but mainly do other security-related things. I find it can be a little emotionally jarring because of the context switching.

The levels of effort, energy, and commitment are more demanding with pen testing when compared to my usual work routines, where I'm watching how many hours I put into a project, whereas pen testing tends to be an all-out affair.

This one is a good one by John Strand, a SANS instructor: https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/

eLearnSecurity did a podcast a couple of months ago, "See through the eyes of a pentester." This may or may not be relevant (I did NOT see it) but it sounds like it may be and wonder if the recording is archived somewhere. https://blog.elearnsecurity.com/see-through-the-eyes-of-a-pentester.html

There are a ton of recordings of all the annual cons out there (Black Hat, Def Con, etc.) and there's bound to be one that talks about the pen testing career but I draw a blank right now.

Thanks Yoba222 for replying back to my thread and for the helpful video

You're the best