Become an IT Security Expert as a Pentester
Help companies protect themselves from hackers while advancing your own career
After a few years working in IT (whether as an admin, team leader, or in a similar role), most professionals come to the same realization: The infrastructure they’re responsible for generally functions, but it’s not as secure as it should be. “Well, then just fix it!” – your boss might say. But it's not that simple. An IT specialist isn’t automatically an IT security expert. And if the boss doesn’t understand that, they’re unlikely to allocate more resources to this critical area.
So, what can you do in this situation? Become the expert who strengthens your company’s security. For that, you need specialized knowledge and the ability to communicate it clearly to management. This is exactly where well-trained penetration testers come in.
What do Penetration Testers do?
Penetration testers typically work for medium-sized companies (with around 300 employees or more), large corporations, or government organizations. They test IT infrastructures either within their own company or as independent contractors for other businesses.
How do they approach this? In short, they think and act like real attackers – but without causing any harm, of course. Penetration testers are hired (and strictly act within the agreed scope) to assess the damage a hacker could inflict on a company and determine the potential attack paths they might use. Ideally, the company then uses this information to fix the vulnerabilities and proactively defend against real attacks.
For these test results to be useful, a thorough and solution-oriented report is essential. Penetration testers must also be able to share their specialized knowledge in a way that both IT teams and management can easily understand.
Is Penetration Testing just a desk job?
As an IT admin, you might be used to running around – fixing printers, troubleshooting in server rooms – but most of your work is desk-bound. Penetration testers, however, can find themselves out in the field, especially if they are testing other companies as a service provider. While a lot of testing is done from their own computer, physical access testing often involves being on-site.
When testing a company’s physical security, for example, pentesters might use tailgating techniques to follow an employee into a restricted area, or employ social engineering to get directions to the server room or sneak into secured spaces without an ID badge. Depending on the scenario, they might even wear disguises, like overalls with a company logo or pizza delivery uniforms.
Want a real-world example of how this looks? Check out one of our pentesters in action in the Ask a Hacker | White Hat Chronicles video series:
Career Prospects and Salary
The importance of IT security for a company’s success is growing. The 2023 IT Security Report by Germany’s Federal Office for Information Security (BSI) makes this clear. For instance, an average of 250,000 new malware variants were discovered every day during the reporting period.
While many talk about a “skills shortage,” we see it more as a shortage of practical, up-to-date, and targeted training. The career outlook for well-trained IT security experts, including penetration testers, is excellent. Large companies, governments, intelligence agencies, and service providers regularly have positions to fill. With the NIS2 directive coming into force in October 2024, the demand will only increase.
Expertise in penetration testing also pays off financially: According to job portal Stepstone, penetration testers with just one to two years of experience in the field earn an average annual salary of €58,000. With six or more years of experience (often moving into senior pentester roles with team leadership responsibilities), salaries can exceed €70,000.
领英推荐
How to Become a Penetration Tester
Many IT admins and professionals who want to break into penetration testing wonder what qualifications they need. In fact, there are no legal requirements, as the title of "penetration tester" isn’t a protected term. However, experience shows that successful pentesters usually have a solid IT foundation – whether through a computer science degree, vocational training as an IT specialist, or several years of hands-on experience as a system administrator or network technician.
In addition to technical skills, soft skills are also crucial. Pentesters must be creative, think outside the box, and constantly stay curious and proactive. The job demands a high degree of self-motivation and continuous learning, as the landscape of IT threats is always evolving.
Entry Points into the Profession
Many penetration testers first sharpen their hacking skills through Capture the Flag (CTF) challenges, where they practice technical basics in a gamified setting. However, for some aspects of the job, targeted training and certifications are essential.
At some point, aspiring pentesters will need to earn the Offensive Security Certified Professional (OSCP) certification. It’s a challenging qualification and not necessarily ideal for beginners. The Certified Ethical Hacker (CEH) certification is more beginner-friendly, but it tests knowledge rather than practical skills.
A great alternative is to pursue practical, entry-level training courses designed specifically for newcomers.
Junior Penetration Tester (JPT) Certification with IHK
ProSec GmbH, in collaboration with the IHK, offers a certification course for aspiring penetration testers. Participants are required to pass both theoretical and practical exams to demonstrate their mastery of the field. The course is designed and taught by experienced penetration testers and is highly hands-on: Many of the exercises take place in a hacking lab, based on real vulnerabilities found in actual customer networks.
One thing to keep in mind: Though the title "Junior" is used, entering this specialized field often means you’re already operating at a senior level in other areas of IT.
To learn more about what awaits you in the JPT course and why it doesn’t start from square one of IT security, watch this video from Senior Penetration Tester and course leader Robin:
Want to kickstart your career as a penetration tester or take on more responsibility for IT security in your company?
Check out the next course dates here: