Penetration testing, commonly referred to as pen testing or “ethical hacking,” is the process of conducting a simulated cyber attack on an organization’s computer system. Pen testing is an important technique used by cybersecurity professionals for exposing database vulnerabilities and network security flaws that could be exploited by hackers. With so much of today’s critical business as well as personal information accessible through the internet, cyber attacks can be incredibly costly or even dangerous, making this process of identifying vulnerabilities essential.
Pen tests may use a variety of methods to execute a cyber attack, including brute force attacks, SQL injection, phishing, or even hardware devices. In order to simulate real-world cyber attacks as closely as possible, a “single-blind” test is typically carried out by an outside cybersecurity or IT security analyst with no prior knowledge of the network security systems in place, and in a “double-blind” test the company’s own IT and cybersecurity team is not given advance notice. Pen testing procedures also vary depending on whether the organization wants to simulate an external attack from an outside hacker or an internal attack from a disgruntled employee.
Pen testing is an essential part of the toolkit of IT security analysts and cybersecurity consultants, who are responsible for helping companies protect their computer networks and systems against malicious cyber attacks. Unknown network security vulnerabilities can lead to incredibly costly data breaches, potentially exposing private information of an organization, its employees, and its customers, making the identification of these flaws a critically important part of cybersecurity.
Given the elevated and increasing importance of cybersecurity today, professionals in this field are highly sought after. According to the Bureau of Labor Statistics, information security analysts earned a median annual salary of $99,730 in 2019, and these jobs are expected to grow by 31% between 2019 and 2029 - much faster than average job growth across the rest of the economy.
Certainly. Coursera offers many opportunities to learn about penetration testing and other cybersecurity topics, including individual courses and Specializations spanning multiple courses. You can learn from top-ranked schools like University of California Davis, University of Maryland College Park, University of Colorado, and the University of London, or you can take courses from IBM to earn a professional certificate in cybersecurity. Regardless of where you want to learn from, Coursera lets you view course materials and complete coursework on a flexible schedule so that you can add these important cybersecurity skills to your resume while continuing to pursue your other schoolwork or existing career.
If you have a strong drive to understand how things work and to beat hackers at their own game, then learning penetration testing might be the ideal subject for you. As a pen tester, you'll be tasked with finding and fixing vulnerabilities, including ones that were previously unknown. You'll also discover how an attack would impact a business and assess how effectively organizations are able to respond and detect attacks. If working on the front lines in the war against hackers and those who threaten cybersecurity sounds exciting, learning pen testing will get you on your way to creating a career doing just that.
Although you don't need a degree to build a career in penetration testing, gaining a formal education in computer science or computer security can help you develop some of the skills you'll need. Common undergraduate degrees for people interested in this field include information security, computer engineering, cybersecurity, and math. Some penetration testers go on to earn their master's degree in cybersecurity or a related field while others go on to work as a network or systems administrator before pursuing certification. Some of the most common certifications include the Certified Ethical Hacker or the Licensed Penetration Tester Master from the EC-Council, the Certified Expert Penetration Tester from the Information Assurance Certification Review Board, and the CompTIA Security+ credential.
Any organization within any industry can benefit from pen testing, but some of the industries most likely to hire pen testers include those that are highly regulated, like health care, banking and finance companies, and service providers. Pen testers can use their skills to test for compliance with regulations. For example, pen testers might perform an audit of a medical device company, hospital, or health care information exchange to ensure it's HIPAA-compliant. Other places rely on pen testing to reveal vulnerabilities in their websites, networks, and systems to remain more secure and enact policies to stay that way.
This FAQ content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.