Career Paper 

Cy Ellis 

CYSE 201S 

Prof. Yalpi Diwakar 

Introduction 

I started my journey as an IT in 2016 after failing out of the Navy Nuclear Power Training Command (NNPTC). I got offered any job I wanted that on a submarine was not nuclear, and on a whim, I chose IT. From the time we started the Navy’s IT schooling it all came naturally. The schools were interesting but once I got to my boat, I realized that most of the training I received was useless when it came to day-to-day operations. Luckily being an actual IT came naturally to me. I excelled and my abilities grew quickly. Before I left, I was the top-rated IT among the 13 submarines stationed in Norfolk, but I wanted more.  

From the time that I realized that IT was my calling I knew I wanted to do cyber security. I got to touch all aspects of IT while I was on the boat, networking, user management, system administration, cybersecurity, disaster recovery and everything else you can do, but at the end of the day cybersecurity was by far my favorite. After researching cybersecurity careers, I decided that my goal is to become a penetration tester.  

Job Description 

Penetration testing in simple terms is ethical hacking. The main responsibility of a penetration tester is to attempt to identify and exploit vulnerabilities in a network or system. This gives the network owners data points that they can build their policies around as well as an idea of what vulnerabilities exist and how to patch them. When penetration testers analyze a network, their job is to address all security concerns. They may start with physical security, showing up to a business and walking around to look for people who have left their computers open and walked away or to see if they are even stopped. From there, they will see what they can access. On the virtual side they will act as a hacker and see how they may exploit a system and what data they can take. This is then filed in a report and given to whoever ordered the testing.¹ 

Penetration testing is one of the fastest-growing job fields in the country. The Bureau of Labor Statistics has estimated that there is an expected 32% growth rate in the field². The requirements for a penetration test are the standard for most mid-level cybersecurity jobs. A bachelor’s degree in cybersecurity or computer sciences and certifications such as CompTIA PenTest+, Certified Information Systems Security Professional (CISS-P) and ethical hacker certifications and relevant experience are suggested qualifications.³ Penetration testers are compensated well for their work with the average salary coming out to around $125,000 a year. 

Penetration Testing and Social Sciences 

Penetration Testing, or ethical hacking, requires the ability to think like a victim. The overall goal of penetration testing is identifying all vulnerabilities and getting into a network you do not have access to. This means taking advantage of a victim’s mindset and understanding the psychology and trends in cyber victimization is a requirement for the job. Being able to conduct successful social engineering attempts requires the ability to play on the weaknesses or blind spots of a potential victim. Between social engineering and physical access, part of the responsibility of a penetration tester is to exploit users. Understanding the psychology and what makes a victim allows a tester to effectively do their job. Successfully exploiting network users can allow for better training recommendations for the network or system administrators because knowing the weaknesses of the users allows for training tailored to the company’s needs. 

Criminology is also important to penetration testers. They must act as criminals and understand the thought processes and trends that make them successful. While they are not hacking for malicious reasons or personal gain, they are acting as criminals attempting to gain unauthorized access to a system. This requires a good technical knowledge of the methodology used by criminals. The ability to understand what makes a criminal a criminal and the thought processes behind their acts is paramount. Penetration testers can work with criminologists to analyze data on recent breaches, how they were conducted and the motivations behind the attacks. Understanding these factors and thought processes not only improves the ability of the tester to penetrate the network, but it also allows for better recommendations on security measures and policies to be put in place. This will help companies keep the networks and systems safer in the future. 

Part of the job of a Penetration tester is to exploit network users. This does require some care. When dealing with marginalized groups within the institution that you are attempting to penetrate, it is important to ensure that you take the proper precautions so as not to cross ethical or cultural boundaries. Using cultural differences to exploit someone into allowing access into a network is unethical and outside of the job for a penetration tester. While the job requires exploitation of network or system users, testers should rely on means that do not require targeting someone’s background. Penetration testers should maintain sensitivity while they conduct their work. 

Penetration testers have an important role in society as well. As more things activities and businesses move online, the amount of vulnerabilities that hackers can use to steal user or company data increase. The job of a penetration tester includes finding and reporting these vulnerabilities. Penetration testers also help ensure that businesses stay up to date with compliance standards. By doing these things they are ensuring a higher level of safety for users. 

Conclusion 

Penetration testing offers a strong multidisciplinary approach to the cybersecurity market. It requires a strong working knowledge of psychology, victimology, and criminology. It is a difficult job that demands a thorough knowledge of cybersecurity and hacking methodologies, but penetration testers are paid handsomely for it. This career offers the ability to make a difference and provide a lot of help securing networks.