Title: The Career as a Penetration Tester in Cyber Security

BLUF
A career as a penetration tester involves knowledge of human behaviors and
technology to collectively mitigate attacks and find any vulnerabilities before they are
exposed to cyberattacks. They not only protect networks and systems, but they also
defend marginalized groups in which they bridge the gap in the digital divide.

Introduction
Cybersecurity is known to be deeply rooted in social science as well, because
the role of a penetration tester is a very important career in cybersecurity. The role of a
penetration tester involves imitating hackers to discover vulnerabilities within a network
or a system and assisting with improvements to strengthen those vulnerabilities. I plan
to elaborate on the role that a penetration tester plays in cybersecurity, including
education requirements and mindset, as well as how it relates to hacker subculture, the
use of honeypots, and challenges.

Education, Experience, and Mindset

The role of a penetration tester requires multifaceted skills and expertise, not just
technical ones. As mentioned in module 5 of the course, “A good cybersecurity
professional must have a rich and diverse skillset.” They must have a strong
background in technology and cybersecurity. They may also be required to achieve
multiple certifications, such as PenTest+ and Certified Ethical Hacker (CEH), which will
show understanding of the skills needed to perform in this role. This provides a great
foundation for professional development. It is also recommended to have some
hands-on experience in the field as well, This can be done through Capture the Flag
Competitions and internships.
Penetration testers must think like criminals or attackers. Mindset is very
important, and they must be detail-oriented, problem solvers, and tenacious. They must
handle each incident with a strategic mindset and understand that although they must
think like a hacker, they also need to follow the law. There must also be a willingness to
learn; technology is changing every day, and new threats will continue to emerge. It is
important to keep your skills sharp through lifelong learning.

Understanding of Hacker Subculture
Penetration testers are often referred to as “ethical hackers”, meaning that they
explore vulnerabilities within a network or a system that could be exploited. They would
use the same hacker techniques to be able to test a system, the only difference is that
they have been given consent to do so. According to Merriam-Webster, a hacker is defined as “a person who illegally gains access to and sometimes tampers with
information in a computer system” and as “an expert at programming and solving
problems with a computer.
In Module 9 of the course, we explored a little of hacker subculture. “Hacker
culture emerged from a fusion of intellectual curiosity, counterculture and a hate-on for
any technology that you couldn’t easily get access to or tamper with.” (Quora, 2017)
Comprehending hacker subculture plays an important part in the career of a penetration
tester; they are required to act and think like a hacker, but they also must follow the law.
With the use of simulations, they are also able to reenact attacks themselves, within a
controlled environment. This allows penetration testers to explore safely without putting
any assets or information at risk.

Use of Honeypots
Penetration testers utilize honeypots. “Honeypots are used to lure cybercrooks
into a controlled environment, allowing threat experts and businesses to learn more
about complex cyber-attacks and how cybercriminals operate.” (Nemchick, 2024)
Module 3 further elaborated on honeypots, along with their advantages and
disadvantages. Advantages include the ability to study hacks and system trespassing in
real-time and grant the ability to apply changes to the honeypot to see how the hacker
responds. Some disadvantages include the difficulty of understanding motives, and that
sometimes the attacker isn’t carried out by an individual, but via an automated attack or script. “Set up a honeypot, and you can lure hackers into a research environment. You’ll
watch everything an attacker does, and those insights can help you build an even
stronger system for your company.” (Okta, 2024)

Human Factors & Interaction With Marginalized Groups
Module 7 emphasized the role that human factors play in cybersecurity. Human
factors According to Hasib (2018), “People are not the weakest link in cybersecurity;
they are the strongest weapon. The real problem is the failure of leadership to provide
appropriate support, education, and empowerment. According to the National Institutes
of Health (NIH, 2019), marginalized groups are those who face exclusion and
disadvantage across social, political, and economic systems. Often, they may
experience digital exclusion, which can come from the absence of technology and
resources. The role as a penetration tester requires them to protect all, as well as
marginalized groups that are severely affected by cyber-attacks. They can collaborate
with these groups and determine what vulnerabilities they face and how to prevent
them.

Conclusion
The career of a penetration tester is very complex. You must understand the
mind of a hacker as well as human behavior. They expose vulnerabilities before they
can be exploited as well as defend marginalized communities by reducing digital exclusion. With a foundation in technology, ad hands-on experience, they can recreate
attacks in controlled environments and learn from them.

References
“Bridging Digital Divides: Expanding Cybersecurity in Underserved Communities –
NASCIO.”
NASCIO, 25 Apr. 2017,
www.nascio.org/resource-center/resources/bridging-digital-divides-expanding-cy
bersecurity-in-underserved-communities/. Accessed 15 Apr. 2025.
Chamlou, Nina. “Why Diversity in Cybersecurity Matters | CyberDegrees.org.”
Www.cyberdegrees.org, 28 Feb. 2022,
www.cyberdegrees.org/resources/diversity-in-cybersecurity/. Accessed 12 Apr.
2025.
Hasib, Mansur.
Cybersecurity as People Powered Perpetual Innovation. Academia.edu,
2018,
https://www.academia.edu/74480255/Cybersecurity_as_People_Powered_Perpe
tual_Innovation.
Irwin, Luke. “Ethical Hacking vs Penetration Testing: What’s the Difference?” IT
Governance Blog En, 4 Feb. 2020,
www.itgovernance.eu/blog/en/ethical-hacking-vs-penetration-testing-whats-the-di
fference. Accessed 9 Apr. 2025.

Lane, Patrick. “Penetration Testing and Vulnerability Assessment: Working Together.”Default, 8 Sept. 2021,
www.comptia.org/blog/penetration-testing-and-vulnerability-assessment.
Accessed 12 Apr. 2025.
National Association of State Chief Information Officers. Cybersecurity in Underserved
Communities. NASCIO, Nov. 2024,
www.nascio.org/wp-content/uploads/2024/11/NASCIO_Cybersecurity-in-Underse
rved-Communities_2024_a11y.pdf.
National Institute on Minority Health and Health Disparities. “Overview.” NIMHD, 2018,
www.nimhd.nih.gov/about/overview/. Accessed 12 Apr. 2025.
Nemchick, Emily. “What Is a Honeypot? Cybersecurity Traps Explained.” What Is a
Honeypot? Cybersecurity Traps Explained, 7 Jan. 2024,
www.avg.com/en/signal/what-is-a-honeypot. Accessed 13 Apr. 2025.
NICCS. “Workforce Framework for Cybersecurity (NICE Framework) | NICCS.”
Niccs.cisa.gov, 28 Aug. 2023,
niccs.cisa.gov/workforce-development/nice-framework. Accessed 13 Apr. 2025.
“Okta, Inc.” Okta.com, 31 Aug. 2024, www.okta.com/identity-101/honeypots/. Accessed
10 Apr. 2025.

Quora. “Where Did Hacker Culture Come From?” Forbes, 7 Sept. 2017,
www.forbes.com/sites/quora/2017/09/07/where-did-hacker-culture-come-from/.
Accessed 13 Apr. 2025.
University of Michigan. “Penetration Testing (Ethical Hacking) /
Safecomputing.umich.edu.” Safecomputing.umich.edu,
safecomputing.umich.edu/protect-the-u/protect-your-unit/vulnerability-manageme
nt/ethical-hacking. Accessed 11 Apr. 2025.
“Vulnerability Assessment Analyst | CISA.” Www.cisa.gov,
www.cisa.gov/careers/work-rolesvulnerability-assessment-analyst. Accessed 12
Apr. 2025.