A penetration tester, often shortened as a pentester can be defined as a person who is legally allowed to jack into computer systems, preach security protocols, basically hack into any computer while getting paid to it. All a pentester does is hack into an already existing system to try and find a loophole for rectification. While many may not consider this a career, it is quite prestigious with several people earning approximately $100,000 a year from doing this.
A person can become a pentester without a degree by acquiring experience, developing their technical skills, and acquiring certifications related to cybersecurity. The first can be obtained at Hackthissite.org, the second can be gained at Cybrary.com, and Comp TIA offers the third.
Pentesters occupy most firms as an information technology team, working every day to ensure that the firm’s system is bulletproof. Penetration testing works by stimulating a cyber-attack on the system, stimulating access to very private information and also very sensitive information. With this, then the IT team would learn that more needs to be done to avoid such security breaches.
A pentester within a firm would work to seal the loopholes in the existing systems. Because, if they were able to get in, they can prevent any other person from getting in. You may also work as a freelancer, choosing your work hours and your clients, but you may also want to work for a firm that only hires pentester which comes with job security and other benefits. The purpose of this article is to shed light on readers, who are interested in becoming penetration testers without a college degree. And yes, this is quite possible, and below is how you can achieve this.
Having a college degree for a pentester give you an advantage over somebody who did not even when it comes to the job field, but pentesting is not about which college degree you hold or where you went to get it, it about which technical skills you have mastered and how well you can do your job.
Job responsibilities of a pentester
● Creating reports and recommendations to the fire on the status of their technological security
● To develop tests and run them. It also includes creating a simulation for pen-testing.
● Advice the relevant authorities on the security status and areas that require improvements.
Essential skills for a pentester
The basic skills you may require for pentesting are ones you learn in high-skill. They include:
Report writing skills- you should be able to write a clear report on the pentesting that you have done. You should be able to communicate effectively on the report you are writing and it should be understandable to the relevant people.
1. Team Player- a pentester cannot work alone. You should be able to communicate effectively with your team to achieve better results.
1. Great verbal communication- articulating your words either in speaking or in writing. You become very easy to talk to and to understand.
1. You must possess a learning culture. This is a must-skill because in the hacking world technology is constantly changing and hackers are constantly updating their tactics. For you to survive, you must be able to want to learn more of what others are doing and keeping up with technological trends.
Suppose you want to be a pentester without going through the hustle of campus and all that training, you have to master the above basic skills. Many times, we find employers, hiring pentesters not based on their academic qualifications or based on whether you went to some of the most elite schools in the world but on the merit of expertise. Even if you have a master’s in computer science but you are not able to hack into a simple security network, to a pentesting firm, you are simply Unqualified. The best way for you to secure a place in the world of pentesting is by ensuring that you have the technical skills required to succeed. Some of these skills are taught in a classroom and some you could learn all by yourself.
Technical Skills To Master To Become A Pentester
Computer Networking
You cannot be able to hack into a computer system if you do not understand how computer networks operate. Pentesters often have a passion for computers and I believe that this is the simplest skill one could master. This is just a basic highlight of the necessary skills. So if you are a beginner with the aims of penetration testing, you have to start small, start with computer networking, layouts. Master how each network affects the security of the system, which are the best networks to hack and how fast can it be to hack. With this in mind, your journey to pentesting has already begun.
Scripting and programming
Basic programming skills are necessary skills for any pentester. Computer programming may not be as easy as understanding computer networks but also not quite as technical as understanding computer networking. To need to be able to understand code after reading it. You should also be able to write code. You could start this by taking online classes on various websites online. Some books are written and made available to those interested in computer programming and code scripting. You need to have the overall know-how on how to use the Windows window. Which are the best tool and operating systems for any beginner in pentesting.
Basic hacking skills
Pen testing from its definition is a legal hacker. You have to know how to hack, even in the slightest for you to succeed in this field. Start small, understand the code of hacking, try to write your code, and try to hack from the simplest of devices and networks. Starts small with things like files, websites, and firewall breakdown.
Sites like the hack box come in very handy if you are looking to improve your hacking skills.
Code Review
Code reviewing for any pentester in the beginning phase is quite important. Start with the simple weakness and design configurations within the stated code to ensure that you completely understand what’s required. Again, you would not be able to fully review any code if you are not able to do code writing and scripting. Practice using manual code together with the configuration of computer devices to establish the weakness in any code. For a beginner, this may give you an edge into black box pentest, allowing you to find mistakes such as misconfigurations in the encryptions, infusion assaults, and approval issues.
The only disadvantage with mastering any form of code review is the fact that it is very tedious. many people are unable to break through code review if it involves a very huge document. When using C, we know that strcpy () is nearly useless when it comes to cushioning against applications such as PHP and could also be used to prompt remote code execution. With this type of code review, be prepared to work with various programming languages such as C+, JavaScript, C, PHP, and python. You also have to be taken because the weaknesses that may be displayed from the use of programs such as C++ and JavaScript, may not be displayed when using programs such as Ruby and python., code review requires more than just vast knowledge of code programming but also keenness and time. If you are looking to become a pentester without a college degree, these programming languages and how they work should be at your fingertips. Sites that offer raining on code review include:
● Code Academy
● Awesome code review
Network Security Expertise
Other than just understanding computer networking as earlier stated, you need to visit organizations to understand the network set in place, the kind of security set in different levels of the organization to give you a brief overview of what a network pentester will have to do if you choose to become one. You will need to understand the setup of the likes of TCP/IP. You will also need to break out of the comfort zone and work with LDAP, SNMP, SMB, VoIP. you will need to comprehend network securities such as firewalls antiviruses and others like Simpson. The knowledge of working with operating systems such as windows series and Linux will come in handy. This type of pentester will have to fully understand computer networking systems and their weaknesses with host frameworks and clients. In my opinion, a Network security pentester is the simplest kind of pentester there is. The knowledge required on this is quite basic for nay one into computers and is not labor or time intensive. Below is a list of resources I find valuable for any beginner intending to pursue network security pentesting.
● Metasploitable
● Awesome pentest
● AD security
● Windows APIs
Mobile hacking pentest
The simplest of all hackers often start with hacking simple things such as mobile devices. Try hacking into a locked mobile device’s access locked files if you wish to become a phone pentester, you will have to learn about the Java and android runtime for the android hack the phone operating systems such as the IOS for iPhones, vast knowledge of Swift and Objective-C is required. Mobile security has upgraded and will continue to do so. With the release of new phones and new application updates, it has become both easy and hard to jack into a mobile device. A phone pentester should ensure that they are well equipped to handle the changes in mobile phone security for their services not to be rendered obsolete.
Web App Security skills
If you are looking into becoming a pentester, I would suggest you also look into web app security pentesting. You will need to understand the basic loopholes in web applications and try to understand the weaknesses in each web design. With this type of pentesting, you would be required to work on applications such as online bank websites such as CSRF. examples of some of the major loopholes in web application testing would include XML/JSON Injection, LDAP Injection, Blind Injection.
You will need to understand the various applications and sites used with each application. You will need to look more into web design. You could not try and do pentesting on a website fo you do not understand the working of a website. Some of the most common and readily available resources would include:
● Hacker 101
● Apps for testing and practice.
● Hacker one hacktivity.
● Pentesterlab bootcamp.
Dialects such as JavaScript, Scala, and groovy will come in handy all the way. Web app pentesting is not very technical and this should be among the most basic skills you should master.
Binary Reverse Engineering
With this, you will generally need to utilize Malware Analysis. The use of resources such as the WannaCry malware comes in handy to determine what the malware capacities are. Assuming you want to be a pentester, you will need to know the rudiments of figuring it out. You will need insight for research, 0days, and weaknesses. Helpful resources if you are looking to become a Binary pentester include:
introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
● introduction To Reverse Engineering Software
Hardware Embedded Device Security
Understanding schematics the secret to knowing how to enter an embedded device. Again, a basic understanding of computer hardware devices also very important for a beginner pentester. resources such as JTAG and UART are major schematics that you would learn to make your journey easy. An understanding of the basic hardware parts such as resistors, capacitors, and switches even semiconductors is important. Unlike pentesting software, hardware embedded pentesting is more on the outside and is quite easy to master. Any person looking to become a pentester should ensure that they aster the hardware parts of the computer before in software parts. You will need to master the use of ARM architecture, ASM, and the X64/X86. No employer would want to hire a pentester who would not know how the hardware components of a computer work. The hardware comes first then the software. Resources include: Introduction to basic electronics
● How to read schematics
● Embedded Device and Hardware Security.
All of the above are quite essential skills for any person with a passion for becoming a pentester. As said earlier, these are some of the basic skills you will need to succeed as a pentester. While all the abovementioned skills may come with more than just self-teaching. The resources I have listed for you have been recommended severally and have helped many people in the process of pentesting. Suppose you’re not quite familiar with teaching yourself some of the basic skills and would require more input from qualified pentesters, you should check out some of the major teachers online for example:
● Master IPsec: with his youtube channel, he takes all the time to highlight the necessary step to take to become a pentester and has videos on each type of pentesting, he is not only talking to the viewers but he is teaching his viewers how to master the art of pentesting. He has highlighted the good and the bad of each type of pentesting and the challenges one may face through the journey, he also ensures that he gives basic tutorials on how to work with major programs in pen testing such as JavaScript, Scala, And Ruby. below is a link to his YouTube channel:
Review
While it is not necessary for you to have a college degree for you to become a pentester, some of the major hiring firms and clients prefer their pentester to have some level of qualification. This is not just measured in terms of the technical skills they have mastered, but also certification from schools and institutions. This is a better option for a person wishing to become a pentester. Is also budget-friendly. You may want to become certified with specific skills such as the amazon web security services. You cannot be able to do this type of pentesting without certification.
You don’t need to enroll in an institution for this. You could simply buy a book or learn online, ensure that your level of study is top tier so that when you go for the exams, you pass. All that is required for certification is your high school diploma or GED.
Some of the major professional certifications that you should look into acquiring include:
● Amazon web services certifications.
● SANS SEC560 certification.
● EC-Council Certified ethical hacker certification- this type of certification is very pricy and demanding. If you are looking into this on a budget, you could get a book copy and teach yourself/ it will require more commitment and dedication compared to the rest.
The journey to becoming a pentester is not hard but it also comes with its challenges. The level of dedication and commitment required is tremendous; but if you are really into it, the journey is worth it. If you are looking into becoming a pentester and you already have a college degree in computer science or software engineering, mastering the above-said skills will be an added advantage for you. If you are looking into becoming a pentester without a college degree then more is required of you. You will have to pee all the effort and energy into it and you are already on your way to become a legal hacker. When it comes to pentesting, it is not about the level of college education or certification, but about your performance on the job.
