logo ORSYS Le mag

The training and skills medium

Home > Digital technologies > Cybersecurity > Pentester, an ethical hacker who protects your business

Pentester, an ethical hacker who protects your business

Published on May 16, 2023
Share this page :

What if one of the best ways to test a company's security posture was to think like a hacker? This is precisely what the pentester or ethical hacker does. What does this job actually consist of? Elements of response with one of them, Julien Valiente.

Illustration of pentester job article

“The pentester is a hacker who turns his passion into a profession”: here is in a few words how Julien Valiente, president of the ethical hacking firm Cyberwings and ORSYS trainer, sums up this specialized cybersecurity profession. The pentester is therefore a professional hacker specializing in intrusion tests (pentests). His mission ? Identify vulnerabilities in computer systems, networks, applications and even websites to help companies improve their security. The profession requires solid technical skills and, increasingly sought after, methodological skills, associated with a certain state of mind.

The pentester, a professional hacker

Did you say ethical hacker?

If the term “hacker” has existed in the United States since the 1950s, it has long had a bad press in France. “In itself, hacking is neither good nor bad. The hacker is above all a tinkerer. Some people have malicious intentions, they are hackers. Others, like pentesters, have “ethics”,” explains Julien Valiente. In France, the word “pentester” appeared around the 2010s and designates the practice of hacking as part of a professional activity.

What is his daily life like?

“The pentester practices hacking for ethical purposes through intrusion tests,” repeats Julien Valiente. It is in fact responsible for identifying weak points, flaws and defects in security. By stepping into the shoes of an attacker, it identifies attack scenarios and paths that hackers could take. The ultimate goal of its mission is to help companies put the appropriate protection measures in place.

Concretely, the pentester's activities are organized on a daily basis around three major missions. The first consists of carry out intrusion tests to try to find flaws in security systems. The second concerns thewriting reports containing information summaries and data correlations. The pentester transcribes the weak points it detects in terms of security. Finally, he devotes the rest of his time to carry out tests to improve your practice.

Employee or freelance?

Some large companies recruit salaried pentesters if their needs justify it. Pentesters can thus test new products developed by the company internally and systematically.

These skills are currently in high demand, the salary of pentesters generally does not fall below €40,000 gross per year for beginners. As for more experienced profiles (8 to 10 years of career), they obtain salaries around €70,000 to €85,000 gross annually.

Furthermore, many pentesters work independently to be able to choose their missions according to the technical interest and the challenge they represent. The person responsible for defining the contours of the mission is generally the CISO, the CIO (when he wants to test the security of a new architecture) or the product manager (as part of the launch of software, for example). Next comes the actual penetration testing.

Penetration testing in practice: what methods, what skills?

The different types of pentests

The different types of pentests

Not all pentests are carried out under the same conditions. There are three main types:

  • Le external pentest, during which the pentester tries to enter the client's information system from the Internet.
  • Le internal pentest, achieved by giving internal access to the pentester (access that a hacker could have obtained).
  • Le product pentest, which relates for example to a device, an electronic device or even specific software.

Besides this, there are also different types of methodologies, depending on the amount of prior information the pentester has. We thus distinguish the pentest into:

  • “Black Box”, without information,
  • “Grey Box” with some information such as a login and password pair or a map of the information system,
  • “White Box” with all the information.

Pentesting is a highly regulated activity, notably by law, international standards such as ISO, benchmarks such as MITER ATT&CK or certifications (OWASP, for example), the mastery of which attests to know-how and probity.

The typical procedure for a pentest

A pentest generally takes place in five main stages:

  1. Acknowledgement : the pentester collects data on its target, generally using tools (Sublist3r, Nmap, Nessus, OpenVAS, Burp Suite, Wireshark, Aircrack-ng…).
  2. Scanning for vulnerabilities : the pentester identifies security weaknesses.
  3. Exploitation of vulnerabilities : the pentester attempts to penetrate the system using vulnerabilities identified on the perimeter.
  4. Persistence : the pentester tries to find mechanisms allowing him to expand his control and remain in the system for a long time.
  5. Cleaning : the pentester tries to remove his traces to erase any mark of his passage.

The key word of these different stages? Realism. These different steps simply refer to how a cybercriminal works.

Pentesting specialties and the main skills required

As a discipline, pentesting is organized into different specialties. Each specialty requires a certain number of technical skills. Among the different pentester profiles, we distinguish:

  • The specialists in attacks on communications networks, with strong skills in networking, protocols and network architectures.
  • The cryptography specialists, who have excellent knowledge in algorithms, software engineering and mathematics.
  • The web attack specialists, who know the main frameworks targeted, the strengths and weaknesses of the modules and computer languages used.
  • The specialists in physical attacks on hardware, capable of picking a lock, deactivating an alarm or even modifying video surveillance devices.
  • The human specialists, experts in social engineering and capable of compromising users.

The vulnerabilities most often searched for by pentesters relate to code injections, queries and templates, and authentication bypasses. Please note: the pentester must know how to code (Python, C, Go, Ruby, LUA, assembler, Perl), because he may have to write his own programs. He must also train continuously to keep his skills up to date.

Deeply in love with freedom, the pentester can be a bit solitary, but this character trait is often compensated by an ability to work in a team and a real desire to share his knowledge and experiences.

Increased training needs

A training offer in pentesting that is structured

The cybersecurity sector is marked by a shortage of talent: 3.5 million jobs are unfilled worldwide in 2023 according to Cybersecurity Ventures. The demand for pentesters is therefore currently very strong internationally. In France, some computer science engineering schools offer a section in the final year allowing students to aim for pentesting. There are also certification training courses. Anglo-Saxon certification Certified Ethical Hacker or CEH is the best known.

In a profession that places a large emphasis on practice and values experience above all, pentesters must continually improve their skills. While they train a lot on their own, they also learn a lot through contact with their peers, through communities, but also within training organizations. “Systems are becoming more complex, technologies are evolving. Pentesters must specialize,” notes Julien Valiente. The training offer around pentesting is therefore currently being structured, in particular continuing training, the offer of which is increasingly extensive.

A need for acculturation to pentesting

Training around pentesting is not only of interest to pentesters. Security obligations require companies to regularly monitor the proper functioning of their security. Pentesting is a way of meeting these obligations, in addition to security audits and vulnerability scans, which do not have the same purposes.

Pentesting therefore also concerns a whole category of people who exercise responsibilities in the field of cybersecurity and need to have their system evaluated by pentesters. By training in pentesting, CISOs, CIOs and business leaders seek, for example, to ensure that the pentesting service they are about to launch will be well-framed. “They also learn to better deal with threats by discovering concretely how attackers go about it,” emphasizes Julien Valiente. In short, they seek to better understand how pirates reason and operate.

Pentesting: much more than a job, a state of mind

A “hacking spirit”

“You don’t become a pentester, you discover that you are!” », laughs Julien Valiente. Since pentesting comes from the hacking activity, it is a practice before being a profession. “It's a way of looking at things, which consists of being interested in the functioning of new tools and systems and wondering how to divert them to make better use of them, an unforeseen use, but more fun, more secure or even more respectful of the protection of freedoms and data.” Pentesting is not a neutral discipline. We are also talking about a “hacking spirit”, within which ethics, morality and freedom hold an important place.

Freedom, emulation, permanent progression: the main attractions of the profession

“About a third of a hacker's time is spent writing reports. This part of the job can sometimes be off-putting, but it has plenty of other attractions,” reports Julien Valiente. Pentesters are generally very attached to the notion of freedom and appreciate working at their own pace, based on missions and objectives. They are usually very active in different communities. Mutual aid, conferences and competitions maintain permanent emulation.

Still little known, the profession of pentester is essential to ensure the security and integrity of current IT systems. Faced with the exponential growth of cyber threats and the increase in issues related to data protection, companies and institutions are increasingly aware of the need to invest in this type of skills. Continuing education is essential in this constantly evolving field. Professionals must stay up to date on the latest attack and defense techniques, as well as current tools and regulations. Internationally recognized certifications, such as CEH, OSCP and CISSP, are proof of skills that facilitate the integration of pentesters into the job market and help establish their credibility.

Furthermore, there is a need to promote ethics and accountability within the profession, to ensure legality and trust between pentesters and their clients. Training centers and certification bodies have a crucial role to play in this process.

You may also be interested in these articles

IS Governance IS governance: involving business units in corporate security Which IT certification is best for your business?Which IT certification is most beneficial for your business? CISO Information Systems Security Manager Information Systems Security Manager (ISSM): more than just a job, it's a mission!

PREVIOUS ARTICLE

Unsuspected uses of ChatGPT in business

NEXT ARTICLE

Web scraping: how to automatically retrieve data from the web

Our expert

Julien VALIENTE

Cybersecurity

Graduate in science from the University of Aix-Marseille and in strategic information management from Sciences Po […]

associated domain

Cybersecurity

associated training

Certified Ethical Hacker v12 - EC Council

Intrusion detection

Hacking and security, level 2, expertise