How to Become a Penetration Tester

July 17, 2023

Almost half of the more than 1,100 executives polled by the Deloitte Center for Controllership in 2023 expected the number of cyberthreats aimed at their companies to grow in the coming year. Furthermore, 34.5% of the respondents said that their organizations had been directly targeted within the previous year, and 22% of those executives experienced at least one cybercrime event in that time frame. Shockingly, 12.5% were directly involved in more than one cybercrime event. 

The threat of cybercrime looms large, and learning how to become a penetration tester is an excellent first step in helping to protect organizations from cyberattacks in an uncertain future. Earning a Master of Science in Cyber Security can provide the knowledge and training required to excel in the role. 

What Is a Penetration Tester?

A penetration tester launches simulated cyberattacks against a company’s networks in an attempt to locate or exploit any potential vulnerabilities. Sometimes referred to as “ethical hacking,” penetration testing is important because it helps companies find and address vulnerabilities before cybercriminals can take advantage of them. 

Duties and Responsibilities

Penetration testers have a wide range of duties and responsibilities that can vary depending on what their client or employer needs. When students are learning how to become a penetration tester, they will hone the skills they’ll need to perform the following tasks:

  • Conducting network and application tests: Penetration testers spend much of their time using the latest tools and technology to breach a company’s network and applications. 
  • Analyzing security policies: A company’s security policies dictate the rules and procedures for accessing its networks, programs, and even hardware. Penetration testers analyze these policies to make sure they are effective and make suggestions to improve them. 
  • Conducting security audits: Security audits ensure that a company’s employees are adhering to its existing security policies. Any failure to adhere to a security policy creates a significant vulnerability. 
  • Conducting physical security assessments: Physical security refers to access to network devices and servers. Penetration testers look for weak points and potential issues that could be caused by vandalism, natural disasters, or other on-site occurrences. 
  • Writing reports: Penetration testers must carefully document their findings and provide reports to management teams.

Work Environment

Penetration testers work as independent contractors, for cybersecurity firms, and for large companies who staff information technology (IT) security personnel full time. Those employed by large companies tend to work from the same office each day. Though they often work a typical 40-hour week, security specialists sometimes work odd hours; cybercrime can occur at any time of the day or night, even on weekends and holidays. 

Those working as independent contractors or for cybersecurity firms often spend a great deal of time traveling. They may work for multiple companies in a specific region, or they may travel around the country or internationally to meet with different clients. 

Salary and Job Outlook

According to the U.S. Bureau of Labor Statistics (BLS), positions for information security analysts, including penetration testers and those with similar careers in cybersecurity, are expected to increase by 35% between 2021 and 2031. The increased focus on cybersecurity in many organizations and the rising frequency of cyberattacks is expected to fuel this growth.

The median salary for penetration testers was about $90,800 a year as of March 2023, according to Payscale data. Those with 20 or more years of experience had a median salary of about $125,000 a year. 

Penetration Testers as Good Hackers or “White Hat” Hackers 

Penetration testing involves thinking like a criminal. From obtaining the tools and software that cybercriminals use, to attempting to breach a company’s network, the role is identical to that of a hacker. In fact, penetration testers have been referred to as good or white hat hackers. More recently, it has become commonplace to refer to penetration testers as ethical hackers. 

How to Become a Penetration Tester 

To work as a penetration tester, individuals need industry experience and training. Penetration testers may also obtain one or more certifications.


There is no specific degree requirement for aspiring penetration testers, but a bachelor’s degree in a field such as information technology or cybersecurity is a strong place to start. A graduate degree provides an even greater competitive edge — especially for those aiming to work for the federal government and its intelligence agencies. 


Many employers prefer to hire penetration tester candidates with one or more certifications. Some of the most prominent and recognized include the certified ethical hacker (CEH) and certified penetration tester (CPENT) credentials provided by EC-Council. The prestigious CompTIA Security+ certification is also in high demand. Because the tools and methods used by cybercriminals change, these certifications must be renewed every few years by completing associated continuing education courses. 

Is Penetration Testing Right for Me? 

At its core, penetration testing involves anticipating the ways criminals might attempt to exploit networks. It requires paying close attention to detail, developing a sense of determination, and remaining informed about the latest technologies and methods used by cybercriminals. Individuals who are interested in computers and information technology can find penetration testing to be a satisfying and fulfilling career choice. 

You Can Help Protect Networks from Intruders and Hackers 

When you learn how to become a penetration tester, you gain the ability to protect networks from potentially devastating security breaches. The University of Tulsa’s online Master of Science in Cyber Security program can provide you with the skills and expertise you will need to succeed in this vital, high-demand field. The program is 100% online and tailored to working professionals. Find out how TU can help you prepare for a variety of cybersecurity roles. 


Learn more about The University of Tulsa online MSCS program