The university of tulsa Online Blog

Trending topics in the tu online community

How to Become a Penetration Tester

Written by: University of Tulsa   •  Dec 13, 2023
A Penetration Tester Reviews Code on a Pair of Desktop Monitors.

How to Become a Penetration Tester

Almost half of the more than 1,100 executives polled by the Deloitte Center for Controllership in 2023 expected the number of cyberthreats aimed at their companies to grow in the coming year. Furthermore, 34.5% of the respondents said that their organizations had been directly targeted within the previous year, and 22% of those executives experienced at least one cybercrime event in that time frame. Shockingly, 12.5% were directly involved in more than one cybercrime event.

The threat of cybercrime looms large, and learning how to become a penetration tester is an excellent first step in helping to protect organizations from cyberattacks in an uncertain future. Earning a Master of Science in Cyber Security can provide the knowledge and training required to excel in the role.

What Is a Penetration Tester?

A penetration tester launches simulated cyberattacks against a company’s networks in an attempt to locate or exploit any potential vulnerabilities. Sometimes referred to as “ethical hacking,” penetration testing is important because it helps companies find and address vulnerabilities before cybercriminals can take advantage of them.

Duties and Responsibilities

Penetration testers have a wide range of duties and responsibilities that can vary depending on what their client or employer needs. When students are learning how to become a penetration tester, they will hone the skills they’ll need to perform the following tasks:

  • Conducting network and application tests: Penetration testers spend much of their time using the latest tools and technology to breach a company’s network and applications.
  • Analyzing security policies: A company’s security policies dictate the rules and procedures for accessing its networks, programs, and even hardware. Penetration testers analyze these policies to make sure they are effective and make suggestions to improve them.
  • Conducting security audits: Security audits ensure that a company’s employees are adhering to its existing security policies. Any failure to adhere to a security policy creates a significant vulnerability.
  • Conducting physical security assessments: Physical security refers to access to network devices and servers. Penetration testers look for weak points and potential issues that could be caused by vandalism, natural disasters, or other on-site occurrences.
  • Writing reports: Penetration testers must carefully document their findings and provide reports to management teams.

Work Environment

Penetration testers work as independent contractors, for cybersecurity firms, and for large companies who staff information technology (IT) security personnel full time. Those employed by large companies tend to work from the same office each day. Though they often work a typical 40-hour week, security specialists sometimes work odd hours; cybercrime can occur at any time of the day or night, even on weekends and holidays.

Those working as independent contractors or for cybersecurity firms often spend a great deal of time traveling. They may work for multiple companies in a specific region, or they may travel around the country or internationally to meet with different clients.

Salary and Job Outlook

According to the U.S. Bureau of Labor Statistics (BLS), positions for information security analysts, including penetration testers and those with similar careers in cybersecurity, are expected to increase by 35% between 2021 and 2031. The increased focus on cybersecurity in many organizations and the rising frequency of cyberattacks is expected to fuel this growth.

The median salary for penetration testers was about $90,800 a year as of March 2023, according to Payscale data. Those with 20 or more years of experience had a median salary of about $125,000 a year.

Penetration Testers as Good Hackers or “White Hat” Hackers

Penetration testing involves thinking like a criminal. From obtaining the tools and software that cybercriminals use, to attempting to breach a company’s network, the role is identical to that of a hacker. In fact, penetration testers have been referred to as good or white hat hackers. More recently, it has become commonplace to refer to penetration testers as ethical hackers.

How to Become a Penetration Tester

To work as a penetration tester, individuals need industry experience and training. Penetration testers may also obtain one or more certifications.


There is no specific degree requirement for aspiring penetration testers, but a bachelor’s degree in a field such as information technology or cybersecurity is a strong place to start. A graduate degree provides an even greater competitive edge — especially for those aiming to work for the federal government and its intelligence agencies.


Many employers prefer to hire penetration tester candidates with one or more certifications. Some of the most prominent and recognized include the certified ethical hacker (CEH) and certified penetration tester (CPENT) credentials provided by EC-Council. The prestigious CompTIA Security+ certification is also in high demand. Because the tools and methods used by cybercriminals change, these certifications must be renewed every few years by completing associated continuing education courses.

Is Penetration Testing Right for Me?

At its core, penetration testing involves anticipating the ways criminals might attempt to exploit networks. It requires paying close attention to detail, developing a sense of determination, and remaining informed about the latest technologies and methods used by cybercriminals. Individuals who are interested in computers and information technology can find penetration testing to be a satisfying and fulfilling career choice.

You Can Help Protect Networks from Intruders and Hackers

When you learn how to become a penetration tester, you gain the ability to protect networks from potentially devastating security breaches. The University of Tulsa’s online Master of Science in Cyber Security program can provide you with the skills and expertise you will need to succeed in this vital, high-demand field. The program is 100% online and tailored to working professionals. Find out how TU can help you prepare for a variety of cybersecurity roles.

Recommended Readings

8 Myths About Cybersecurity Careers

Is Cybersecurity a Promising Career?

Why Is Cybersecurity Important?


CompTIA, Prove to Employers You Can Get the Job Done

Deloitte, “Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting and Financial Data in Year Ahead”

EC-Council, Cybersecurity Incidents Are Exploding. So Are Cyber Jobs!

EC-Council, Five Reasons a Career in Penetration Testing Is the Next Big Thing

EC-Council, How to Become a Penetration Tester

EC-Council, Introduction to Certified Penetration Testing (CPENT)

Forcepoint, “2023 State of Security Report”

Fortra, Penetration Testing

Indeed, “How to Become a Penetration Tester (with Salary and Skills)”

National Institute of Standards and Technology, Penetration Testing

Payscale, Average Penetration Tester Salary

U.S. Bureau of Labor Statistics, Information Security Analysts

Learn more about the benefits of receiving
your degree from The University of Tulsa