Skip to main content

1.1.3 Lab - Researching PenTesting Careers


Protego Security Solutions

I think it is important for you to understand the employment landscape and the different roles and responsibilities that cybersecurity professions include. A good general reference to explore for descriptions of different job roles is The National Initiative for Cybersecurity Careers and Studies (NICCS) Cyber Career Pathways Tool. It offers a visual way to discover and compare different job roles in our profession.

In this activity, you discover and compare ethical hacking jobs that are listed on various job boards. Don’t worry, we are not trying to get rid of you! We just want you to understand where you fit in to the big picture in our profession. I think that you will find that we are treating you very well, and rest assured that you have a lot of room to grow with us.

In this lab, you will complete the following objectives:

  • Conduct a Penetration Tester Job Search
  • Analyze Penetration Tester Job Requirements
  • Discover Resources to Further Your Career

Please answer the following questions after you have completed the lab.


Incomplete Skills Check
This is a multiple choice question. Once you have selected an option, select the submit button below

Which three internet job boards allow filtering job postings by seniority or experience level? (Choose all that apply.)



glassdoor.com

indeed.com

linkedin.com jobs

monster.com

  <title>Text Obfuscation</title>
  <style>
    .hidden-text {
      background-color: black;
      color: black;
      cursor: pointer;
    }
  </style>

<p>Click on the text below to reveal the answer:</p>

<span id="obfuscatedText" class="hidden-text">
  At the time of this writing, monster.com did not have a filter for level of expertise or seniority in its job search results.
</span>

<script>
  document.getElementById("obfuscatedText").addEventListener("click", function() {
    this.classList.remove("hidden-text");
  });
Incomplete 1.1.4 Threat Actors

Before you can understand how an ethical hacker or penetration tester can mimic a threat actor (or malicious attacker), you need to understand the different types of threat actors. The following are the most common types of malicious attackers we see today. Select each for more information.


Organized Crime
Several years ago, the cybercrime industry took over the number-one spot, previously held by the drug trade, for the most profitable illegal industry. As you can imagine, it has attracted a new type of cybercriminal. Just as it did back in the days of Prohibition, organized crime goes where the money is. Organized crime consists of very well-funded and motivated groups that will typically use any and all of the latest attack techniques. Whether that is ransomware or data theft, if it can be monetized, organized crime will use it.
Hacktivists
This type of threat actor is not motivated by money. Hacktivists are looking to make a point or to further their beliefs, using cybercrime as their method of attack. These types of attacks are often carried out by stealing sensitive data and then revealing it to the public for the purpose of embarrassing or financially affecting a target.
State-Sponsored Attackers
Cyber war and cyber espionage are two terms that fit into this category. Many governments around the world today use cyber attacks to steal information from their opponents and cause disruption. Many believe that the next Pearl Harbor will occur in cyberspace. That’s one of the reasons the United States declared cyberspace to be one of the operational domains that U.S. forces would be trained to defend.
Insider Threats
Back to top