Emerging career
Penetration Tester (Ethical Hacker)
A penetration tester is paid to break into systems — legally — so the gaps get fixed before a real attacker finds them. It's one of the more unusual and sought-after corners of cybersecurity: equal parts curiosity, technical depth, and careful, well-documented work.
What the job actually is
You simulate attacks against an organisation's applications, networks, or people, with explicit permission and a defined scope. The thrill of finding a way in is real, but most of the value — and most of the time — is in the clear, prioritised report that helps the client actually fix what you found. Without that, a break-in is just a party trick.
Skills that matter
- Strong fundamentals in networking, operating systems, and how web apps work.
- Scripting (Python, Bash) to automate and build tools.
- A hacker's mindset — methodical curiosity about how things fail.
- Writing — the report is the deliverable; communication is half the job.
- Certifications (e.g. OSCP) are widely respected and a common gateway.
How to switch in
Most pen testers come from IT, system administration, networking, or software development — you need to understand systems deeply before you can subvert them. Capture-the-flag competitions, home labs, and bug-bounty programmes are the standard ways to build and prove skills. It's a field where demonstrated ability and ethics matter more than a particular degree.
Frequently asked questions
Is ethical hacking a realistic career change from IT?
Yes — IT, networking, and software backgrounds are the most common starting points. Build hands-on skills through labs, CTFs, and bug bounties, and consider a respected certification like OSCP to break in.
Is penetration testing legal?
Yes, when authorised. Pen testers work strictly within an agreed scope and written permission. The same techniques without authorisation are illegal — the consent is what makes it ethical hacking.