4 Factors Influencing the Penetration-Testing Skill Gap

4 Factors Influencing the Penetration-Testing Skill Gap
October 30, 2017 EC-Council
SHARE

The skill gap in the cybersecurity industry is at an all-time high, much like a race against time. To combat this persistent issue, organizations are searching for various new ways to help bridge the skill gap through implementing courses and programs in cybersecurity.

A report by Indeed revealed that the cybersecurity skill gap is worst in Israel, where only 28.4% of the demand for cybersecurity professionals is met. Only in Canada and the U.S. does the supply of cybersecurity job seekers exceed 50% of employer demand. Nowhere does the job seeker supply meet the demand of the employers.


Not keeping up with an organization’s skill requirements could lead to a significant skill gap in the industry. This has led to an excess workload for existing staff, the hiring and training of junior level employees, and the inability to fully utilize security technologies to their complete potential.

These skill gaps can be injurious to an organization’s cybersecurity and to a penetration-tester’s profession. Take a look at some of the factors increasing the penetration-testing skill gap and learn what you can do to safeguard your future.

1. Lack of First-Hand Experience

Extraordinary penetration testers who have no prior experience in the field are very few and far between. This makes penetration testing a very tough line to get into because no organization approves of hiring a penetration tester who has zero prior experience. In fact, most organizations suggest that having prior penetration-testing experience gives the penetration tester an advantage over those who have none.

Penetration testers should have a deep knowledge of how networks work and should be able to navigate through a system’s network, compromise it, and provide a concise report––with solutions––without any help from prompters. This skill set is only acquired through hours of system or network administration work experience.

2. Lack of Proper Methodology and Skill Development

It is important to remember that penetration testing is a strategically planned test that depends on various methodologies and not just an activity based on fortune and fate.

With hands-on experience, penetration testers ought to be able to use the right methodologies to compromise a system. Companies often look for candidates with knowledge of various methodologies and skills, including: Web Application, Information Gathering, Denial of Service, Networking Protocols, Pivoting, Port Forwarding, MiTM, Scripting, Coding, and many more.

Penetration Test Report Writing is one of the most crucial roles of a penetration tester. Quite often, if an organization finds that a report does not contain clear details about the tests conducted, information obtained, and suggestions on how to alleviate vulnerabilities exposed, then it can result in a misinterpretation of the danger at hand, leaving the organization exposed and vulnerable.

3. Lack of Qualifications

The key element that 51% of hiring managers look for in a candidate’s resume is one or more hands-on and credible penetration-testing certifications that confirm the applicant is qualified in penetration testing. Sixty-one percent (61%) have a minimum requirement of a Bachelor’s Degree and 23% prefer those with a Master’s Degree.


Organizations are also prone to favor applicants who demonstrate an understanding of advanced concepts and tools, as well as possess an advanced skill set––which includes knowledge of networking and network protocols, mastering an operation system, and the ability to code or script.

A certification with a realistic approach will provide the organization with the confidence that the penetration test will be carried out by individuals who are up to date with the latest knowledge, skills, and abilities that real attackers use to compromise systems.

4. Lack of Strategizing

While some penetration tests have a set target, others require ample amounts of information gathering and strategizing. Many penetration testers often rely on tools to carry through an assessment. However, a great penetration tester is able to strategize beyond the use of tools through the initiation of a strong methodological plan that is followed throughout the test.

Implementing self-learning methods to stay abreast of the latest hacking trends is one way to bridge the skill gap in the industry. With approximately 200,000 malware attacks per day, organizations are moving toward cybersecurity professionals, like penetration testers, to strengthen their Information Security.

The solution to bridging the penetration-testing skill gap lies in the fact that penetration testing is more of a commodity to current and future digital enterprises, where security and privacy are concerned. With the right education and opportunities, more individuals will join the cybersecurity industry, thus alleviating the gap in the industry.


Sources:
http://blog.indeed.com/2017/01/17/cybersecurity-skills-gap-report/
http://burning-glass.com/wp-content/uploads/Cybersecurity_Jobs_Report_2015.pdf
http://burning-glass.com/wp-content/uploads/Burning-Glass-Report-on-Cybersecurity-Jobs.pdf
https://www.cybrary.it/forums/topic/digital-organizations-face-a-huge-cybersecurity-skills-gap/
https://www.mcafee.com/ca/resources/reports/rp-hacking-skills-shortage.pdf
https://blog.barkly.com/cyber-security-statistics-2017