Penetration testers face unique demands on their lives that are not found in other IT and cyber security careers. One of these is the need for constant learning. While all IT professionals are required to keep up with changes in technology or the latest cyber security threats, penetration testers must be constantly learning or practicing to be effective in their roles.
This is because pen testing is all about skills, hacking skills, and hacking—in a way that “keeps up” with the bad actors—that requires knowledge, practice, and dedication. This is why most penetration testers engage in CTF exercises on Virtual Hacking Labs, Hack-the-Box, HackingLab.com, Offensive Security Proving Grounds,tf and others when they are not on an actual engagement.
Pen testers also need extra security and fault tolerance in their networks if they work from home, using a home lab in which to safely examine malware, try new exploits, or reconstruct a target environment for experimentation. Like a malicious hacker or threat actor, pen testers need to fully enumerate their targets and explore every potential entry point in order to find and exploit vulnerabilities to gain a foothold, elevate privileges, move laterally, and compromise a domain controller.
But unlike malicious hackers or threat actors, penetration testers must work against the clock, because penetration tests, like other projects, have set beginnings and ends. In this way a penetration test becomes both a race against the clock and an endurance challenge. Findings pay the bills. Therefore it is not unusual for penetration testers to work 24/7 with very little sleep in search of findings during an engagement.
Due to these unique requirements, not every cyber security professional can or should be a penetration tester; only those who are willing to embrace constant learning and can relentlessly pursue exploitable vulnerabilities will be effective in the role. Penetration testing is, in fact, a way of life.