A penetration tester (often shortened to pen tester or ethical hacker) is a security professional engaged to simulate the behaviour of a real attacker against an authorised target. The goal is to discover and demonstrate exploitable weaknesses, rate their business impact, and provide concrete remediation guidance before a malicious actor finds the same flaws.
What a penetration tester does
A typical engagement begins with scoping, where the tester and the client agree on targets, attack scenarios, schedules, and rules of engagement. Reconnaissance gathers open-source intelligence and maps the attack surface. Vulnerability identification combines automated scanning with manual review. Exploitation confirms which findings are real and demonstrates the impact in a controlled way. Post-exploitation explores how far an attacker could pivot once inside. The engagement closes with a written report, a debrief, and often a re-test once fixes have been applied.
Core skills
Strong testers combine breadth and depth: working knowledge of networking, operating systems, web application architecture, cloud platforms, and at least one scripting language; comfort with command-line tools and the Linux file system; the ability to read and reason about source code; and clear written and spoken English so that findings translate into action for client stakeholders.
Common qualifications
Industry-recognised certifications include OSCP (Offensive Security Certified Professional), CREST CRT and CCT for UK-recognised technical credentials, and PNPT or HTB CPTS for hands-on practical assessments. CREST membership is often required for testing in regulated UK industries such as financial services and government supply chains, and for testers participating in the NCSC CHECK scheme.
Ethics and authorisation
The defining characteristic of a penetration tester is written authorisation. Testing without explicit permission is unlawful in the UK under the Computer Misuse Act 1990, regardless of intent. Professional engagements include a signed statement of work, defined scope, agreed escalation paths, and confidentiality terms before any technical activity begins.
Related terms
See also: penetration testing, ethical hacker, OSCP certification, and grey-box penetration testing.
Leave a Reply