Guide
Ultimate Guide: Pen Tester vs Cyber Security Analyst
Written By Jess Feldman
Edited By Liz Eggleston
Last updated on June 23, 2023
Written By Jess Feldman
Edited By Liz Eggleston
Course Report strives to create the most trust-worthy content about coding bootcamps. Read more about Course Report’s Editorial Policy and How We Make Money.
Course Report strives to create the most trust-worthy content about coding bootcamps. Read more about Course Report’s Editorial Policy and How We Make Money.
There are thousands of exciting career opportunities in cybersecurity, but which roles can you land after graduating from a cybersecurity bootcamp? Flatiron School Cybersecurity Instructor, Gilles Castro, expertly breaks down the differences between two popular roles: Penetration Tester and Cyber Security Analyst. Learn what pen testers and analysts actually do on the job, the tools and certifications they require, and the average salaries. Plus, Gilles explains how the cybersecurity training offered at Flatiron School helps graduates stand out in the job market.
Penetration testing a.k.a. pen testing is the authorized breaking into a company’s system through hacking to test and ensure its security.
Ethical Hacking – Depending on the size of the business, ethical hacking is often done in small teams of 2-6 people and rarely done solo.
Report recommendations - At the end of a penetration test, the team will meet with the organization and discuss their findings.
Typical Salary of a Pen Tester
According to Salary.com, the typical salary range of a penetration tester is $85K – $107K, though it varies by state.
Cybersecurity analytics is the process of proactively collecting and analyzing evidence and capabilities to ensure a sound cybersecurity strategy. A cybersecurity analyst is your network watchdog. Their goal is to deal with policies, pay attention to what is going on in the network, and specifically make recommendations to controls to implement.
Perform Analytics - A cybersecurity analyst performs analytics in order to determine what changes are needed. They may implement some changes, but for the most part their goal is to keep watch and get a real understanding of the actual network and system that they're protecting.
Perform Assessments - Cybersecurity analysts are definitely more proactive than reactive when it comes to looking at things in the network. They perform assessments, like risk and vulnerability assessments, and perform audits specifically on permissions within the system.
Security Awareness Training - A cybersecurity analyst may perform security awareness training with employees.
Though the job may be broad, certain qualities are fundamental to be effective as a cybersecurity analyst:
Typical Salary of a Cybersecurity Analyst
According to a Salary.com, cybersecurity analyst typically sees a salary of $60K – $90K, but this salary can climb up to $200K in certain cities. Entry-level cybersecurity analyst salaries are typically $65K – $85K. Mid-level cybersecurity analysts can see salaries of $85K – $100K, and senior-level analysts may net $100K – $200K.
The responsibilities of a cybersecurity analyst can be pretty broad compared to the penetration tester. Some companies may require a cybersecurity analyst to perform more roles. If a company can't afford to have engineers, an analyst can be absorbed into implementing controls themselves. Penetration testers typically have a very focused role of ethical hacking.
Which tools do Pen Testers use?
Technical tools used are dependent on the scope that the business is asking to breach, but fundamentally they aren’t always necessary. Some tools that Pen Testers use include: Burp Suite, Metasploit, Hydra and Netcat.
You don't necessarily need to know how to code to be a penetration tester, but you do need to know how to write a good email, charm your way into places, and know the tools necessary for that specific job.
Which tools do Cyber Security Analysts use?
Every cybersecurity analyst needs to have experience with:
Cybersecurity analysts don’t write lines and lines of code like developers do, but should have a fundamental understanding of scripting to automate certain small tasks. Learning a tool like Python would develop these skills, but it really varies by company.
Overall, having general IT experience will be helpful for anyone going into cybersecurity. If you’re already in the tech field, getting certifications isn’t necessary. If you're pivoting from a non-technical field into penetration testing, getting a certification is a must.
Certifications are not always necessary for penetration testers. In fact, participating in hacking tournaments called Capture the Flag can get a penetration tester a job faster than certifications because it demonstrates the skillset. If you do want to get certified, the best certification for penetration testers is Offensive Security Certified Professional (OSCP). There's a Junior Pen Tester Certification as well, but employers are more willing to overlook a lack of background and certifications, so long as you have the skills.
Certification is a must for cybersecurity analysts, especially if you don't have a cybersecurity or computer science degree. A certification can be the differentiator between getting an interview and never being seen by the hiring manager at all! That said, be careful about what certification you go for.
The two certifications I recommend are CompTIA Security+ and (ISC)²’s SSCP. If you have about a year of experience, stay away from certifications that require more experience than you have. Get a certification that is relevant to your experience and that jobs are legitimately looking for.
If we think about a cybersecurity career ladder, does it take more experience to become a pen tester or a cybersecurity analyst? Or are they on the same rung?
Penetration testing is an attractive career, especially to those coming from a non-technical background who are captivated by hacking. Fundamentally though, only 1% of cybersecurity roles are penetration testing jobs, compared to 30-40% cybersecurity analytics roles!
The likelihood of getting a cybersecurity analytics role right out the gate is higher than getting a penetration testing role, but it's not necessarily because within a corporate hierarchy a penetration tester is higher than a cybersecurity analyst. When a company prioritizes what they need, they're not going to hire a penetration tester first. They’ll need a cyber security analyst first to make sure security has a baseline before they start hiring a penetration tester.
Overall, pen testers and cyber security analysts are at about the same level, though a cybersecurity analyst can be pretty senior in a company. Most people will start in analytics and go over to penetration testing, even though it's not necessarily more senior.
At Flatiron School’s Cybersecurity Bootcamp, we will prepare you for cybersecurity engineer and analyst roles. You’ll learn the skills to script, to utilize SIEM tools and other tools that will be necessary on the job. You'll be able to talk-the-talk, which is one of the most important things when it comes to security. You might go into an interview against someone with a four-year degree but they may not be able to speak the cybersecurity lingo like someone who has graduated from Flatiron School.
As far as on-the-job skills, Flatiron School prepares you to work through skill sets. Most people that graduate from the Cybersecurity bootcamp will be able to do the job better than those who did a more traditional university role because they have experience with the tools of the industry.
Do Flatiron School’s Cybersecurity students complete labs?
Yes, Flatiron School's cybersecurity students do complete labs as part of their curriculum. Our labs are designed to provide students with hands-on, real-world experience, allowing them to actively engage in tasks that mirror those they will encounter in their future professional roles. These labs are specifically crafted to align with the skills and tasks relevant to the field of cybersecurity.
While our curriculum includes penetration testing, it is important to note that our aim is not solely to produce ethical hackers. Instead, we have a broader objective of imparting foundational skills to our students. We want them to not only excel as penetration testers but also develop a strong understanding of defensive strategies to counter such tests. Our goal is to equip our students with a comprehensive skill set that prepares them for both offensive and defensive cybersecurity roles.
Find out more and read Flatiron School reviews on Course Report. This article was produced by the Course Report team in partnership with Flatiron School.
Jess Feldman is an accomplished writer and the Content Manager at Course Report, the leading platform for career changers who are exploring coding bootcamps. With a background in writing, teaching, and social media management, Jess plays a pivotal role in helping Course Report readers make informed decisions about their educational journey.
7 Tips for Updating Your UX Design Resume for AI Roles!
These are 3 AI tools you want to know before your first tech interview!
A TripleTen career coach answers what to do in the first 90 days after bootcamp graduation!
Learn how to launch a career as a technical writer!
Find out the fundamentals of cloud engineering and how to launch a career in the Cloud!
Follow our tips to help you choose between these two, in-demand tech careers!
Hack Reactor's Zubair Desai shares how bootcampers should (and shouldn't!) use GenAI...
Lighthouse Labs walks us through cybersecurity jobs across 6 different industries!
Why You Should Learn CSS If You’re Not a Software Engineer
A Fullstack Academy instructors shares how AI is used in Data Analytics!
Sign up for our newsletter and receive our free guide to paying for a bootcamp.
Just tell us who you are and what you’re searching for, we’ll handle the rest.
Match Me