Ultimate Guide: Pen Tester vs Cyber Security Analyst

Jess Feldman

Written By Jess Feldman

Liz Eggleston

Edited By Liz Eggleston

Last updated on June 23, 2023

Course Report strives to create the most trust-worthy content about coding bootcamps. Read more about Course Report’s Editorial Policy and How We Make Money.

There are thousands of exciting career opportunities in cybersecurity, but which roles can you land after graduating from a cybersecurity bootcamp? Flatiron School Cybersecurity Instructor, Gilles Castro, expertly breaks down the differences between two popular roles: Penetration Tester and Cyber Security Analyst. Learn what pen testers and analysts actually do on the job, the tools and certifications they require, and the average salaries. Plus, Gilles explains how the cybersecurity training offered at Flatiron School helps graduates stand out in the job market. 

What is Pen Testing?

Penetration testing a.k.a. pen testing is the authorized breaking into a company’s system through hacking to test and ensure its security.

What are the main responsibilities of a Pen Tester?

Ethical Hacking – Depending on the size of the business, ethical hacking is often done in small teams of 2-6 people and rarely done solo. 

Report recommendations - At the end of a penetration test, the team will meet with the organization and discuss their findings. 

  • For example: A report may include details, such as how the pen tester gained access into different accounts in the organization. If they were to gain access to a root account, they would suggest remediation to strengthen the security. Most of the time, a pen tester doesn’t implement those changes — their job is to recommend them. 

2 Traits of Successful Pen Testers

  1. Persistence. When things don't work, a penetration tester needs to have the persistence to find another route.
  2. Charisma. Many penetration testers gain access through social means, whether through a charming email or just walking in. Former actors, salespeople, and those who are charismatic and can talk a good game make great penetration testers. 

Typical Salary of a Pen Tester

According to, the typical salary range of a penetration tester is $85K – $107K, though it varies by state.

What is Cyber Security Analytics?

Cybersecurity analytics is the process of proactively collecting and analyzing evidence and capabilities to ensure a sound cybersecurity strategy. A cybersecurity analyst is your network watchdog. Their goal is to deal with policies, pay attention to what is going on in the network, and specifically make recommendations to controls to implement.

What are the main responsibilities of a Cyber Security Analyst?

Perform Analytics - A cybersecurity analyst performs analytics in order to determine what changes are needed. They may implement some changes, but for the most part their goal is to keep watch and get a real understanding of the actual network and system that they're protecting.

Perform Assessments - Cybersecurity analysts are definitely more proactive than reactive when it comes to looking at things in the network. They perform assessments, like risk and vulnerability assessments, and perform audits specifically on permissions within the system

Security Awareness Training - A cybersecurity analyst may perform security awareness training with employees.

3 Traits of a Cyber Security Analyst

Though the job may be broad, certain qualities are fundamental to be effective as a cybersecurity analyst:

  1. Meticulous attention to detail. The details can be the difference between getting hacked and remaining safe!
  2. Rule-based thinking. They should care about policies and how they will lead to positive or nefarious incentives.
  3. Sociable. They will always be working in a team and need to practice being a good team player. It's very important as a technical person to be able to convey sociability to a non-technical audience. 

Typical Salary of a Cybersecurity Analyst

According to a, cybersecurity analyst typically sees a salary of $60K – $90K, but this salary can climb up to $200K in certain cities. Entry-level cybersecurity analyst salaries are typically $65K – $85K. Mid-level cybersecurity analysts can see salaries of $85K – $100K, and senior-level analysts may net $100K – $200K.

Pen Tester vs Cyber Security Analyst

The responsibilities of a cybersecurity analyst can be pretty broad compared to the penetration tester. Some companies may require a cybersecurity analyst to perform more roles. If a company can't afford to have engineers, an analyst can be absorbed into implementing controls themselves. Penetration testers typically have a very focused role of ethical hacking.

The Tools: Pen Tester vs Cyber Security Analyst

Which tools do Pen Testers use?

Technical tools used are dependent on the scope that the business is asking to breach, but fundamentally they aren’t always necessary. Some tools that Pen Testers use include: Burp Suite, Metasploit, Hydra and Netcat

You don't necessarily need to know how to code to be a penetration tester, but you do need to know how to write a good email, charm your way into places, and know the tools necessary for that specific job.

Which tools do Cyber Security Analysts use?

Every cybersecurity analyst needs to have experience with: 

  • Wireshark (a tool for analyzing network traffic)
  • A security information management (SIM) tool like Splunk or Elastic
  • A vulnerability assessment tool, like Nessus

Cybersecurity analysts don’t write lines and lines of code like developers do, but should have a fundamental understanding of scripting to automate certain small tasks. Learning a tool like Python would develop these skills, but it really varies by company. 

Pen Tester vs Cybersecurity Analyst: Certifications

Overall, having general IT experience will be helpful for anyone going into cybersecurity. If you’re already in the tech field, getting certifications isn’t necessary. If you're pivoting from a non-technical field into penetration testing, getting a certification is a must.

Pen Tester Certifications

Certifications are not always necessary for penetration testers. In fact, participating in hacking tournaments called Capture the Flag can get a penetration tester a job faster than certifications because it demonstrates the skillset. If you do want to get certified, the best certification for penetration testers is Offensive Security Certified Professional (OSCP). There's a Junior Pen Tester Certification as well, but employers are more willing to overlook a lack of background and certifications, so long as you have the skills. 

Cybersecurity Analyst Certifications

Certification is a must for cybersecurity analysts, especially if you don't have a cybersecurity or computer science degree. A certification can be the differentiator between getting an interview and never being seen by the hiring manager at all! That said, be careful about what certification you go for. 

The two certifications I recommend are CompTIA Security+ and (ISC)²’s SSCP. If you have about a year of experience, stay away from certifications that require more experience than you have. Get a certification that is relevant to your experience and that jobs are legitimately looking for.

If we think about a cybersecurity career ladder, does it take more experience to become a pen tester or a cybersecurity analyst? Or are they on the same rung?

Penetration testing is an attractive career, especially to those coming from a non-technical background who are captivated by hacking. Fundamentally though, only 1% of cybersecurity roles are penetration testing jobs, compared to 30-40% cybersecurity analytics roles! 

The likelihood of getting a cybersecurity analytics role right out the gate is higher than getting a penetration testing role, but it's not necessarily because within a corporate hierarchy a penetration tester is higher than a cybersecurity analyst. When a company prioritizes what they need, they're not going to hire a penetration tester first. They’ll need a cyber security analyst first to make sure security has a baseline before they start hiring a penetration tester. 

Overall, pen testers and cyber security analysts are at about the same level, though a cybersecurity analyst can be pretty senior in a company. Most people will start in analytics and go over to penetration testing, even though it's not necessarily more senior.

How to Learn Cybersecurity at Flatiron School

At Flatiron School’s Cybersecurity Bootcamp, we will prepare you for cybersecurity engineer and analyst roles. You’ll learn the skills to script, to utilize SIEM tools and other tools that will be necessary on the job. You'll be able to talk-the-talk, which is one of the most important things when it comes to security. You might go into an interview against someone with a four-year degree but they may not be able to speak the cybersecurity lingo like someone who has graduated from Flatiron School. 

As far as on-the-job skills, Flatiron School prepares you to work through skill sets. Most people that graduate from the Cybersecurity bootcamp will be able to do the job better than those who did a more traditional university role because they have experience with the tools of the industry. 

Do Flatiron School’s Cybersecurity students complete labs?

Yes, Flatiron School's cybersecurity students do complete labs as part of their curriculum. Our labs are designed to provide students with hands-on, real-world experience, allowing them to actively engage in tasks that mirror those they will encounter in their future professional roles. These labs are specifically crafted to align with the skills and tasks relevant to the field of cybersecurity.

While our curriculum includes penetration testing, it is important to note that our aim is not solely to produce ethical hackers. Instead, we have a broader objective of imparting foundational skills to our students. We want them to not only excel as penetration testers but also develop a strong understanding of defensive strategies to counter such tests. Our goal is to equip our students with a comprehensive skill set that prepares them for both offensive and defensive cybersecurity roles.

Find out more and read Flatiron School reviews on Course Report. This article was produced by the Course Report team in partnership with Flatiron School.

About The Author

Jess Feldman

Jess Feldman

Jess Feldman is an accomplished writer and the Content Manager at Course Report, the leading platform for career changers who are exploring coding bootcamps. With a background in writing, teaching, and social media management, Jess plays a pivotal role in helping Course Report readers make informed decisions about their educational journey.

Also on Course Report

Get our FREE Ultimate Guide to Paying for a Bootcamp

By submitting this form, you agree to receive email marketing from Course Report.

Get Matched in Minutes

Just tell us who you are and what you’re searching for, we’ll handle the rest.

Match Me