The Information Security Specialists
Jan 12

Train Newcomers to Prevent Pentesting Skills Shortage

One of the biggest problems the UK security testing industry is facing today is a shortage of skilled staff. Qualified and experienced penetration testers are in great demand, both by pentest companies and also for internal testing teams, but there are just not enough testers to go round.

There’s no shortage of people wanting to get into the industry. In fact there are a huge number of people who want a pentesting career including graduates and those that want to cross-train from a related discipline, such as system administration or software development.

NTA Monitor recruits a few trainee pentesters every year, but for each one we hire we are rejecting around thirty. The problem is not that pentesting is more difficult than other professions, it’s that other businesses are just not prepared to give them a chance. Since I started NTA Monitor fifteen years ago, I’ve recruited and trained around fifty staff from a variety of backgrounds and with a range of academic qualifications. Just about everyone with an interest in the subject has gone on to have a successful career in pentesting, and many are now senior or principal consultants.

However, there are very few routes to get into pentesting. Many - maybe most - pentesting companies only take on experienced testers, preferring to hire people who can hit the ground running, and who won’t use their senior testers’ time to train up. The result is that hiring in the industry is quite incestuous, and it’s difficult for people with potential but no experience to get in. I hear again and again ‘everyone tells me they’re only looking for experienced testers’ and ‘I just need someone to give me a break’. I can understand the business reasons behind this, but what may be in each company’s own self-interest is in danger of hurting the industry as a whole: you can’t just forage, you need to plant as well, so I want to see more companies recruiting trainees.

Relevant training and qualifications will help newcomers take their first step on the industry ladder, so it is good to see more courses that are aligned with the CREST syllabus becoming available. This will give students the knowledge they need to work towards a recognised professional certification.

Those keen to enter the industry can enrol on the pentesting short course or the accredited MSc module, which I have been working with the University of Greenwich to create and deliver. A number of people have already successfully participated in the course and passed the CREST CRT, which has enabled them to secure placements in their chosen field. I’m also setting-up a practical, skills-based pentesting academy, which will give people an opportunity to gain the high-quality, comprehensive training and professional exposure they need to obtain certification and start a successful career in pentesting.

Anyone interested in training and professional certification can contact Roy Hills on telephone 01634 721855 or email This email address is being protected from spambots. You need JavaScript enabled to view it.

English French German Italian Portuguese Russian Spanish
Call us now on
01634 721855

Latest News

I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.

View all Testimonials

Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.

View all Testimonials

We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...

View all Testimonials

I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.

View all Testimonials

The NTA testing programme was a success on all fronts.

View all Testimonials

The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.

View all Testimonials

On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...

View all Testimonials

NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.

View all Testimonials

NTA Monitor has been a trusted supplier for a number of years and we have found them to be approachable, helpful and understanding of our needs relating to information security.

View all Testimonials