Visual representation of penetration testing actions and skills in a technical tree model

Abstract

With the dire need for more competent cyber security professionals, two parties endeavor to close this gap, industry certificates that focus on hands-on experience, and higher education institutions that favor assessing knowledge memorization. It is challenging for the enthusiasts to acquire a solid and balanced profile of knowledge and hands-on experience in the professional context. We introduce a visual representation of penetration testing skills, actions and knowledge so that it closely relates theory and skills for cyber security topics which can serve as a guide for professional development. To illustrate our methodology, we selected 10 case studies from the hacking challenges of Cyber Security Challenge Australia 2014, conducted the experiments and aligned necessary skills and the actions to these complex scenarios. These detailed analysis and models are visually presented as a tree to encompass the landscape of penetration testing in practice which could be a valuable tool for enthusiasts and learners to plan their learning activities.