Becoming a pen tester sounds like a dream job for a lot of people in cybersecurity but I feel there’s a weird gray area that’s not discussed:
If a company gives a pen tester permission to “hack” their environment to pick up on existing vulnerabilities, how does the pen tester know if he/she crossed the line? I mean there’s no way the company just gives complete access to exploit anything this person wants, right?
Under what circumstances can a pen tester get into trouble for their work? Are employers very strict with what a pen tester is allowed to do OR is he/she given a lot of freedom as long as he/she can justify that the work being done is in the companies best interest?