http://en.wikipedia.org/wiki/Pentesting

I have some pen testing experience from past years. :)

Pentesting in today's infosec world is kind of like, well... it's like data entry. You run an automated set of scanners. Clear false positives. Then read through a client policy list and confirm adherence. By the time you are done with that your time on that client is up and you move on.

The result is, 90% of the infosec field is now populated with people dumber than monkeys and half as useful.

CISSP if anything is absolute proof of that. I've never seen a more bogus certification that people seem to actually value.