Auditors use penetration testing, vulnerability assessments and passive evaluations to assess system security. They understand the policies and regulations guiding network configuration. Auditors have earned their IAT Level I, Level II or Level III certification and typically have at least 2 years of experience in computer network defense or a related field.