warrior/soldier-> pentester/cracker
military scientist/weapon crafter -> hacker/security researcher

Assuming professional soldiers are not mercenaries but rather are part of some sort of military of a country or nation state there are several things in place that try to ensure a certain “quality of service” with soldiers that doesn’t exist within the security or professional penetration testing community.

These “things” include ENFORCEABLE standards of behavior, rules and regulations (also enforceable–usually at a more severe level than that of civilian law), oversight, governing body or chain of command, and required mandatory training to become a soldier. You could argue both ways about training…that hackers can be self taught, don’t need certs, yadda yadda. For the sake of brevity i’ll just say there are no currently AGREED UPON or formal training paths that guarantee a minimal level of competence for penetration testing like military basic training and occupational specialty training.

Lastly, I don’t know of any army or military that works “for profit” meaning they always operate at a loss in business terms. That in itself allows for much more money and time to be spent on creating professional soldiers where that business model wont work for any type of for profit pen-testing consultancy.

Your comments in italics are right on. We as a community should start policing ourselves. possibly starting with defeating this notion that someone can pass an exam and go to work penetration testing. Just because you passed your hacking certification of the month doesnt make you ready to go out there and actually do it. Which goes right back to having some sort of governing body, enforceable standards of conduct and behavior, and required training (lasting longer than some IT Cert bootcamp).