What is the mojo that separates the good from the great in Pen Testing/Ethical Hacking? How do you know the difference between the two?

Good question, correct me if I'm wrong but I think one thing that separates the good from the great in Pen Testing / Ethical Hacking is that Pen Tester who's willing to go that extra mile. What I mean by this is that Pen Tester that's involved in a Pen Test and actually goes to that extra step and possibly develops an exploit that a possible attacker could develop and launch it to penetrate a machine. An ethical hacker who holds a CEH certification on the other hand might just run through and perform your usual Pen Test. Not saying C|EH's don't know how to develop their own exploits, I'm just randomly saying based on another user who would have knowledge of a person who holds the CEPT Certification, etc. It's that person's experience in the field that I think makes the difference. I don't exactly think there's too big of a large difference between the two (Ethical Hacking / Pen Testing), I'd say it all depends on how qualified the guy / girl is your hiring and how into it they are.

But that is what I mean, what do you think those mad skillz are that are the differentiator?

For me. the difference lies in using and creating.
By using I mean someone who  uses pre-made exploits and steps to hack an application. His knowledge is confined to this area only and becomes helpless if the system is fully patched.
On the other hand a creator makes his own exploits, finds his own vulnerabilities and sometimes makes his own tools.
The difference between a hacker and a good hacker is great but there is a thin line between a good hacker and an excellent hacker.

For me. the difference lies in using and creating.
By using I mean someone who  uses pre-made exploits and steps to hack an application. His knowledge is confined to this area only and becomes helpless if the system is fully patched.
On the other hand a creator makes his own exploits, finds his own vulnerabilities and sometimes makes his own tools.
The difference between a hacker and a good hacker is great but there is a thin line between a good hacker and an excellent hacker.
[/quote]

I agree with Xen on this. It doesn't take anyone special to use all the tools and known exploits already documented. It does take someone with a talent not only to create them, but to document them also. To me it's about someone who can think outside the square and walk the talk. No good only been able to tick boxes on a checklist and get it signed off. Certs are irrelevant to great skill - They can document that someone has good skill but not not necessarily that they have great skill.

Whilst not entirely in the spirit of all things geeky, a major difference between technically good, and great pen-testers is the ability to relate the technical findings to business speak.

You could develop the worlds greatest exploit, but unless you can portray the information in terms of hard cash, risk and ROI then the situation isn't going to get the funding or political backing within the organisation that is required to improve and protect the business.