How do I Become a Ethical Hacker?
Ethical Hacker Job Overview
An Ethical Hacker is a hacker. There is no fancy phrasing required. This person will employ all of the same techniques as a malicious hacker. The difference is that like R2D2 you aren’t on the “dark side”- rather you’re attempting to expose vulnerabilities in systems and networks as part of an effort to shore up the defenses of the system or network. Ethical hackers are employed by a wide variety of government and private firms. Many particularly skilled ethical hackers also participate in contests where the aim is to expose a technique for breaking into some technology. Many of the most prestigious contests have large bounties as prize money. Ethical hackers are often highly talented cyber security experts and often good “people persons” as well, as many hacking attempts rely on social engineering. This is a great job for someone with a creative brain, who loves problem solving. “White Hat Hacker” is another term for ethical hacker. It just means you put your good girl or boy hat on for the day, though it does not mean that when you’re done with work duties, you can revert back to black hat or malicious hacking tactics- most will have to pass a security clearance. Therefore, in order to be a true ethical hacker, you have to adhere to the law and withhold high moral standards.
Ethical Hacker Duties
- Scan for vulnerabilities
- Examine patch installations
- Employ social engineering tactics such as emailing staff and asking for their passwords
- Employ Reverse Engineering tactics
- Work closely with team members to assess risk and provide recommendations
- White hat hacking techniques such as penetration testing
- Clone black hat hacking tactics
- Create DoS attacking
- Use security scanners such as W3af, Nessus, and Nexpose
- Employ Frameworks like Metaspoit
- Exploit vulnerabilities
- Define requirements for information security solutions
- Assess physical environment and access controls to servers, systems, and network devices to create physical security assessments.
- Discuss and Document findings with management and CSIRT teams
- Report findings on the nature of the security threat whether business-related, or otherwise
- Program computers
Recommended: Certified Ethical Hacker Certification
Becoming a Certified Ethical Hacker (CEH) is a smart move for any individual who is looking to work in the field of cyber security. There are myriad of certifications involved in this field, but we have noted over the years that a CEH is pretty consistent throughout many- particularly penetration testing-related – roles. In fact, a CEH passes their exam when they can show that they have what it takes to successfully execute pen tests. Other similar fields include a Certified Network Defense Architect (CNDA). For more information on how to become a CEH check out our resources section at the bottom of the page.
Ethical Hacker Career Pathway
Based on your starting point (whether you’re already active in cyber security, a service member, IT specialist, or a student) there are a few paths to entering the field of ethical hacking. We’ve listed some different levels at which you can engage in hacking jobs below. These levels will depend on the typical number of years of experience associated with career stages (entry, middle, senior) as well as how specialized your education is. For an in-depth look at how job experience in cyber security and education levels compare and contrast, check out our guide on how to prepare for a career in cyber security.
A note on this position: many will need a bachleor’s degree or a CEH Certification to start. Though there are many ethical hackers who are also self taught or have attended bootcamps. A resume can speak loads when it comes to ethical hacking. Many key positions will ask, however, for a number of years of experience- thorough understanding of what the role entails are very impressive to a potential employer.
A note on the positions below: Some job titles are tiered within that position- a position labeled “mid-level” for example, may have a range between mid to advanced.
- Entry level:junior vulnerability assessor,system administrator, security administrator
- Mid-Level Level: Ethical Hacker,Cryptographer, Penetration Tester
- Senior Level: Senior Ethical Hacker, Security Manager, CISO, Security director, Cyber threat analyst
Technical Skills of Ethical Hacking Positions
- C
- C++
- C#
- Python
- Perl
- .NET
- Java/JSP
- PHP
- HACK
- EnCase
- PL/SQL
- Unix/Linux and Windows
- Hardware and Software
- AppScan
- Fortify
- Web-based applications
- White Hat Hacking gambit
- Understanding of secure frameworks like NIST, HIPPA,SOX
- Reverse engineering
- Social Engineering
- Forensics
Soft Skills of Ethical Hackers
- Creative Thinker
- Enjoys Problem-Solver
- Strong Written and Oral Communication Skills
- Strong Code of Ethics
- Expertise in social engineering
Ethical Hacker Job Outlook and Salary
There are thousands of jobs available for ethical hackers across the nation. According to the Bureau of Labor Statistics, auditor positions are projected to grow by 15% by 2024, which is a much faster rate than most fields. According to the InfosecInstitute, the median salary of a certified ethical hacker is $71,331 though can range from $24,760 – $110,000+ It is important to note, however, that this salary range will depend on the job level itself- (whether or not it is entry, mid, or senior) and how much of an educational background you have as well as the number of certifications you have obtained.
Ethical Hacking Resources Resources
- For information how to utilize the G.I Bill Head to the U.S. Department of Veteran Affairs
- A must-have certification in the field of Ethical Hacking is unsurprisingly, Certified Expert Penetration Tester (CEPT)
- If you are ready to start your job search Indeed.com is a great place to start!
- For an in-depth look at information assurance jobs, and ethical hacking head to Infosec Institute.