After watching Mr. Robot, The Matrix, Blackhat or The Girl with the Dragon Tattoo, have you ever wished to become an hacker like the protagonists? Did these movies and TV shows capture your imagination? If that is the case, you might consider becoming an ethical hacker or a penetration tester. How to become one?
Ethical hackers and penetration testers are in high demand by all government and private companies as cyberattacks increase every year. Companies with sensitive data, like healthcare providers, government agencies or financial institutions in particular need extra protection. Therefore, these experts have to be able to counter cyberattacks effectively and guard the safety of the networks and systems.
White hats vs. black hats
Ethical hackers, also called “white hats”, are the “good guys”. Ethical hackers use their skills to protect company information. They penetrate the system and find out its flaws. They may be security researchers or professionals who discover a vulnerability and then notify the developer who can then patch the hole. These security experts use their skills to find and fix networks, applications or systems vulnerabilities in order to protect the company data from fraud or theft. They can make money for every reported discovery, anywhere from $500 to $100,000.
“Black hats”, on the other hand, are criminals with malicious intent. In some cases, they may use previously unknown system vulnerabilities to penetrate the networks and steal personal or business information, sometimes for ransom. Ethical hackers use the same tools as black hats, but rather than exploiting the system’s flaws for financial gains, they report their finding to the company.
There are many shades in between white and black hackers. The “gray hats” are the hackers or security experts who might sometimes violate the law or ethical standards. An interesting example is the hacker who sold the vulnerability to the FBI and helped to crack the San Bernardino terrorist’s iPhone. In this instance, FBI found out about a previously unknown software flaw allowing the FBI to bypass the iPhone’s four-digit personal identification number without erasing all the data.
How to become an ethical hacker?
In order to demonstrate the ability for penetration testing, having an IT degree is not sufficient, but is still essential. Experience and certifications are a must for employers. But it is the experience that counts in the end, as well as good networks in case you are thinking of becoming a freelance penetration tester. The penetration tester should be highly skilled and have former experience with operating systems, understand networks, programming, databases, coding skills or knowledge of firewalls. On top of that, they must possess soft skills and the willingness to learn about new security threats.
Among the most recognized certifications is the Certified Ethical Hacking Certification, CEH from EC Council. According to their website, the idea is that “in order to beat the hacker, you need to think like a hacker”. Other well-recognized certifications are GIAC Penetration Test (Global Information Assurance Certification), or OSCP (Offensive Security Certified Professional). Some of these certifications are more technical, knowledge-based or use different approaches.
A certified ethical hacker can work as a Network security specialist, Security Consultant, Ethical hacker, IT security administration, or penetration tester. Because their skills are in high demand, their earnings are on average higher than other IT professionals. The average annual salary of a certified ethical hacker is $71,331. New York City, California, Massachusetts and Washington, DC areas offer the highest salaries.
Based on the trends, the frequent hacking attempts on all businesses and government agencies will continue to increase and so will the demand for ethical hackers and penetration testers. To become a successful expert, it will require a mixture of education, experience, technical and soft skills, such as communications and managerial skills or problem solving. Because ethical hackers have access to the company’s sensitive data, working as a penetration tester often requires extensive background checks. So it is essential, once you become a certified ethical hacker, to stay legal and not to flirt with black hats practices.