Ethical Hacking jobs
You have probably heard of ethical hacking but what does an ethical hacker actually do? And how can hacking be ethical anyway!?
Ethical Hacking can be one of the most rewarding jobs if you enjoy testing computer systems to their limits and you could earn from £33,000 to £66,000 in your first year.
From Hactivists to Elites and Grey hats to White hats, here’s what you need to know about ethical hacking.
1. What is Ethical Hacking?
In short, ethical hacking means testing computer security systems. Ethical hackers are authorised to break into supposedly 'secure' computer systems with the aim of discovering vulnerabilities in order to bring about improved protection.
An ethical hacker, also referred to as a 'white-hat' hacker or 'sneaker', is someone who hacks, without malicious intent, to assisting companies to help secure their systems.
However, a 'black-hat' hacker is the opposite and will use his or her skills to commit cybercrimes, typically to make a profit. In between are hackers known as 'grey-hat' hackers, who will search for vulnerable systems and inform the company but will hack without permission.
2. Why do we need ethical hackers?
Businesses are facing increasingly sophisticated security attacks. Despite spending millions on firewalls, anti-virus/anti-malware software, and data protection applications, there are often flaws in many organisations IT security perimeters. This has resulted in companies employing ethical hackers to perform penetration tests, vulnerability scans and identifying the unknown.
3. What is Penetration Testing?
A Penetration test is a proactive and authorized attempt to evaluate the security of an IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and even risky end-user behavior.
Penetration tests are typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure.
4. How Ethical is Ethical?
According to the report 'When is a Hacker an "Ethical Hacker" – He's NOT' by AlienVault's research engineer Conrad Constantine, an 'ethical' hacker simply does not exist, and it is the contradictory job title that is the problem.
"The term 'ethical' is unnecessary – it is not logical to refer to a hacker as an 'ethical hacker' because they have moved over from the 'dark side' into 'the light'," Constantine argues. "The reason companies want to employ a hacker is not because they know the 'rules' to hacking, but because of the very fact that they do not play by the rules."
Supporting this, Faronics project management vice president Dmitry Shesterin asks: "Have you ever heard of an ethical hacker that has started off as an ethical hacker? I have not."
"So the concern often remains, how ethical is an ethical hacker?"
5. Does an Ethical Hacker need qualifications?
Without IT security experience, you won't get very far, even with degrees and certifications. As is true for other IT jobs, employers typically want candidates who have college degrees, but related experience is king. And experience with certifications can typically take the place of some degree requirements.
Start with the basics: Earn your A+ Certification and get a tech support position. After some experience and additional certification (Network+ or CCNA), move up to a network support or admin role, and then to network engineer after a few years. Next, put some time into earning security certifications (Security+, CISSP, or TICSA) and find an information security position. While you're there, try to concentrate on penetration testing--and get some experience with the tools of the trade. Then work toward the Certified Ethical Hacker (CEH) certification offered by the International Council of Electronic Commerce Consultants (EC-Council for short). At that point, you can start marketing yourself as an ethical hacker.
6. What if you don’t have qualifications?
You might still be able to become an ethical hacker. Andy from Parameter Security quotes Ethical hacking isn’t a regular kind of job. You don’t have to have a college diploma or a certification to do it. All you need is a good knowledge of computers, software and programming languages, creativity, and drive.
You don’t have to have any certifications to be an ethical hacker, but it’s always a good idea to get them, as it proves your knowledge and experience in key areas.
7. What does an Ethical Hacker do on an average day?
Andy from Parameter Security:
I’m an “ethical hacker” at Parameter Security, which means companies basically hire me to try to break into their computer networks in order to figure out how a real criminal would do it.
I’ve broken into a wide range of companies and organizations, from banks to hospitals, Fortune 500s.
I’ve been hacking full-time for the last five years and it’s really one of the most interesting and challenging jobs anyone can have.
It’s also incredibly rewarding, because I know I’m helping to protect companies and institutions from malicious hackers who would otherwise have nothing to stop them from breaking in.
One of my favorite compliments from my former place of work was, “You think like a criminal!” (They didn’t mean it as a compliment.)
I get to see deep inside critical networks (think banks, hospitals, utilities, major companies), and see just how vulnerable they really are if the right attacker happened to target them.
I tell hacker students and new employees, “You will write more reports as a hacker than you ever did at school!”
8. What are the working hours like?
Andy from Parameter Security, again:
It really depends on what you’re doing. If you’ve been hired to do a penetration test of a company, then you’re likely to work 8 to 10 hours per day.
I’ve never had a time when I’ve been sitting at a desk going, “When can I go home?” Much more common is my wife reminding me that sleep is a good thing, and I’ll probably be able to pull off whatever I am doing after I’ve had at least a nap.
However, if you’ve been called in to help a company recover from a breach (what we refer to as “incident response”), then all bets are off. That’s when you’re in crisis mode and you can easily pull a few all-nighters trying to stop the attack from progressing, control the damage, and figure out how to get the company back on track.
9. What are the job prospects for ethical hackers?
They're very good! The IT market overall continues to grow despite the current economic turmoil. Research firm Gartner estimates that worldwide enterprise IT spending grew by 5.9 percent between 2009 and 2010, to a total of $2.7 trillion. At the same time, security is becoming a more pressing concern. Gartner expects to see an increase of nearly 40 percent in spending on worldwide security services during the five-year period from 2011 to 2015, eventually surpassing $49.1 billion.
In your first years as an ethical hacker, you'll be in a position to earn anywhere from $50,000 to $100,000 per year. With several years of professional experience, you could command $120,000 or more per year, especially if you do your own independent consulting.
10. What are the different types of Ethical Hackers?
- White-hat – A 'white-hat' hacker, also referred to as an ethical hacker, is someone who has non-malicious intent whenever breaking into security systems. The majority of white-hat hackers are security experts, and will often work with a company to legally detect and improve security weaknesses.
- Black-hat – A 'black-hat' hacker, also known as a 'cracker', is someone who hacks with malicious intent and without authorisation. Typically the hacker wants to prove his or her hacking abilities and will commit a range of cybercrimes, such as identity theft, credit card fraud and piracy.
- Grey-hat – Like the colour suggests a 'grey-hat' hacker is somewhere between white-hat and black-hat hackers, as he or she exhibits traits from both. For instance, a grey-hat hacker will roam the Internet in search of vulnerable systems; like the white-hat hacker, the targeted company will be informed of any weaknesses and will repair it, but like the black-hat hacker the grey-hat hacker is hacking without permission.
- Blue Hat – External computer security consulting firms are employed to bug-test a system prior to its launch, looking for weak links which can then be closed. Blue Hat is also associated with an annual security conference held by Microsoft where Microsoft engineers and hackers can openly communicate.
- Elite hacker – These types of hackers have a reputation for being the 'best in the business' and are considered as the innovators and experts. Elite hackers used an invented language called 'Leetspeak' to conceal their sites from search engines. The language meant some letters in a word were replaced by a numerical likeness or other letters that sounded similar.
- Hacktivist – Someone who hacks into a computer network, for a politically or socially motivated purpose. The controversial word can be constructed as cyber terrorism as this type of hacking can lead to non-violent to violent activities. The word was first coined in 1996 by the Cult of the Dead Cow organisation.
- Script kiddies – Amateur hacker who follows directions and uses scripts and shell codes from other hackers and uses them without fully understanding each step performed.
- Spy hackers – Corporations hire hackers to infiltrate the competition and steal trade secrets. They may hack in from the outside or gain employment in order to act as a mole. Spy hackers may use similar tactics as hacktivists, but their only agenda is to serve their client's goals and get paid.
- Cyber terrorists – These hackers, generally motivated by religious or political beliefs, attempt to create fear and chaos by disrupting critical infrastructures. Cyber terrorists are by far the most dangerous, with a wide range of skills and goals. Cyber Terrorists' ultimate motivation is to spread fear, terror and commit murder.
- Mobile hackers – These days individuals store everything on their mobile phones, from personal information such as contact numbers and addresses to credit card details. For these reasons mobile phones are increasingly becoming attractive to hackers-on-the-hoof, either by hacking faulty mobile chips or point-to-point wireless networks, such as Bluetooth.