So, you want to be an Ethical Hacker?
Ethical Hackers, not to be confused with their malicious counterparts, are computer security experts in high demand. With pay substantial and creativity required, the role of an Ethical Hacker entails protecting information so it stays as intended - confidential.
Malicious Hackers and Ethical Hackers work in almost identical ways, using overlapping methodologies and toolsets to find vulnerabilities. However, only Ethical Hackers are authorised to be finding these vulnerabilities and ‘hack’ in a lawful and legitimate way. They differ in intention; Ethical Hackers work to defend and secure systems from these malicious actors. Rather than exploiting these vulnerabilities, Ethical Hackers are employed to find and fix any network or system flaws.
Used liberally as an umbrella term, Ethical Hackers can also be referred to as ‘White Hats’, Information Security Consultants, Security Analysts, Network Security Specialists and Penetration Testers. No matter the title, with malicious hacks becoming increasingly common, the demand for those in the Ethical Hacking umbrella rising at an incredible rate.
Skills & Qualifications
Unlike many roles in the cyber security realm, there are not set qualifications and academic requirements for Ethical Hackers. The requirements of one company can significantly vary to another, however those with either a bachelor or master’s degree in information security, computer science or mathematics will be viewed favorably by employers, boasting a strong technical foundation.
Those without degrees can reap similar benefits from hacking and security-related IT certifications. The most beneficial is arguably the EC-Council's Certified Ethical Hacker (CEH) certification. The certification is either a self-study or classroom course that is assessed through a four-hour, multiple choice exam. This qualification does require two years of prior information security experience and has a US $100 application fee. Other qualifications worth consideration are the Certified Information Systems Security Professional (CISSP) certification, a common qualification held by Information Security Analysts, and courses offered through the SANS GIAC curriculum.
Despite the qualifications available, some industry experts such as Peter Chadha, Chief Executive and founder of DrPete Inc, argues that all Ethical Hackers need is “a vast amount of technical knowledge of IT systems and software and, in particular, how to exploit their vulnerabilities”.
Beyond technical, Ethical Hackers need problem-solving and interpersonal finesse, being able to balance technical with intellectual. Ethical Hackers need superior judgement, common sense and composure in high-stress environments. Confidence communicating across departments is essential and the know-how to translate and tailor technical information to relevant audiences is a priority for employers.
A Certified Ethical Hacker earns an average of £45,000 per annum in the United Kingdom, between $82,512 and $118,038 in the United States and €65,000 in Germany, Europe. Within Ethical Hacking, contractors are the highest earners, paid up to £500 per day in the United Kingdom. The market buoyancy is favourable for Ethical Hackers with demand for high-quality professionals far exceeding supply.
There is no linear career progression in cyber, and Ethical Hacking is no exception. Professional seeking to work in Ethical Hacking typically do so from an entry-level Security Administrator, System Administrator or Network Engineer role. When progressing beyond Ethical Hacking, many move into Security Consultancy, Security Architect or Senior Penetration Tester jobs.
Promising to challenge, engage and financially reward, a career as an Ethical Hacker is an excellent career move for those intrigued by the Cyber and wider IT industry. If problem solving and lateral thinking are listed in your skillset and you are excited about working in an explosive and unpredictable industry, Ethical Hacking is a pathway worth exploring.