What Is an Ethical Hacker? Using "Bad" for Good in Cyber Security
The term “ethical hacker” sounds like some kind of digital Robin Hood, a vigilante using their skills for good in the lawless dark side of the internet. While the role certainly has some of that thrill, you might be surprised to see “ethical hacker” on quite a few LinkedIn® profiles these days.
As cyberattacks grow in scope, skill and damage, businesses and governments continue to build up their cyber security infrastructure to protect their systems. Ethical hackers (sometimes called white hat hackers) have a critical role in these teams.
“With increasingly advanced defense systems, cyber thieves have to continuously come up with new tactics to try to get past a company’s defenses,” says Isla Sibanda, cybersecurity specialist and entrepreneur at Privacy Australia. “It really keeps ethical hackers on their toes.”
If you are curious how ethical hackers fit into the world of cyber security—read on! We’ve asked ethical hackers and penetration testers to share about their work and the cyber landscape today.
What is ethical hacking?
At the root of it, hackers detect vulnerabilities in digital systems. They gather data on their targets, scan for weak points where they could breach a system, launch various attacks to gain access, and after they have the results they want, cover their tracks. Ultimately, an ethical hacker has the same job description—only instead of attacking or stealing from their employer, they report on their process and the vulnerabilities they found.
Metaphorically, corporations want to keep their digital assets (networks, data, devices, etc.) safe inside a walled city. They know various groups are constantly trying to breach the walls. So instead of waiting for something to crack, they hire ethical hackers to think like their enemies and pretend to attack.
Since cyber criminals move fast and change their approaches regularly, ethical hackers—and cyber security specialists in general—have to continually adapt their approaches. “When it comes to cyber security, the greatest hazard for any company is a black hat hacker,” Sibanda says. She explains that it’s impossible to eliminate all assaults from a network, so ethical hackers and cyber security teams prioritize their resources by discovering threats that are most likely to prove successful.
Ethical hacker vs. penetration tester
Ethical hackers and penetration testers are both important offensive cyber security positions, and the roles can be very similar. Ethical hacking covers a wide swath of hacking attempts. Sibanda notes that advanced professional certifications like Certified Ethical Hacker also puts a strong focus on social engineering.
Social engineering involves manipulating people into divulging personal data or opening a door to a breach. “This might entail sending persuasive phishing emails, but it can also include seeking to break down physical doors, as many pen testers try to obtain access to a business by getting employees to hold the door open or tailgating into restricted areas,” Sibanda says.
“This type of work exemplifies the varied, fascinating and passionate aspect of nature, and I really do adore it.”
Penetration testing (aka pentesting) primarily involves attempting to breach a security system. “I spend most of my time trying to break into systems and create security plans to make sure companies are protected,” says Eslam Reda, penetration tester and application security engineer at Founda Health.
Reda describes the work as fun and stimulating, allowing you to work with network and system teams, advise development teams in security and create plans while learning new things on the way.
Pentesting is an offensive security role, according to Dan Tyrell, manager of professional systems at Cobalt. He says the next five years are likely to produce stronger defensive technologies and larger budgets for cybersecurity. “As pentesters and offensive security professionals, we need to stay ahead of that curve and develop the skill sets to work in that future landscape.”
For more on penetration testing, check out our article “What Is a Penetration Tester? Exploring the Role of These Ethical Hackers”
What is ethical hacking like?
“I love my role because no two customer engagements are the same,” Tyrell says. That may mean pentesting as well as more advanced engagements such as adversary simulation, internet of things (IoT) and device testing, code review and social engineering. “One day I can be hacking a $10,000 IoT toilet, and the next I can be managing an adversary simulation on the internal network of a well-known company.”
“I get to hack into systems, web applications and networks, which I very much enjoy,” Reda says. “It is a continuously evolving area that will never make you bored.” But even beyond those elements, Reda says it’s a huge source of satisfaction to know his work builds to the success of the company. “At the end of the day, the recommendations I provide will protect the business I am working for and build a safe environment for its employees.”
How do you become an ethical hacker?
Hacking is difficult and always evolving. While there are certainly some professionals in the field of cyber security working without degrees, the Bureau of Labor Statistics reports that most information security professionals need a bachelor’s degree.1
Ethical hackers can definitely benefit from the wider knowledge base a program provides. “Working in the field of cyber security is dangerous,” Siband says. “You must rely on more than just your expertise and experience.”
Take your time reading security books, research papers and articles, Reda advises. “Dig into how systems admins and developers implement security features to be able to bypass them, and practice as much as you can.”
“To break into a system, hackers must think ‘beyond the box,’” Siband says. Creativity, experience and ingenuity are critical assets for someone in this line of work.
“Never stop being curious,” Tyrell says. “You never stop learning to hack, and you never know it all.” Tyrell says professionals in this field need either passion or discipline to keep up with it. He also advises prospective ethical hackers to earn professional certifications. “It’s a prerequisite to get through most HR systems as a pentester.”
Want to become an ethical hacker?
If getting paid to hack into things sounds like a dream come true, you might be the perfect candidate for a career as an ethical hacker. Because of the rising need, many universities now have degrees dedicated specifically to cyber security.
Take a look at what this type of program offers with our article “Is a Cyber Security Degree Worth It? Analyzing the Facts.”
1Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, [career information accessed November 2021] www.bls.gov/ooh/. Information represents national, averaged data for the occupations listed and includes workers at all levels of education and experience. This data does not represent starting salaries. Employment conditions in your area may vary.
LinkedIn is a registered trademark of LinkedIn, Inc.