How many times have you gone to see the latest Hollywood blockbuster and encountered this stereotype: a talented hacker who is recruited by the FBI or other good-guy governmental agencies in order to help take down the bad guys? All too often these tech wizards are depicted as somewhat anti-social, able to subsist on a diet of pizza, cheez doodles, and energy drinks. They operate out of a cluttered, messy, dimly lit space — a back room in the local fed building, a basement apartment, or the remodeled rec room of their parents’ house. With just a few taps on their keyboard, they are able to get around every cyber hurdle they encounter — to tamper with a security system, reroute subway cars or turn all the traffic lights green, call up obscure data, or exploit vulnerabilities that will save the day.
It makes for great entertainment, but do such characters actually exist?
In fact, there is an occupation that isn’t too different from this picture. They are called penetration testers, or ethical hackers. Let’s take a closer look!
Ethical Hacking: The Basics
In essence, ethical hacking is an authorized cyberattack on a computer system. It is performed for the purpose of evaluating that system’s security. The penetration tester is looking for vulnerable areas where unauthorized parties could gain access to the data or features of the system in order to exploit it. They also evaluate the system’s strengths in terms of security. Together, these elements can be analyzed to develop a full risk assessment that will give the business’s IT personnel and other interested parties a complete picture of how safe their system is.
Naturally, the hackers will also be asked to make suggestions as to how the weaknesses in the system could be mitigated. Because an ethical hacker is accustomed to thinking like their unethical counterparts, and because they have the same abilities, they are especially adept at uncovering places where the security is lacking.
How Do They Do Their Job?
Penetration testing professionals utilize a series of tools to perform their job. Some of these are pre-developed, while other, custom tools might be designed by the ethical hackers themselves for the task at hand. As they investigate a company’s cyber weaknesses, they will be obliged to document and record all of their findings. Usually, they will also be tasked with developing, or at least helping to develop, the solutions that will make the company’s system and assets safer and more secure.
Penetration testing should be performed on a regular basis, as well as after any kind of system alteration, rollout, or upgrade.
What Qualifications Are Required?
In the movies, it’s usually a reformed criminal who saves the day by using his or her powers for good. And it’s possible for someone who is self-taught to land a position as a penetration tester, but it’s more common for the position to be filled by an IT professional who has a degree in computer science and/or cybersecurity a who has been working in the industry for at least a few years. Unless you truly are a wunderkind, it’s not likely that you will be hired fresh out of college or without a college degree at all.
As for salaries, according to Payscale, an ethical hacker can expect to earn a median salary of about $80,000.
If you have always been fascinated by computers, coding, and security topics such as spear phishing, spam, malware, and cyberattacks, this might be an excellent career path for you to take. It might not end up being as glamorous as the movies sometimes make it seem, but you’ll definitely have job satisfaction as you help to protect millions of dollars’ worth of corporate assets.