When you think of hackers, you probably think of “bad guys” breaking into your network to steal valuable company secrets. But, the truth is that there is a divide in the hacker community. While there are certainly malicious hackers out there, many hackers these days are conscientious people who value personal privacy and intellectual property.
These so-called “ethical hackers” often work for the government or private businesses to help find loopholes or vulnerabilities in security systems. If you’ve ever wanted to be a force for good, here’s your chance.
Generally, you must come to the table with IT experience – 2 years, minimum. If you come from a military background, all the better. Basic programming skills are obviously necessary, so start with your A+ certification and get into a tech support position.
This will get you comfortable working with customers, navigating a network, and providing solutions for everyday technical problems. If you can get work as a network administrator, this will also help. After you get some experience under your belt, you’ll want additional certifications, like Network + and CCNA.
If you can get work as a network engineer, this will teach you the ins and outs of a network. You will learn common failure points and weaknesses. Get your Security +, CISSP, or TICSA certification and work a security tech job for a while.
Once you’ve got several years of experience under your belt as an IT professional, network admin, and security professional, it’s time to get your CEH certification from a reputable company like Simplilearn. CEH certification stands for “certified ethical hacker” and is granted by the International Council of Electronic Commerce Consultants.
You will also want to pick up some programming courses as well, and learn C, LISP, Perl, and Java. It might also help to learn PHP, Ruby, and learn databases like SQL. Get familiar with Unix and Linux, since many servers are powered by this OS, especially government and corporate servers.
Exams for the CEH are usually administered by testing facilities like Prometric. Prometric charges a nominal fee for the proctoring and exam administration. Expect a criminal background check by your prospective employer and multiple security clearances. If you plan on working for the government, you will probably need Top Secret clearance, which usually means you cannot have had any criminal background.
You will be taking exam 312-50 or 312-50v7, which is the web-based version of the exam. Exams done in person are the EC0-350 exam code and may be taken at any Prometric testing facility (you must call in advance to schedule the exam).
Once you’ve got your certification, you may think you’re done, but you’re not. Not only do you need to find an employer, you need to work on your soft skills.
Hacking isn’t all about your technical abilities. You’re a hacker, after all. You need people skills, and sometimes even negotiation and manipulation skills. Your job is often oriented around breaking into either government or corporate networks.
To do this, you aren’t always going to rely on a technical approach. Some security systems can be defeated in a simplistic non-technical way. For example, if you can coax a password out of the front desk person, or steal a password that was carelessly written down and left on a desk in the office, this is a form of compromised security that needs to be exploited to show flaws and holes in the entire security system.
Not all threats come from cyberspace. You will also need to be able to persuade people to restart or shut down systems, disclose credentials or execute malicious files so that you can gain access to a network.
This is sometimes referred to as “social engineering,” and it’s one of the more fun aspects of the job. It’s one of the few times that you get to lie, steal, and cheat (on the books, of course) and get away with it, and still maintain ethical integrity and professionalism.
Of course, it’s a fine line you’ll be walking, so always stay legal. Never engage in any blackhat or illegal hacking – hacking which isn’t authorized by your employer. This is the quick path to unemployment, and jail time.
Since the security audit is happening with the full permission of the government or corporation, they expect you to use any means necessary to uncover any weaknesses. You may even be required to attend special classes to improve your “soft skills.”