An ethical hacker (also known as a white hat hacker) is a security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems—just like a malicious hacker (or a black hat hacker). In fact, they both use the same skills. However, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before an illegal hacker can access a system.
An ethical hacker should have a bachelor’s degree in information technology or an advanced diploma in network security. He/she needs extensive experience in the area of network security and a working knowledge of various operating systems. Areas of expertise include a sound working knowledge of Microsoft and Linux servers, Cisco network switches, virtualization, Citrix and Microsoft Exchange. A working knowledge of the latest penetration software is essential.
Other degree options, as listed in job postings, are a bachelor’s degree in Electrical Engineering, Computer Engineering, or Computer Science. Whichever degree you choose, make sure you study programming. The subject is essential for hacking because a hacker breaks a protocol or an application security using a programming language. The ethical hacker must know several programming languages.
Ten Influential White Hat Hackers
White hat hackers are the “good guys” of the hacking world. They exploit systems to make them better and keep black hat hackers out. Below are some of the most influential white hat hackers.
Tim Berners-Lee One of the most famous names in computer science, Berners-Lee is the founder of the World Wide Web. Today he serves as the director of the World Wide Web Consortium (W3C), which oversees the development of the web.
Greg HoglundComputer forensics expert Hoglund is best known for his work and research contributions in malware detection, rootkits and online game hacking. In the past, he worked for the U.S. government and the intelligence community.
Richard M. StallmanFounder of the GNU project, a free software project that promotes freedom with regard to the use of computers, Stallman is a prime example of a “good guy” hacker. Stallman founded the free software movement in the mid-1980s, with the idea that computers are meant to support cooperation, not hinder it.
Jeff MossEthical hacker Jeff Moss served on the U.S. Homeland Security Advisory Council during the Barack Obama administration and co-chaired the council’s Task Force on CyberSkills. He also founded hacker conferences Black Hat and DEFCON, and is a commissioner at the Global Commission on the Stability of Cyberspace.
Charlie MillerMiller, who’s largely famous for finding Apple vulnerabilities and winning the well-known Pwn2Own computer hacking contest in 2008, has also worked as an ethical hacker for the National Security Agency.
Linus Torvalds Software engineer Torvalds created and developed the Linux kernel, which is the kernel which eventually became the core of the Linux family of operating systems.
Kevin MitnickOnce one of the most notorious black hat hackers around, Mitnick became a white hat hacker after a highly publicized FBI pursuit landed him in jail for computer hacking and wire fraud. Today, he runs Mitnick Security Consulting, which performs security and penetration testing for companies.
Tsutomu ShimomuraWhite hat hacker Shmomura is best known for assisting the FBI in taking down Mitnick after the black hat personally attacked Shimomura’s computers.
Marc MaiffretNow the chief technology officer at a leading security management company, Maiffret’s accolades include the invention of one of the first vulnerability management and web application products. He’s also credited with discovering some of the first major vulnerabilities in Microsoft software, including Code Red, the first Microsoft computer worm.
While the term “hacker” may not have the most positive connotation in today’s vocabulary, it actually encompasses a wide range of professionals with a number of motivations. To learn more about the different types of hackers — including how to become a white hat hacker — check out the full infographic below.
Sources:Malware Fox | Lifewire | Investopedia | MakeUseOf | Gizmodo | Business News Daily | SC Magazine | Payscale | PCMag | Pluralsight
What Is an Ethical Hacker?
Ethical hackers are responsible for examining internal servers and systems to discover any possible vulnerabilities to external cyber attacks. Common job functions include conducting “pentests” (purposeful penetration tests to discover security weaknesses in a system) by using software applications such as Metasploit and BackBox Linux.
According to Damon Petraglia, director of forensic and information security services at Chartstone Consulting, other ethical hacker responsibilities include:
- Providing recommendations on how to mitigate vulnerabilities;
- Working with developers to advise on security needs and requirements;
- Updating security policies and procedures; and,
- Providing training as part of a company’s security awareness and training program.
What Are the Job Requirements?
A typical entry-level ethical hacker job posting reveals that a bachelor’s degree in computer science or a related work field is a must. Beyond that, security certifications can be extremely beneficial in proving you have the requisite knowledge for the job. One survey found that 81 percent of security professionals believe getting certified was a key factor in the decision to hire them.
While many IT security certifications exist, the three main ones for ethical hackers are:
- Certified Ethical Hacker (CEH)
- GIAC (Global Information Assurance Certification) Penetration Tester (GPEN)
- Offensive Security Certified Professional (OSCP)
CEH: The Most Basic and Widely Recognized Certification
If you’re looking to get started as an ethical hacker, the CEH certification, the broadest of the three, may be right for you. Offered by the EC-Council, the CEH certification is designed to give IT security professionals a baseline knowledge of security threats, risks and countermeasures through lectures and hands-on labs.
According to Paul Coggin, a certified EC-Council instructor, it’s recommended that students who enroll in the course have a background in “Windows and Linux systems administration skills, and are familiar with TCP/IP [the core Internet protocol] and virtualization [creating a virtual version of a hardware or software platform].”
If you plan on skipping the classes and taking the exam without training, you’ll need to submit proof that you have at least two years of experience in IT security.
A big benefit with the CEH certification is flexibility: there are options for self-study, video lectures you can watch at your own pace and instructor-led lessons you can take online. The EC-Council even provides the option of bringing training to your business or organization. Upgrades for physical courseware, additional practice exams and tablet usage are also available.
Instructor-led lessons take place from 9 a.m. to 5 p.m. over the course of five days, and students can access online labs for up to six months. The latest version of the test consists of 125 multiple-choice questions. Students have four hours to complete the exam and must receive a score of at least 70 percent to receive the certification.
The cost of the CEH depends on the level of instruction needed: it ranges from $825 for the basic self-study coursework all the way up to $2,895 for instructor-led courses, online lab access, a test voucher and a test prep program. If you don’t buy the voucher, the test itself costs $500, and all students must pay a $100 application fee.
What You’ll LearnThe CEH certification provides the most general knowledge of the three highlighted here. “It’s not focused on a specific software product, technology or skill domain,” Coggin explains. “It provides a broad survey of various domains in computer security.”
To this end, the course covers everything from how to scan networks and identify basic viruses to hijacking web servers and penetration testing.
According to James Conrad, a 20-year IT security professional who teaches a video series for CBT Nuggets on the CEH certification, students will also learn how to “crack passwords, use steganography [hiding information to get it through security measures], create remote access trojans, perform denial of service (DoS) attacks and hack wireless networks, among many other skills.”
Another big focus of the course is understanding social engineering, or the process of manipulating individuals to gain personal information or infiltrate computer systems. In today’s world, where social media has led to growing interactions between humans and technology, Conrad says social engineering is a vital skill to learn in order to stay ahead of potential threats.
According to Brian Brock, chief information officer at Nivsys who became CEH certified last year, the course also includes a heavy focus on the RAPID7 suite of tools (one of which is the aforementioned Metasploit), which enable ethical hackers to complete comprehensive pentests, from initial scanning to final analysis and planning.
The BenefitsThe greatest value the CEH certification holds is being able to put it on your resume. When it comes to getting a job as an ethical hacker, “CEH is the original standard,” says Albert Whale, president and chief security officer at IT Security, Inc. Petraglia agrees, and says it’s “probably the best recognized” of the three certifications.
According to PayScale, median pay for CEH-certified professionals is as follows:
However, as some bloggers have noted, the certification has its caveats. The course is heavy on text and video instruction, without a lot of hands-on practice. Another complaint is that material is outdated and too simple to be useful for day-to-day use.
“The certification is great to have, and it looks amazing on a resume,” says Christian Crank, a security researcher at TrainACE who took the course five months ago. “But the book that’s used is poorly assembled: it’s essentially a collection of PowerPoint slides and doesn’t elaborate on what needs to be taught.”
Homer Minnick, director of the Cybersecurity Academy at UMBC Training Centers agrees, saying that most CEH courses “don’t provide an adequate amount of hands-on application.”
Summary: If you’re looking to break into the field of ethical hacking, the CEH certification offers a great opportunity to get ahead of other applicants, but don’t expect to learn everything you need to know from the course materials alone.
OSCP: The Lesser-Known, More Technical Certification
Claiming to be the world’s first completely hands-on offensive information security certification, the OSCP certification is not for those looking for a classroom setting. According to Offensive Security, which administers the certification, the goal of the OSCP is “for students to prove they have a clear, practical understanding of the penetration testing process and lifecycle.”
Before you become OSCP-certified, you must complete the Penetration Testing with Kali Linux (PWK) course, which is based around the Kali Linux Distribution, an open source project maintained by Offensive Security. According to the course website, “a solid understanding of TCP/IP, networking and reasonable Linux skills are required.”
You’ll most likely be taking this course online, as live training is only available in Las Vegas. The price you pay depends on how long you want access to the online labs: it ranges from $800 for 30 days up to $1150 for 90 days. This price includes online video lessons, access to the labs and the certification test. You can also purchase additional lab access time if you need it.
An important thing to note is that the OSCP certification bucks the trend of a normal multiple-choice test. Instead, you’re given a virtual network with varying configurations and are tasked with researching the network and identifying vulnerabilities and hacking in order to gain administrative access. You must also detail your findings in a comprehensive penetration test report, just like you would do while on the job.
You’re given 24 hours to do the test, and your report is reviewed by a certification committee to determine whether or not you’ve passed.
What You’ll LearnIn addition to learning about pentesting tools and techniques, the OSCP also emphasizes efficiency and taking a creative approach to solving problems.
“Most importantly, you learn methodologies and how to think laterally,” says Ken Westin, security analyst at Tripwire, who became OSCP-certified last year.
“It’s one thing to successfully exploit a vulnerability, but then you learn how to escalate privileges [exploit bugs to gain unauthorized access] and use that as a stepping stone to the next objective. You learn how to automate a great deal of tasks, sift through large amounts of data and identify targets using scripts you write yourself.”
The BenefitsBe forewarned: the OSCP isn’t for the faint of heart. The hands-on approach takes a lot of time and trial and error—but this can extremely beneficial in the long run.
“I think the best part of the course is that it’s completely hands-on,” Westin says. “Offensive security needs to be learned in an actual, legal environment, where you’re hands-on with the tools in real scenarios.”
However, not having a live instructor to ask questions can be frustrating. “It would have been nice to have an instructor assist in the labs to help save me some time,” Westin says.
The certification also isn’t as well-known as the CEH Certification, so don’t expect an initial boost over other applicants in the field. “I see a benefit from the education I received, but not necessarily from the certification itself, as most people don’t know what it is,” Westin says.
According to PayScale, median pay for professionals with OSCP Certification is as follows:
The hands-on modules and training coupled with the OSCP’s unique simulation exam provides real world experience that other certifications may lack.
“To get a concealed carry permit, you don’t need to prove you know how to use a gun,” Westin says. “You just pay your fee, get fingerprinted and some learn some basic safety principles. But hands-on certifications like the OSCP are more involved, where you need to not only know how the gun works, you also need to be able to put it together, pass accuracy tests and demonstrate your ability to use it in real life scenarios.”
Summary: While it won’t get as much name recognition, the hands-on skills the OSCP certification teaches are invaluable to an ethical hacker position. Be prepared for challenging coursework you may not receive much assistance with.
Which Certification Should I Get?
|Cost||$1500 – 2695||$5,910||$800 – 1150|
|Time (on-site)||5 days||6 days||Optional 30, 60, and 90 days based on price|
|How to take it||On-site, self-study, online video lessons, online instructed lessons||On-site, online video lessons, online instructed lessons||On-site, online video lessons|
|Software taught||RAPID7||Metasploit, free open-source tools||Kali Linux Distribution|
|Pros||Flexible course options, widely recognized||Teaches soft skills, excellent instructors||Low cost, hands-on exercises and exam|
|Cons||Outdated information, lack of hands-on exercises||High cost, shorter access to materials||Lack of live instruction, not as recognized|
At the end of the day, these certifications are merely a supplement to real-world experience—not an alternative. Even then, having a wealth of security knowledge and a passion for the industry can only get you so far.
“Inside an enterprise, it’s not all about breaking systems and applications,” explains Adam Ely, former COO and co-founder of Bluebox Security (acquired by Lookout in 2016) and former CISO at Salesforce.com. “It’s also about thinking how to best protect the company and customers when a problem is found, and thinking about how to do it with real world constraints.”
“I look for someone who looks at hacking from a human perspective,” Petraglia adds. “Many times, social engineering is combined with technical hacking activities to execute an attack. It’s important that the ethical hacker understands the complex interrelations between humans, machines, threats and vulnerabilities.”
“Felt Hat” by Ealdgyth used under CC 3.0 cropped/resized.