Imagine a job where your singular focus is hacking into your employer's network.
Imagine getting paid handsomely to do it.
Now more than ever, governments, private companies, health care organizations, intelligence agencies and financial institutions are turning to ethical hackers to assess vulnerabilities in their IT infrastructure.
Often called "white hats" or "penetration testers," ethical hackers hack legally and for all the right reasons – to identify security loopholes in an organization's computer systems and networks before they are discovered and exploited by serious bad guys.
These non-malicious hackers, who typically have strong programming and networking skills, are well versed in:
- Conducting network reconnaissance
- Exploiting software, including web and mobile apps
- Hacking into wireless networks
- Launching Denial of Service (DoS) attacks
- Evading firewalls and intrusion detection systems
According to indeed.com, the average annual salary for a certified ethical hacker today is upward of $100,000, and demand is rising as the incidence of cybercrime continues to grow exponentially.
Hard skills required for ethical hackers
"Ethical hackers step into the shoes of the hacker," says Sreekanth Malladi, a professor of computer science at Saint Leo in the university's new master's cyber security degree program. "They find weaknesses that might be overlooked by someone looking from the perspective of a legitimate user."
So what does it take to be an ethical hacker?
First and foremost, an in-depth knowledge of computer networks, systems and software, Malladi says.
"You need to have an intricate knowledge of the systems you are trying to exploit," he explains. "You have to clearly understand the underlying details."
Malladi suggests a bachelor's or master's degree in computer science - or a related field, along with courses in network defense, ethical hacking and/or penetration testing. The courses may be part of a master's degree program, such as Saint Leo University's newly launched Master of Science in Cyber Security program, which will be offered online beginning Spring 2015.
In addition to academic coursework, experts recommend IT experience and certifications. The E-Council's Certified Ethical Hacker (CEH) certification is the most basic and widely recognized certification for white hat hackers.
Soft skills required for ethical hackers
Becoming a good ethical hacker isn't limited to what you know, however. Successful ethical hackers also share certain personality traits and characteristics. Here are just a few.
- They have good ethics. Ethical hackers often get access to confidential information. They must be completely trustworthy and never download or damage any sensitive data.
- They are patient and persistent. Breaking into a system doesn't just happen. It takes time and effort to successfully plan and carry out an attack. At times, they work through the night.
- They think like a hacker. Ethical hackers step into the mindset of the bad guys. They understand the techniques criminal hackers use to gain access to a network and can anticipate their moves.
- They think outside the box. Ethical hackers break into a system by thinking differently. They experiment tirelessly, discarding conventional wisdom to reach their end goal.
- They are detail oriented. Computer networks are complex. Ethical hackers look at every aspect of these vast landscapes to uncover vulnerabilities.
- They love a challenge. Ethical hackers love to take things apart; they love to challenge new technology.
- They never stop learning. Ethical hackers understand the digital arena is fast-moving and ever-changing. They are eager to learn about the latest tools and tactics used by cyber criminals.
"If you have the passion to break things but the morals to always be the good guy and protector, an enjoyable and rewarding career can be yours," Malladi says, "provided you equip yourself with a strong background in computers and the skills to exploit weaknesses."
Saint Leo's new master's program in cyber security is currently being offered on-ground at University Campus. It will be available totally online in March 2015.
National Cyber Security Awareness Month
This post is one in a series in recognition of the 2014 National Cyber Security Awareness Month. Since 2004, the Department of Homeland Defense and the National Cyber Security Alliance have designated October as National Cyber Security Awareness Month. For more information, visit StaySafeOnline.org.
Other posts you may be interested in reading:
Image Credit: Olivier Le Queinec on Shutterstock.com