When you hear the term “hacker,” you might think about someone who likes a good puzzle and goes about trying to break into computer systems, learning how to sneak their way in and out to get the information they want or need. There are many people who are hackers, and they are paid by companies to determine exactly how a criminal might break into a business’ computer system, according to Ben Miller of Parameter Security. These are called “ethical hackers,” and they can determine exactly how a real criminal hacker might break into your business’ computer system. It is a growing field for those with an interest in computers, and while you do not necessarily need a degree or diploma, any sort of post-secondary education would definitely be an asset to the person looking to get into ethical hacking.
What is Ethical Hacking?
Computer Hope defines ethical hacking as hacking done by a company or individual to determine where potential security threats might be in a business’ computer network. The information that the ethical hacker discovers can then be used to address the perceived security threats and tighten up the computer network as required.
There are a few elements that need to be in place, however, before hacking is considered as “ethical”:
- You have to have expressed or written permission to probe the network and identify any security risks;
- You respect individual or company privacy;
- You close out any work that you were doing so as not to expose yourself to potential security risks; and
- You let the software developer or hardware manufacturer know of any security risks that you discover unless your company already knew about said risks.
If all of these elements are in place, then you are in good shape and can ethically hack a company’s network to determine security risks. If any of these elements are missing, you are simply a hacker and not an ethical one.
What is the Difference Between Ethical Hacking and Penetration Testing?
Penetration testing and ethical hacking are terms that are frequently used interchangeably, yet there are slight differences between the two. According to Tutorials Point, penetration testing is when a company is trying to discover exactly what the vulnerabilities, risks, and target environment are and to secure and take over the system. In other words, penetration testing looks at and targets an organization’s defense systems, and that comprises all of the computer infrastructure and systems.
Ethical hacking runs the gamut of all hacking techniques and all potential attacks that could occur on a computer system and its infrastructure. Unlike penetration testing, though, ethical hacking looks at how to safeguard the system for use in the future. Penetration testing merely looks to see how a system could be attacked.
Is Ethical Hacking a Good Career?
To be sure, to admit you hack for a living might get you some strange looks as people envision you engaging in exploits that you may not have honestly anticipated. You might be working your way through a school board’s database, trying to determine the exact security measures that need to be enacted in order to ensure optimal safety of the information in the database, or you might be trying to protect valuable information in a particular branch of the military. Generally speaking, hacking is viewed with a bit of a raised eyebrow; people are used to hacking being a part of the underbelly of certain societies rather than seeing it as a valid career choice.
However, it is a career like no other, but that means there is a lot of prep work before you can even consider having a career as an ethical hacker. You need a significant understanding of computer security, and while a certificate, diploma or degree in computer sciences wouldn’t hurt, it’s not always required. First and foremost, you need to have an understanding of how computers work and communicate with each other. Yes, the work looks glamorous on the big screen in flicks like Sneakers; what’s not shown there, however, is the sheer volume of both knowledge and experience you need before entering the career.
With that being said, and provided you gain the experience you need on your own equipment rather than trying to hack someone else’s organizational security, ethical hacking can be one of the most uniquely challenging career paths you might undertake. Freelancing, of course, is a good way to gain some experience once you’ve gotten a great deal of practice trying to hack your own equipment. The problem with freelancing is, as you might expect, it is not a stable position, so there are some occasions where it’s hard to afford your favorite brand of coffee from your favorite store. It is a great way to garner both experience and revenue, though, so if you’re trying to build your rep and resume by working through some freelancing jobs, that’s not a bad first place to start.
Once you’ve gotten that all-important experience, however, applying to tech companies to see if they are looking to hire ethical hackers is a great next step. Your inclination might very well be to apply to all the big firms, but you might be shooting yourself in the foot a bit, as smaller tech firms might have the pay scale you’ve been looking for. Keep your options open, and you might find that entering the field as an ethical hacker might actually be a great career choice.
Is Ethical Hacking an Oxymoron?
Strictly speaking, an oxymoron is when two apparently contradictory terms appear next to each other. However, when it comes to ethical hacking, nothing could be further from the truth. According to Cybrary, ethical or “white hat” hackers use the same sorts of techniques as those who hack for their own nefarious purposes, but with nobler goals.
Ethical hacking means that while you might be hacking into a business or organization’s computer systems and infrastructure, you are documenting evidence of these security issues rather than exploiting them for your own gain. Cybrary says that the field of ethical hacking is growing quickly, although it has been around since the 1970s at the very least; being able to hack websites and report to an organization what, exactly the issues might be as far as security goes would offer those looking for a career challenge they might be looking for.
However, it is important to recognize exactly what an ethical hacker does during their day to day responsibilities. According to Ben Miller, ethical hackers spend a lot of time just doing paperwork; it would seem that is the biggest commonality with ethical hacking and any other business – the paperwork that needs to happen in order to ensure that everything gets done when it should get done – to the extent that Miller himself has said that you spend a lot more time filling out paperwork than you might have otherwise expected.
Black Box Ethical Hacking
Essentially, a black box ethical hacker is someone who knows nothing about the organization that they are attacking. Attackers might use whatever means at their disposal to attack, rather than finessing any sort of particular attack. A black box ethical attack, therefore, is one in which there does not seem to be any particular focus on the attack, as the attacker does not know anything about the organization.
White Box Ethical Hacking
There are two considerations when it comes to white box ethical hacking: time and money. Going into this sort of situation, a white box ethical attack is one in which everything is known about the organization. It would effectively be a sort of attack that one might suspect of a learned insider or someone who knows everything about the computer systems to execute an effective hacking attack.
Upper management, Human Resources and Legal, and Technical Support Management are generally the teams that work closely with the hacking teams to facilitate the white box ethical hacking test.
Grey Box Ethical Hacking
A gray box ethical hacking test combines the best of both worlds: the white box attack and the black box attack. Essentially, something is known about the organization which is being attacked, but that might change from attack to attack. The drawback that the ethical hacker might experience is similar to the drawback they might experience using the white box attack. By being aware of the vulnerabilities, other vulnerabilities might be overlooked.
While some might look at an ethical hacker with a raised eyebrow, thanks in large part to the image hackers has gotten from film and television shows; ethical hacking is actually an ethically sound career which could prove quite beneficial to businesses and other organizations. Ethical hacking could potentially offer those computer students the challenges of hacking but with the benefits of working for a greater purpose – enhancing security. What could be better?