Ethical hackers are at the front lines of the battle against cybercriminals. Since new forms of malware, APTs and ransomware are emerging every day, it’s critical that ethical hackers stay well-informed of key technological changes. After all, that’s how we stay one step ahead of the bad guys!
Infosec had the chance to sit down with Keatron Evans, Infosec instructor and managing partner at KM Cyber Security, for a webinar all about what’s new in the world of ethical hacking. Let’s take a look at some of the trends and changes facing the ethical hacking field.
What’s new in ethical hacking?
Two technological trends are reshaping ethical hacking: web app security and cloud security. Organizations around the globe are eagerly adopting cloud services to save money and boost mobility, but that comes at the cost of new vulnerabilities. Evans explains: “The bad guys are using cloud services as an attack vehicle and that’s kind of scary because now they have unlimited resources that they’re able to utilize to do things that they weren’t able to necessarily do in the past.”
Looking into the future, Evans anticipates the importance of pentesting web applications and cloud systems will continue to be on the forefront of ethical hacking.
What does an ethical hacker actually do?
Ethical hackers are hackers who work for a good cause. That means they use many of the same tools and skills as hackers, but instead of stealing information or money, they help organizations improve their information security programs.
Evans broke down the ethical hacking process for us so we could get a glimpse into what it looks like day-to-day. First, ethical hackers need to assess what the customer needs. This usually comes in the form of a questionnaire where the customer establishes goals and outlines what they want to get out of the pentest. Next, Evans’ team has the client sign a written contract giving them permission to do the pentest. Having a signed contract is important because it’s what makes the hacking legal and keeps the team out of trouble.
Once the paperwork is squared away, the pentest can begin! Evans and his ethical hackers go after the organization’s resources and hunt for vulnerabilities. They use many of the same tools and techniques as black-hat hackers, because that’s exactly who they’re trying to simulate.
After the pentest is completed, Evans writes up a report detailing what he was able to exploit, how he got in and what he was able to do once he got in. Most important, Evans also offers suggestions on how organizations can shore up those vulnerabilities before they’re discovered by an actual hacker.
What skills do ethical hackers need?
Ethical hackers should be comfortable looking for vulnerabilities and exploiting them. Evans says that the basic pathways, processes and tools haven’t changed that much over the years — even when it comes to cloud technology.
If you’re new to the field or interesting in pursuing a role in ethical hacking, you should consider mastering the following skills:
- Social engineering
- Network traffic sniffing
- Session hijacking
- SQL injection
- Password guessing and cracking
How do you build a successful ethical hacking career?
Believe it or not, you can get into ethical hacking with little to no experience — as long as you have realistic expectations, says Evans. In other words, prepare yourself to start with an entry-level role and work your way up.
There are lots of ways you can start learning ethical hacking, but certifications are a great place to start. Not only will certifications help you build a strong knowledge base, but they also have the potential to lead to valuable networking opportunities.
If you’re brand-new to IT, start with foundational certs like CompTIA Security+ and Network+. Seasoned IT pros who are planning to transition into ethical hacking should consider mid-level credentials like Certified Ethical Hacker (CEH) and CompTIA Pentest+.
When it comes to training, Evan places a high-value on the hands-on stuff. While watching an expert do something can be informative, it’s not as helpful as actually getting your hands dirty and doing it yourself. Lab-focused cybersecurity trainings will help you get the most out of the experience.
Evans also shares this nugget of wisdom: pace yourself. In the rush to advance your career, you might feel the urge to master as many skills as you can in as little time as possible. However, Evans explains that you’ll struggle in your job if you haven’t fully mastered each skill. Instead, he recommends taking your time and not to “move from step one to step two until you’ve truly mastered step one.”
Conclusion: Keep up with what’s new in ethical hacking
Cybercriminals are always on the prowl for vulnerabilities to exploit. Ethical hackers need to stay one step ahead of their adversaries to discover those vulnerabilities and advise organizations on how they can patch them up before they’re exploited.
Click here to see this webinar with Keatron and Camille.
The best way to keep your ethical hacking skills sharp is by keeping up with what’s new in ethical hacking. Certifications, hands-on labs and bootcamps are a great way to keep up with ethical hacking and stay one step ahead of the bad guys!
- Study: Hackers Attack Every 39 Seconds, University of Maryland
- What’s new in Ethical Hacking: Latest careers, skills and certifications, Infosec (YouTube)