How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
If global headlines have you interested in ethical hacking, you’ve come to the right place.
Experts like Ning Wang, the CEO of Offensive Security, are calling on aspiring pros to help address cybercrime, improve practices and promote better habits overall.
But, having a background in security doesn’t mean you’re cut out for the job.
Learn how you can break into the industry and impress employers with advice from this week’s Cyber Work Podcast guest, Ning Wang.
Tips to secure a job in your desired specialty
How to find your ethical hacking specialty | Cyber Work Podcast
While there are many roles under the umbrella of ethical hacking (i.e., pentesting, red teaming, ethical hacking, etc.), the main goal is to determine what potential threats could compromise an organization. However, the exact tools and techniques depend on what you specialize in.
So, how do you know which route to go?
Wang, a former physicist and celebrated business leader, says to listen to your heart. “Figure out what your passion is,” she advises. “When you do things you’re passionate about, it doesn’t feel like a job.”
Taking courses, reading blogs and practicing on the job can help you determine what you want to do. Once you’ve narrowed your focus, Wang lays out three key steps to help you get a job offer.
1. Start somewhere
Landing your dream role right off the bat isn’t realistic, says Wang. No matter your level of foundational knowledge, some jobs require more hands-on experience than others. But don’t let that deter you.
Whether you’ve got a security background or come from a completely different field, Wang says anyone can succeed.
If you want to be a penetration tester, you might start as a system, network or security administrator. These roles offer you the opportunity to master systems, networking and security processes. That way, you’ll know exactly how things work when you get to pentesting.
For those new to cybersecurity, Wang encourages you to embrace the learning curve. “If you don’t know IT, learn the basic stuff,” she suggests. “Learn how coding works, how software development works, how to write code and how to write scripts. Learn what a network is. This basic stuff lays the foundation of the digital fabric in which we live and work.”
Regardless of your starting point, Wang reminds all cyber pros to be patient — and persistent. “Do any job and keep on learning. If penetration testing is what you want to do, you will get there in due time.”
2. Get involved in the community
While a resume highlights your professional skills, Wang says the best way to get noticed is by networking. “Either get involved to ask questions and learn from the other fellow ethical hackers on their journey or get involved as a way to share your learning.”
From writing blogs, presenting data, attending events, staying active and showing interest in relevant topics is how you get proactively recruited. After all, you never know who might be watching. “When you are involved in the community — you know what? A lot of the companies and a lot of the hiring managers are there, too,” says Wang. “They notice you.”
3. Study the methodology
Perseverance and personal investment show employers you’re dedicated, but to prove your technical prowess, you must be able to think like a hacker. “Don’t just study for the exam,” Wang says. “You will rob yourself of the opportunity to really learn something that will set you up for success. Study because you want to learn the mindset.”
The truth is that most professionals will have the same baseline, theoretical knowledge. What will really set you apart, Wang explains, is proving that you can go off-script and solve problems yourself.
By adopting an adversarial approach, you’ll be able to offer new solutions — and confidently answer any curveball questions. “When you learn for the right reasons, it will show through in the interview,” Wang says. “That’s how you get the job.”
The importance of adopting the right mindset
The try harder mindset for Offensive Security certification | Cyber Work Podcast
When you land your first role, you should be prepared to think outside the box. Like the medical field, ethical hacking requires an in-depth understanding of how and why things work. That’s why memorizing test questions won’t help you excel.
Instead, Wang challenges aspiring pros to harness a “try harder mindset,” the baseline philosophy behind the courses at Offensive Security.
Because the real world doesn’t come with an answer book, this method trains you to experiment with different techniques and try new approaches. The goal, Wang says, is to get you comfortable with problem-solving. “In the beginning, you may not know,” Wang explains. “Go in with a hypothesis. If you disprove your hypothesis, then come up with another one.”
As you work through new scenarios, you will run into roadblocks. However, these moments of uncertainty shouldn’t be viewed as a failure — they should be used to learn and grow. “You have to know not everything you do will deliver instant gratification,” Wang explains. “You have to be able to say, ‘OK, I tried that. It didn’t work. What did I learn? Let me step back and let me see what else I can try.’”
Instead of stalling at perceived dead ends, you should also practice giving yourself space. “When you get stuck, take a break. Move away from the screen,” Wang advises. “By doing that, things can come to your mind in a very organic way, giving you a really good hint, idea or direction you haven’t thought about.”
By training yourself that giving up is not an option, you’ll prove to employers (and yourself) that you can handle any challenge thrown your way.
Prove your proficiency with OSCP
Certifications won’t make up for lack of work experience, but they can help you prepare for on-the-job scenarios. After all, certs show that you’ve got an in-depth understanding of different attacks, practices and procedures. That’s why Wang encourages both attackers and defenders to become an Offensive Security Certified Professional (OSCP).
Created to help pentesters put theory into practice, this comprehensive course uses real-life exploits, systems and networks to help you learn the latest ethical hacking tools and techniques.
While the course load is rigorous, completing your OSCP shows employers two key things:
- You have the skillset to solve problems and successfully defend systems
- You have the persistence and determination to succeed in the role
To learn more about OSCP, listen to Becoming an ethical hacker with Offensive Security CEO Ning Wang, a Cyber Work Podcast.