Career Guide


A Helpful Guide to Ethical Hacking with Flatiron School

By Liz Eggleston
Last Updated June 14, 2021

The demand for cybersecurity professionals is on the rise in 2021, and that includes a need for Ethical Hackers – a role that may sound like an oxymoron but is actually crucial to the security of any business that uses computers or the Internet. But what exactly does an Ethical Hacker, also known as a Penetration Tester, do on the job? Flatiron School Cybersecurity Instructor, Jessica Meyers, explains the ins and outs of Ethical Hacking, the salaries and job titles you can expect in this career, and the tools you’ll learn in order to break in. Find out if Ethical Hacking is the right career path for you!

Infographic ethical hacking career

Meet the Expert: Jessica Meyers

  • Jessica has a rich background in cybersecurity. She started working in tech support during college, where she earned a Bachelor's in Business and a minor in Management Information Systems. She served as a full-time tech support for the school's Computer and Information Science department, and then obtained a position as a Network Engineer after graduation.
  • In 2004, Jessica joined the military as a Commander-appointed Cybersecurity journeyman, championing procedures for the Wing Information Assurance Office. This kickstarted her passion for security regulations and the GRC elements of cybersecurity. (SOX, HIPAA, SOC II, PCI-DSS, etc.) 
  • As a cybersecurity evangelist, Jessica gravitated towards Flatiron School after developing, implementing and executing successful security awareness programs in previous roles.
  • Jessica has many industry certifications, including Certified Information Systems Security Professional (CISSP) from ISC2,Certified Cyber Security Architect (CCSA) from ecFirst, Certified HIPAA Privacy and Security Expert (CHPSE) from Supremus, and Certified Epic Security Coordinator from Epic. She continues to look for relevant certifications to stay on top of the rapidly changing security field.  

What is Ethical Hacking?

Malicious hackers pose a problem for virtually any business, regardless of size – from small local businesses to large multinational corporations. It’s generally not a question of if you’ll be hacked, but when. To mitigate these risks and increase security controls, ethical hackers use a variety of methods and tools to locate where the company is vulnerable and implement a remediation plan before a malicious hacker can gain access.

The Demand for Ethical Hacking

Having a digital presence is essential to the success of modern businesses, which use technology to take online payments, interact with customers, and advertise their products. Unfortunately, that rise in digital data collection means an increase in people who want access to that information for their own gain.

Certified ethical hackers, also called penetration testers or pen testers, are cybersecurity experts who are employed to verify and improve the security of a company’s computer system. Their job is to conduct authorized simulated cyberattacks - known as penetration tests - on a company's systems to identify weaknesses that could potentially be exploited by bad actors.

The “Ethics” in Ethical Hacking

It might seem counterproductive to have an outsider poke at your company’s weak spots. Allowing someone access to your vulnerabilities takes a lot of trust, which is why Ethical Hackers must follow strict guidelines when performing their services.

Some contracts will limit a test to certain actions, like information gathering. Others will ask an Ethical Hacker to go in blind to identify the best way to break a system’s defenses. While the scope of penetration tests can vary, the goal of Ethical Hacking is always to improve the security of a company's computer system. 

A Major Threat to Cybersecurity: Social Engineering

One of the most common methods of cyberattack is social engineering, which manipulates human behavior to gain access to systems or data. For example, a common tactic is to impersonate a service specialist (electrician, janitorial staff, repair service, etc) to trick an employee into sharing his or her password, access card, or other sensitive information. After getting inside a computer system or physical facility, a criminal has free rein to snoop for valuable data and steal company assets. Social engineering manipulation can happen in-person, by email, over the phone, or on social media — wherever humans are. 

Ethical hacking uses social engineering tactics in the same way. If you can point out someone's personal vulnerabilities, it can lead them to being more responsible with their own personal data and ultimately, their company's data, too.

There are many ways to protect your company against cyberattacks, but one basic tool is education. Humans are always going to be the weakest link in a company because it's easy to exploit an individual. If you recognize that vulnerability and proactively teach your employees how to recognize threats, you've just reduced your company's risk. Businesses need multiple layers of cybersecurity protection, but your first line of defense should be ongoing security awareness training. Companies need to take multiple steps to protect their systems, but the first line of defense is an educated user base.

The Ethical Hacker Toolbox

Do you need to be able to code to be an Ethical Hacker?

It’s very helpful to understand scripting languages as an Ethical Hacker. It’s one of the key elements in several pen testing tools and programs. Flatiron School’s cybersecurity courses teach Python, a common Ethical Hacker language.

Which tools do Ethical Hackers use?

Ethical hacking or penetration testing has undergone a radical change with the arrival of automation. Hacking tools are computer programs or scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. Currently, several tools that can expedite the testing process are in development, while others are already available for download. Some of them are open source, while others are available for purchase.

We teach many open source tools at Flatiron School, enabling our students to gain in-demand skills without raising tuition. Below are some of the tools for Ethical Hacking or Pen Testing, including open source solutions.  

  • Jack the Ripper – A password cracker for checking the strength of passwords and determining the time it takes to crack them.
  • Metasploit – An all-in-one tool that can be used to complete penetration tests.
  • NMap – A network mapper used to manage and audit network security systems.
  • Wireshark – An open-source tool used to analyze network traffic in real-time.
  • Ironwasp – A GUI-based, open-source vulnerability assessment program.
  • SQL map – Tests SQL injections against remote hosts.
  • AirCrack-ng – A WiFi security tool used to perform penetration tests on wireless networks.
  • Reever – Another version of AirCrack-ng

4 Ethical Hacking Certifications

  • EC-Council Certified Ethical Hacker
  • IACRB Certified Penetration Tester
  • IACRB Certified Red Team Operations Professional
  • CompTIA Pen Test+

What is the Career Path Like for Ethical Hackers?

It’s important to note that any cybersecurity position will involve ethical hacking to some degree. 

Pro Tip: “Ethical Hacker” isn’t generally listed as a job title. You’re more likely to see it in the job description. 

As an ethical hacker, you’ll generally work in one of these roles:

  1. As an Ethical Hacker on an in-house team
  2. As an Ethical Hacker for a third-party auditing company. While some companies might have in-house teams to test their defenses, ethical hacking is often done as a service by third-party auditors. Some businesses are so large and integral to society that internal audits are validated with external audits because of the need for accountability and transparency or required by applicable regulations. This is where third-party contractors come in.
  3. As a Cybersecurity Engineer or Cybersecurity Analyst, you may specialize in ethical hacking, even if your job title isn’t officially “Ethical Hacker.” Some companies offer a job share position where you spend a quarter of your time performing ethical hacking services, and the rest of your time is spent remediating any weaknesses you might have found.
  4. Pen Tester. Pen testing is a valuable service that can help businesses improve their defenses against hostile actors. Most Pen Testers are experienced professionals, but an entry-level Pen Tester will probably be performing vulnerability scans and handing off reports to superiors.

Ethical Hacking Salaries

Entry-level jobs start at around an estimated $50,000 per year. If you’re interested in becoming a Pen Tester, your best bet is to start as an analyst. You’ll start at Analyst I and gain experience before moving to Analyst II. Once you’re experienced enough to become a Sr. Analyst, you can become a Pen Tester at the consultant level. Pen Testers at this level earn around an estimated $100,000 per year.

Types of Companies/Industries That Rely on Ethical Hackers

Ethical hacking is a broad field and all cybersecurity professionals will conduct ethical hacking to some degree. External probes from a trusted source are necessary to essential businesses and large corporations that rely on public trust. 

One industry that relies on public trust is finance. The Sarbanes-Oxley Act of 2002 (aka the SOX Act) requires compliance to identified standards and ensures shareholders are given accurate information about the companies they invest in. All publicly traded companies are required to follow these standards and are audited on a regular basis. 

The Flatiron School Cybersecurity Curriculum

Both cybersecurity analysts and engineers are taught all of the tools to become a well-rounded security professional. 

At Flatiron School, aspiring cybersecurity professionals are taught the skills they need to launch careers as analysts in as little as 12 weeks and engineers in as little as 15 weeks. Our proven curriculum has been developed by industry experts at SecureSet Academy, our sister school, in collaboration with top cybersecurity employers. 

The Flatiron School approach to cybersecurity education is substantially more hands-on than traditional higher education, and substantially more robust than typical certification training courses. Depending on which course you choose, you will complete eight or nine foundational courses in subjects like network and system security, threat intelligence, hunt skills, cryptography, and governance, risk and compliance.

About 50% of your time will be spent in our proprietary Cyber Range lab environment, a sandbox where students can safely explore, track, gather, break and build things. This balance of theory and practical skills will allow you to start your cyber career in months instead of years, and will prepare you to hit the ground running your first day on the job.

We also recently launched Intro to Cybersecurity lessons in phishing, cryptography, IoT security and virtualization technology so anyone can learn the fundamentals for free. These lessons are a great way to explore cybersecurity and determine if it’s the right career path for you.

How does the Flatiron School cybersecurity curriculum change as the field evolves?

At Flatiron School, we're committed to delivering a curriculum that aligns with today's workforce. We meet regularly with industry partners on our Curriculum Advisory Board and map what we teach to the skills employers are hiring for right now. This 'backwards design' process ensures our curriculum remains relevant as the cybersecurity industry continues to evolve.

A recent example of this: Flatiron School is consistently developing new sections that address the advances and implementation of cloud services to ensure our students graduate with the most up-to-date skillsets.

Jessica’s Favorite Resources for Ethical Hacking

  1. Periodicals and blogs like Blackhat, The Hacker News, and Kiploit are great. HackerOne is a bug bounty organization that loves to write about ethical hacking as a topic. KnowB4 is a vital blog that covers topics like cybersecurity protocols and ethical hacking. 
  2. Conferences like the DefCon conference. It’s a great opportunity to network and talk to colleagues that may have similar goals to learn more about ethical hacking. It’s also a good place to safely talk about topics like the dark web and test out your hacking skills.
  3. One site I stay very active on is the US CERT site. They have an alert system for any cybersecurity incidents that are happening in the US. If you work with specific types of networking gear and there’s an exploit happening , US CERT tells you exactly what it is and how to remediate it. The recent Microsoft Exchange exploit was on US CERT long before the media announced it.

Find out more and read Flatiron School reviews on Course Report. This article was produced by the Course Report team in partnership with Flatiron School.

About The Author

Liz is the cofounder of Course Report, the most complete resource for students researching coding bootcamps. Her research has been cited in The New York Times, Wall Street Journal, TechCrunch, and more. She loves breakfast tacos and spending time getting to know bootcamp alumni and founders all over the world. Check out Liz & Course Report on Twitter, Quora, and YouTube!

Not sure what you're looking for?

We'll match you!

related posts


Alumni Spotlight


From Tech Support to Software Engineer

How Amber pivoted to Software Engineering after TrueCoders

Guide


Web Designer vs Web Developer

Find out the key differences between web design and web development!

Curriculum Spotlight


Live Online vs Online Flex at Metis

Go inside the new online part-time and full-time data science bootcamps at Metis!