The demand for cybersecurity professionals is on the rise in 2021, and that includes a need for Ethical Hackers – a role that may sound like an oxymoron but is actually crucial to the security of any business that uses computers or the Internet. But what exactly does an Ethical Hacker, also known as a Penetration Tester, do on the job? Flatiron School Cybersecurity Instructor, Jessica Meyers, explains the ins and outs of Ethical Hacking, the salaries and job titles you can expect in this career, and the tools you’ll learn in order to break in. Find out if Ethical Hacking is the right career path for you!
Malicious hackers pose a problem for virtually any business, regardless of size – from small local businesses to large multinational corporations. It’s generally not a question of if you’ll be hacked, but when. To mitigate these risks and increase security controls, ethical hackers use a variety of methods and tools to locate where the company is vulnerable and implement a remediation plan before a malicious hacker can gain access.
Having a digital presence is essential to the success of modern businesses, which use technology to take online payments, interact with customers, and advertise their products. Unfortunately, that rise in digital data collection means an increase in people who want access to that information for their own gain.
Certified ethical hackers, also called penetration testers or pen testers, are cybersecurity experts who are employed to verify and improve the security of a company’s computer system. Their job is to conduct authorized simulated cyberattacks - known as penetration tests - on a company's systems to identify weaknesses that could potentially be exploited by bad actors.
It might seem counterproductive to have an outsider poke at your company’s weak spots. Allowing someone access to your vulnerabilities takes a lot of trust, which is why Ethical Hackers must follow strict guidelines when performing their services.
Some contracts will limit a test to certain actions, like information gathering. Others will ask an Ethical Hacker to go in blind to identify the best way to break a system’s defenses. While the scope of penetration tests can vary, the goal of Ethical Hacking is always to improve the security of a company's computer system.
One of the most common methods of cyberattack is social engineering, which manipulates human behavior to gain access to systems or data. For example, a common tactic is to impersonate a service specialist (electrician, janitorial staff, repair service, etc) to trick an employee into sharing his or her password, access card, or other sensitive information. After getting inside a computer system or physical facility, a criminal has free rein to snoop for valuable data and steal company assets. Social engineering manipulation can happen in-person, by email, over the phone, or on social media — wherever humans are.
Ethical hacking uses social engineering tactics in the same way. If you can point out someone's personal vulnerabilities, it can lead them to being more responsible with their own personal data and ultimately, their company's data, too.
There are many ways to protect your company against cyberattacks, but one basic tool is education. Humans are always going to be the weakest link in a company because it's easy to exploit an individual. If you recognize that vulnerability and proactively teach your employees how to recognize threats, you've just reduced your company's risk. Businesses need multiple layers of cybersecurity protection, but your first line of defense should be ongoing security awareness training. Companies need to take multiple steps to protect their systems, but the first line of defense is an educated user base.
Do you need to be able to code to be an Ethical Hacker?
Which tools do Ethical Hackers use?
Ethical hacking or penetration testing has undergone a radical change with the arrival of automation. Hacking tools are computer programs or scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. Currently, several tools that can expedite the testing process are in development, while others are already available for download. Some of them are open source, while others are available for purchase.
We teach many open source tools at Flatiron School, enabling our students to gain in-demand skills without raising tuition. Below are some of the tools for Ethical Hacking or Pen Testing, including open source solutions.
It’s important to note that any cybersecurity position will involve ethical hacking to some degree.
Pro Tip: “Ethical Hacker” isn’t generally listed as a job title. You’re more likely to see it in the job description.
As an ethical hacker, you’ll generally work in one of these roles:
Ethical Hacking Salaries
Entry-level jobs start at around an estimated $50,000 per year. If you’re interested in becoming a Pen Tester, your best bet is to start as an analyst. You’ll start at Analyst I and gain experience before moving to Analyst II. Once you’re experienced enough to become a Sr. Analyst, you can become a Pen Tester at the consultant level. Pen Testers at this level earn around an estimated $100,000 per year.
Types of Companies/Industries That Rely on Ethical Hackers
Ethical hacking is a broad field and all cybersecurity professionals will conduct ethical hacking to some degree. External probes from a trusted source are necessary to essential businesses and large corporations that rely on public trust.
One industry that relies on public trust is finance. The Sarbanes-Oxley Act of 2002 (aka the SOX Act) requires compliance to identified standards and ensures shareholders are given accurate information about the companies they invest in. All publicly traded companies are required to follow these standards and are audited on a regular basis.
Both cybersecurity analysts and engineers are taught all of the tools to become a well-rounded security professional.
At Flatiron School, aspiring cybersecurity professionals are taught the skills they need to launch careers as analysts in as little as 12 weeks and engineers in as little as 15 weeks. Our proven curriculum has been developed by industry experts at SecureSet Academy, our sister school, in collaboration with top cybersecurity employers.
The Flatiron School approach to cybersecurity education is substantially more hands-on than traditional higher education, and substantially more robust than typical certification training courses. Depending on which course you choose, you will complete eight or nine foundational courses in subjects like network and system security, threat intelligence, hunt skills, cryptography, and governance, risk and compliance.
About 50% of your time will be spent in our proprietary Cyber Range lab environment, a sandbox where students can safely explore, track, gather, break and build things. This balance of theory and practical skills will allow you to start your cyber career in months instead of years, and will prepare you to hit the ground running your first day on the job.
We also recently launched Intro to Cybersecurity lessons in phishing, cryptography, IoT security and virtualization technology so anyone can learn the fundamentals for free. These lessons are a great way to explore cybersecurity and determine if it’s the right career path for you.
How does the Flatiron School cybersecurity curriculum change as the field evolves?
At Flatiron School, we're committed to delivering a curriculum that aligns with today's workforce. We meet regularly with industry partners on our Curriculum Advisory Board and map what we teach to the skills employers are hiring for right now. This 'backwards design' process ensures our curriculum remains relevant as the cybersecurity industry continues to evolve.
A recent example of this: Flatiron School is consistently developing new sections that address the advances and implementation of cloud services to ensure our students graduate with the most up-to-date skillsets.
How this college professor made a career change into software engineering!
What you can expect in the Eleven Fifty Academy admissions process...
Plus how to ace the data science interview!