Imagine a career where, in order to prevent a threat, you must think and behave like the bad guy. In cybersecurity, that is precisely what ethical hackers are hired to do. Your day-to-day might include looking for software vulnerabilities, researching the latest attack techniques, and using hacking tools and techniques to identify companies’ potential threats. An ethical hacker works to test the security of a networked information system; but instead of causing the system harm, they work to find a system’s weaknesses. As the world relies more and more on technology, the need for ethical hackers is increasing. It’s predicted there will be a shortage of two million cybersecurity professionals globally by 2019, meaning it’s a great time to get a cybersecurity degree and meet the demand.
What is Ethical Hacking?
An ethical hacker, commonly known as a “white hat,” is an expert in the field of information security who routinely tries to perform controlled exploitation of vulnerabilities in network services, computers systems or applications. This is done to circumvent any potential security breaches that a malicious hacker could possibly take advantage of. Since the world of information systems constantly evolves, an iterative and up-to-date knowledge base is a must.
“We find that the tools that cybersecurity professionals use are the exact same tools that hackers use,” explains Jose Sierra, associate director of Northeastern’s Master of Science in Cybersecurity program.
Ethical hackers leverage their skills and technical aptitude to test and infiltrate an organization’s IT security, similar to malicious hackers (also referred to as “black hats”). What sets them apart is that they use the vulnerabilities they find within an infrastructure to heighten the company’s information security posture, rather than using the information for nefarious purposes. Through testing and documentation, ethical hackers take their findings and create system changes to prevent future hacks.
Ethical Hackers are in High Demand
As a society, technology has shaped the way we go about our personal and professional lives. From communicating with loved ones via text to signing into your work computer, bits of data are exchanged every second of every day. With technology at the forefront, companies are at risk thanks to malicious hackers who could potentially cause harm to an organization’s reputation, financial welfare, and data security, with no sector immune. From airport display failures to healthcare data breaches, cyber crimes have cost industries hundreds of billions of dollars. The scary part? Those are just the cases that have been reported.
Fortunately, as industries increase investments in information security, educational programs are expanding to help train professionals to combat this crisis. In order to safeguard a system, one must think like the enemy, which is exactly what students in Northeastern’s Master of Science in Cybersecurity program are learning to do. Ethical hackers focus on the detailed components of network and software security that most companies aren’t even aware they should be checking.
“One of the best way to protect your systems is to try and hack into them,” explains Sierra. “Breaking the system is important in learning how to protect it, which is why we teach our students how black hats think.”
Keys for a Successful Career in Ethical Hacking
In cybersecurity, most skills necessary for a well-rounded career are hard skills— concrete ideas and concepts that are taught over time. In order to be a solid ethical hacker, however, soft skills and hard skills are both a major component to find success in the role. Professor Sierra suggests two fundamentals that make a skilled, ethical hacker:
Key #1—The Ability to Think Like a Hacker
One has to learn how to play the game in order to beat it. “Any student who is willing to learn how to protect information systems definitely has to take into account the hacker’s perspective,” shares Sierra.
In a good cybersecurity degree program, students learn how to think about cybersecurity from a vulnerability perspective. To fully appreciate the vulnerability of an information system, real-world application is key.
“In courses that we have, we approach the problem, showing how information systems can be hacked. The best way to show the importance of password security, for example, is to show students how easily we can crack them.”
Thinking like a hacker allows cybersecurity professionals to adopt a malicious hacker mindset, searching for various methods and tools to penetrate information security. This mindset, when applied, gives companies the ability to foresee and quash potential threats, minimizing the risk of future data breaches.
Key #2—Foundational Cybersecurity Knowledge
Thinking like a hacker will serve an information security professional well. Understanding the foundations of cybersecurity, including emerging tools, cybersecurity ethics, and cyber laws, is another essential component to a long and successful career. Someone in this role must be comfortable performing technical tests and assessments to stay ahead of current hacking strategies.
Most companies are not well-versed in the type of data they have, how it’s governed, or if it’s even secured. As an information security professional, it’s your job to fill in the blanks and assess the blind spots of your employer.
“Big organizations have a tremendous amount of systems, each of them running a very important number of services. It can be challenging for businesses to keep track of their potential security weaknesses, which is why hacking tools are often a good instrument to assess cyber risks,” explains Sierra.
Common Careers in Ethical Hacking and the Skills Needed to Apply
Considering the growing market demand, there is no better time like the present to jump into a career as an ethical hacker. As the rise in technology adoption in the corporate setting shows no signs of slowing down, a vast majority of employers are looking to bring ethical hackers on board to mitigate potential cyber risks or hacks from outside invaders. According to the IDC, there is a $101 billion hiring market for qualified cybersecurity professionals. This means that there are plenty of open opportunities available. Here’s a list of roles in ethical hacking, describing their daily roles and salaries.
Average U.S. salary: $81,735
The penetration tester deploys a wide range of tools to examine the company’s network. This helps them to see if and where any vulnerabilities exist. Once potential threats are identified, they then research possibilities in which malicious hackers can use the vulnerabilities to penetrate the information system. These tests are performed in a variety of private and public sectors, most notably in the healthcare and financial industries.
A penetration tester has to be well-versed in complex systems. Attention to detail and note taking are critical in this role as testers have to relay their findings and assessments to other members of their team.
Security Engineer (or Security Architect)
Average U.S. salary: $88,387
Security engineers are tasked with designing computing solutions that effectively increase the security of their company’s systems and projects. Creating new methods and solutions for existing production security issues and having an advanced understanding of intrusion detection and prevention protocols are vital for success in this career. The primary responsibility of security engineers is addressing technical problems related to applications and production equipment.
Security engineers or security architects are normally in charge of designing and deploying countermeasures that could prevent the vulnerabilities detected after penetration testing.
Being able to work independently and within a team-setting are important in this role. Possessing mathematical skills and documentation experience are also an integral part of the job. Several years of work experience in a similar position, industry security certifications, and a postgraduate degree in cybersecurity are helpful.
Information Security Manager
Average U.S. salary: $109,732
An information security manager creates strategies to increase network and internet security in regard to interrelated projects. For example, a company creating several web applications would run the same security protocol for each application. Managers lead a team of IT professionals to help maintain data flow within an organization without sacrificing top-tier terms of confidentiality and general security.
While a significant portion of the role is primarily technical, strong managerial skills are important as information security managers lead and develop their teams. Possessing strong verbal communication skills and leadership qualities are important in this position. A bachelor’s degree is the minimum qualification; however, employers look for postgraduate degrees and certifications to round out applicants.
Going Dark to Save the Cyber World
There’s a very fine line between ethical and malicious hackers. Both essentially are performing the same tasks, but the ethical hacker makes the conscious decision to use their cyber powers for good, while malicious hackers exploit vulnerable information for their own gain. Becoming an ethical hacker has become easier than ever, especially when students invest in pursuing a postgraduate degree to cement their foundation in cybersecurity.
“If you have that ability– the understanding of the foundations– and you are able to discover completely new ways to access and break into systems, that is probably the best skill you can have to become an ethical hacker,” says Sierra. By adding the knowledge you’ll gain in a cybersecurity master’s program to your bag of ethical hacker techniques, not only will you possess the fundamental understanding to protect and defend employers from malicious hacks, your future employers will be all the more confident in your abilities to safeguard their organization.