Can You Make A Living Out Of Ethical Hacking?

ethical hacking intro   Can You Make A Living Out Of Ethical Hacking?Being labeled a “hacker” usually comes with plenty of negative connotations. If you call yourself a hacker, people will often perceive you as someone who causes mischief just for giggles. But as I described in this article explaining the difference between good and bad hackers, there are also ethical hackers that end up doing similar tasks for good and not evil. But while ethical hackers exist, is it possible to make a living with ethical hacking?

I explored the different steps to getting into an ethical hacking career — preparation, experience, and jobs. It turns out that it’s quite possible, but it’s difficult to get into and takes lots of preparation. However, if you stick to it and excel as an ethical hacker, you could create a very nice career path.

What’s an Ethical Hacker?

hackers good   Can You Make A Living Out Of Ethical Hacking?
A hacker is a person with computer and/or programming knowledge and skills who uses said assets to break into a computer system and exploit it. While the stereotypical criminal hackers break into computer systems to cause havoc, ethical hackers attempt to break into systems without causing too much damage, and then reporting to the owner on their findings. In other words, ethical hackers find holes that criminal hackers could exploit and lets the owner know about them so that they can fix them before any real damage by a criminal hacker is done. Ethical hacking is also known as penetration testing, intrusion testing and red teaming.

Becoming an ethical hacker isn’t an easy task to accomplish — it requires lots of knowledge, especially when it comes to computer system security, and lots of experience to have a shot at an ethical hacking job. In case I haven’t placed enough emphasis on it — experience is vital, even if you have a computer science degree, certificate, or whatever else you may have.

Educational Preparation

ethical hacking mit courseware   Can You Make A Living Out Of Ethical Hacking?
Before you even get to the experience part, however, it’s still a good idea to understand how computers work and communicate with each other. All of this can be accomplished with a computer science degree or other similar courses of learning — even taking a few courses via openly available “OpenCourseWare” from places like MIT are a great thing to do if you cannot afford taking actual college courses. A degree is preferable, but knowledge and the experience to back it up can be effective as well.

Getting Experience

ethical hacking freelance   Can You Make A Living Out Of Ethical Hacking?
Experience can be gained in two different ways — freelance jobs and good ol’ messin’ around. Using the Internet is crucial as it contains a wealth of free information to help you learn as you try out new things. There are also plenty of resources to look at, such as James’ tutorial on how to crack a WEP-protected wireless network, the BackTrack Linux distribution that specializes in penetration testing, and tools such as Firesheep or Droidsheep that filter through unprotected wireless traffic. These are just some very basic ways to get started with the whole concept of “hacking”, but there are far more advanced topics that you would need to learn in order to get a serious grasp of what it takes to be an effective ethical hacker.

Please remember that in all your adventures, you should stay within the law with your activities. This means that you should practice techniques on your own equipment, or ask permission from the owner before attempting anything. If you end up doing something that’s illegal, it can forever hurt your reputation in addition to the legal issues, fines, etc.

It’s also helpful to work your way through a number of different certifications, including the A+ certification, Network+ or CCNA, and Security+ or CISSP or TICSA. Corresponding jobs as you work your way up helps a lot too. Don’t expect to go from nothing straight to ethical hacking.

Getting The Job

So once you have a good educational background along with a few years of experience, you’re ready to strike it big as an ethical hacker. Freelance jobs aren’t just a good way to gain experience, but they can also give you a decent amount of revenue, which can increase as your reputation among freelance communities increases. The downside to freelance jobs is that you don’t have a stable position, so income is never as certain as one would like.

Once you’re ready to get away from freelance jobs, you can start applying to different tech companies for permanent positions. Remember that you don’t have to apply to the biggest tech companies — there are so many smaller ones that can pay you just as well. Alternatively, you can also set up a computer system security consultation service in order to be able to work for multiple companies at a time. This can be done in addition to a permanent position, or as a step between freelance work and a permanent job.

Certified Ethical Hacker

ethical hacking ceh   Can You Make A Living Out Of Ethical Hacking?
In order to legitimize yourself as a good at ethical hacking, you can become a Certified Ethical Hacker (CEH) by completing a vendor-neutral certification course. This gives you well-rounded expertise on security topics that you may or may not have covered while you were gaining experience on your own. However, in order to receive the certification, you should complete the course or have at least two years experience as endorsed by an employer. Receiving such a certification can give you bragging rights, as well as more leverage on scoring better jobs or pay raises.

Conclusion

So as you can see, it’s definitely possible to earn a living by ethical hacking. Although the process to getting to that point definitely isn’t easy (nor is for every computer guy), it could be well worth it if you’re good at it and enjoy doing it. Plus, you can tell others that you’re doing them a service by keeping them safe online.

Would a career in ethical hacking interest you? What other cool yet unusual computer jobs do you know about? Let us know in the comments!

Image Credits: catatronic, slworking2

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

9 Comments -

0 votes

Brandon Ragoo

The article was very helpful to me. I actually want to become an ethical hacker and I was wondering if I have the correct plan in order to become one. After reading this article I realized the plan I have is actually correct.

0 votes

Danny Stieben

Good to know! I wish you good luck!

0 votes

dragonmouth

Originally all hackers were ethical hackers. Only later did the concept become corrupted and the term co-opted to today’s meaning.

0 votes

dragonmouth

Bill Gates, Steve Wozniak, and most of those that today we consider pioneers of the PC were hackers.

0 votes

Jamie Merlau

I just finished taking my CEH this morning. While its a really good baseline, it is a bit simplistic in that you are answering questions on how, not actually doing. Applying for a job with this just on your resume would be akin to passing the A+ and applying with just that to a computer repair shop.

For people first starting out, I would recommend getting a job that is IT related, so that you can get more hands on with networks before you start trying to do vulnerability assessments. It would be quite embarrassing if you couldn’t understand why you were not seeing all the traffic on the switch when you forgot to mirror or set up a SPAN port.

Get familiar with code. You don’t need to be a software engineer, but you should be able to read a function in C++ and determine if a buffer overflow or SQL injection is possible. I highly recommend Code Academy:
http://www.codecademy.com/

Using Virtual Machines to replicate a network environment is also a cheaper way to practice. You can get Virtualbox for this:
https://www.virtualbox.org/

This is the one time I will use Windows without an active license(in a test environment). Also, Kali(the successor to Backtrack) is a fantastic place for an open-source pen testing suite; just keep in mind that it is made for users with knowledge of Linux.
http://www.kali.org/

SANS Institute can be a good source of information, as well as Help Net Security(I’ve been following this website for years):
https://www.net-security.org/
https://www.sans.org/

Vulnerability Scanners/IDS are tools to be used as well. You can get open source Tripwire for a Host IDS, Nessues for Vuln Scanning, and Snort for Network IDS, all for free. These are tools that I’ve seen mentioned in the wanted ads, so it is good to at least understand how they work.
http://sourceforge.net/projects/tripwire/
http://www.tenable.com/products/nessus/nessus-homefeed
http://www.snort.org/

You will never be able to be a master of everything, so try networking with people (via groups, school, or work) who have more knowledge in other areas. Personally, I’m more network oriented, so I go to friends of mine who are coders when I need more help.

As the others have said, the original definition of hacker has been perverted.

0 votes

dragonmouth

“For people first starting out, I would recommend getting a job that is IT related, so that you can get more hands on with networks”
You want to get “more hands on with networks” you should get a job in networking. Many, if not most, jobs in IT do not expose one to networking. If you want to be a car mechanic, you do not get a job as a sales clerk at an auto parts store.

0 votes

Jamie Merlau

Due to to ubiquitous nature of the Internet, I doubt you would run into an IT position where you are not having to at least deal with connectiviity with connections.

I’m not saying network engineer level; you’re just going to struggle if you don’t know the difference between a hub and switch or how to determine how a computer reaches. A quick look at the tech support postings for the Seattle area has positions that have requirements such as:

-Assist in the active monitoring and maintaining of the network, system security, virus protection, backups, and updates/patches.
-Maintain Internet and e-mail connectivity and router/firewall configuration.
-Provides technical support services to users of company’s personal computer and telecommunications systems.
-Acts under supervision as first line of support for employees seeking assistance with applications, network connectivity, computer hardware (desktops, laptops, and tablets), and peripherals.

I explicitly looked at openings that were titled as level 1 tech positions. The point I was trying to make is that it isn’t ideal to try to jump right into the security portion of the field without some hands on prior. Your analogy is a bit off, as I didn’t say to get a job in an IT company. A better analogy might be getting a job as an auto parts delivery perhaps?

0 votes

Danny Stieben

Thanks a bunch for all of these tips, Jamie!

0 votes

Zhong J

Meh, my interests in computers is to explore fundamentally different ways to configure my system and look at the options with all the preset tools available to me. One example would be the different Linux distributions, fascinating but at the same time require some pretense of knowledge. However, Linux is a great catalyst for learning how the system works as I’ll hang out in the system log to reveal any warnings or messages that indicate an error in its booting process.

Hackers are essential in computing due to its extensive uses of patching bugs and looking for exploits. Its roles is big in providing security; I can’t become one since it’s far too complex in mathematical context and intensity.