Being labeled a “hacker” usually comes with plenty of negative connotations. If you call yourself a hacker, people will often perceive you as someone who causes mischief just for giggles. But as I described in this article explaining the difference between good and bad hackers, there are also ethical hackers that end up doing similar tasks for good and not evil. But while ethical hackers exist, is it possible to make a living with ethical hacking?
I explored the different steps to getting into an ethical hacking career — preparation, experience, and jobs. It turns out that it’s quite possible, but it’s difficult to get into and takes lots of preparation. However, if you stick to it and excel as an ethical hacker, you could create a very nice career path.
What’s an Ethical Hacker?
A hacker is a person with computer and/or programming knowledge and skills who uses said assets to break into a computer system and exploit it. While the stereotypical criminal hackers break into computer systems to cause havoc, ethical hackers attempt to break into systems without causing too much damage, and then reporting to the owner on their findings. In other words, ethical hackers find holes that criminal hackers could exploit and lets the owner know about them so that they can fix them before any real damage by a criminal hacker is done. Ethical hacking is also known as penetration testing, intrusion testing and red teaming.
Becoming an ethical hacker isn’t an easy task to accomplish — it requires lots of knowledge, especially when it comes to computer system security, and lots of experience to have a shot at an ethical hacking job. In case I haven’t placed enough emphasis on it — experience is vital, even if you have a computer science degree, certificate, or whatever else you may have.
Before you even get to the experience part, however, it’s still a good idea to understand how computers work and communicate with each other. All of this can be accomplished with a computer science degree or other similar courses of learning — even taking a few courses via openly available “OpenCourseWare” from places like MIT are a great thing to do if you cannot afford taking actual college courses. A degree is preferable, but knowledge and the experience to back it up can be effective as well.
Experience can be gained in two different ways — freelance jobs and good ol’ messin’ around. Using the Internet is crucial as it contains a wealth of free information to help you learn as you try out new things. There are also plenty of resources to look at, such as James’ tutorial on how to crack a WEP-protected wireless network, the BackTrack Linux distribution that specializes in penetration testing, and tools such as Firesheep or Droidsheep that filter through unprotected wireless traffic. These are just some very basic ways to get started with the whole concept of “hacking”, but there are far more advanced topics that you would need to learn in order to get a serious grasp of what it takes to be an effective ethical hacker.
Please remember that in all your adventures, you should stay within the law with your activities. This means that you should practice techniques on your own equipment, or ask permission from the owner before attempting anything. If you end up doing something that’s illegal, it can forever hurt your reputation in addition to the legal issues, fines, etc.
It’s also helpful to work your way through a number of different certifications, including the A+ certification, Network+ or CCNA, and Security+ or CISSP or TICSA. Corresponding jobs as you work your way up helps a lot too. Don’t expect to go from nothing straight to ethical hacking.
Getting The Job
So once you have a good educational background along with a few years of experience, you’re ready to strike it big as an ethical hacker. Freelance jobs aren’t just a good way to gain experience, but they can also give you a decent amount of revenue, which can increase as your reputation among freelance communities increases. The downside to freelance jobs is that you don’t have a stable position, so income is never as certain as one would like.
Once you’re ready to get away from freelance jobs, you can start applying to different tech companies for permanent positions. Remember that you don’t have to apply to the biggest tech companies — there are so many smaller ones that can pay you just as well. Alternatively, you can also set up a computer system security consultation service in order to be able to work for multiple companies at a time. This can be done in addition to a permanent position, or as a step between freelance work and a permanent job.
Certified Ethical Hacker
In order to legitimize yourself as a good at ethical hacking, you can become a Certified Ethical Hacker (CEH) by completing a vendor-neutral certification course. This gives you well-rounded expertise on security topics that you may or may not have covered while you were gaining experience on your own. However, in order to receive the certification, you should complete the course or have at least two years experience as endorsed by an employer. Receiving such a certification can give you bragging rights, as well as more leverage on scoring better jobs or pay raises.
So as you can see, it’s definitely possible to earn a living by ethical hacking. Although the process to getting to that point definitely isn’t easy (nor is for every computer guy), it could be well worth it if you’re good at it and enjoy doing it. Plus, you can tell others that you’re doing them a service by keeping them safe online.
Would a career in ethical hacking interest you? What other cool yet unusual computer jobs do you know about? Let us know in the comments!