Ethical hacking is becoming a growth industry. The information security sector is booming, expected to grow at 10.2 per cent annually through to 2023, according to a report (opens in new tab) from Markets and Markets. This has prompted a demand for white hat hackers and other security professionals.
A study by the Herjavec Group (opens in new tab) predicts that 3.5 million cybersecurity-related jobs will open up through to 2021. The high demand and growing cost of attacks have resulted in some impressive salaries. PayScale (opens in new tab) puts the average annual salary for a computer security specialist at around $72,000, while the Infosec Institute (opens in new tab) estimates somewhere around $71,331 for a certified ethical hacker.
IT security workers also seem resilient to economic downturn. If survey responses from (ISC)2 (opens in new tab) are any indication of the future, ethical hackers can be relatively confident that they will keep their jobs whenever the next recession hits. This means that learning more about ethical hacking rather than just focusing on other aspects of web design, such as building the best website layout (opens in new tab), could help you futureproof yourself.
Cybersecurity is essential for any business that stores data or operates in an online capacity, which means that many opportunities exist for ethical hackers. The obvious careers are those at internet giants such as Facebook, Google or Amazon. Banks and other companies in the financial sector also require high levels of security.
Many major companies have their own cybersecurity workforce but there are also infosec specialists like Cisco and FireEye, as well as roles in the military. Information security professionals can find jobs in a wide range of industries and in just about any major city in the world.
But a career as an ethical hacker isn't only about the financial benefits. As our society has moved online and with the success of shows like Mr Robot, the image of the hacker has crept out of the dimly lit basement and become a respected and intriguing figure.
With all of these advantages in mind, working as an ethical hacker can be a pretty sweet deal. But what's the best way to become one?
What types of ethical hacking are there?
Ethical hacking is a broad field made up of numerous subdisciplines. Each of these have their own skill sets and requirements. Some of the major types include:
- Penetration testing – This involves being granted permission by an organisation to hack into their systems in an attempt to find security holes.
- Digital forensics – The digital branch of forensic science can include things like intrusion investigation and assisting law enforcement.
- Social engineering – A significant part of breaching systems is all about tricking people instead of getting past technology. This particular field of expertise is known as social engineering.
- Vulnerability research – This job involves finding the latest vulnerabilities and threats, as well as coming up with ways to effectively manage them.
Join us at Generate CSS our CSS-focused conference for web designers and developers. Find out more at www.generateconf.com (opens in new tab) . Use special offer code WEBDESIGNER2 for a 10% discount on tickets!
What skills do you need for ethical hacking?
This really depends on the answer to the last question. If you want to be a penetration tester, then you will need to be an expert in at least one programming language but the more the better. You will need to understand how systems interrelate, key networking principles and design, the security models of Unix and Windows, as well as a host of other knowledge.
If you would prefer to stick with social engineering, you could get by with charisma and a smile. Despite this, it's still an idea to have at least a decent technical background, especially if you want to be able to understand colleagues and progress further in the field.
The particular skills needed for your career depend on where you see yourself heading. Some people will have a solid plan and stick to it, while others may choose to go with the flow, look for opportunities in their surroundings and pick up whatever skills they can. This approach can lead them to areas of ethical hacking that they never would have thought of.
Do you need a degree for ethical hacking?
A degree can be a good way to enter the industry but it's not strictly necessary. Of course, this comes back to what kind of ethical hacking role you want.
Some governments can be more strict about degree requirements, as can some companies. But many well-regarded businesses in the industry don't put as much emphasis on degrees – they care more about a person's skill set and their attitude. In the eyes of many employers, someone who is excellent at their job is miles above a mediocre candidate with a piece of paper.
Saying that, degrees can be beneficial for career advancement and moving into managerial roles. Prospective ethical hackers have several paths to choose from. They can get a general computer science or computer engineering degree, then perhaps join the workforce for a few years. After a while, they may choose to get a master's degree in cybersecurity, ideally with their company paying for their studies.
Alternatively, some may want to get into cybersecurity right out of the gate. There are a lot of great cybersecurity programmes throughout the world and the best one for you will depend on your location and career goals.
If you do opt for university, don't get complacent with your degree. If you want to excel in the field, combine it with personal study, such as learning new programming languages, keeping up with industry news and even browsing hacker forums. Keeping up to date is important for handling the latest threats and technological changes.
Is ethical hacking certification available?
Thankfully, many of the necessary skills can be found in other ways and as long as you have them, you should still be able to find a job.
In the most unstructured sense, you can learn a lot of what you need from forums and watching YouTube videos. Although this isn't the fastest way to learn, it has been a trusted path for many teenage hackers.
A more structured approach involves online courses and certifications, which are often more respected in cybersecurity than in other industries. There is a variety of free and relatively cheap courses (opens in new tab) that offer great ways to get started.
If you want certifications valued by the industry, look at getting one of the following qualifications:
- CNSS 4011 (opens in new tab)
- CISM (opens in new tab)
- CISSP (opens in new tab)
- CREST (opens in new tab)
- SEC+ (opens in new tab)
- CySA+ (opens in new tab)
- CCNA Security (opens in new tab)
- CCNA Cyber Ops (opens in new tab)
Cybersecurity is a wide and rapidly moving industry. Making a career out of it involves knowing what you want to specialise in and working hard to become an expert in that particular role. As long as you keep up with the latest threat developments, you could be setting yourself up for a comfortable and engaging career.
This article was originally published in issue 321 of net (opens in new tab), the world's best-selling magazine for web designers and developers. Buy issue 321 here (opens in new tab) or subscribe here (opens in new tab).