.

What is it like being an ethical hacker?

<<

Hacks McSpack

Newbie
Newbie

Posts: 3

Joined: Tue Jul 06, 2010 10:39 am

Post Tue Jul 06, 2010 11:18 am

What is it like being an ethical hacker?

Hello all.

I'm pondering on my career in the future, and an ethical hacker is a career I am interested in.

I’ve currently in college (I live in the UK), one of my courses is an A level in ICT. I will also be hoping to start university in 2011. 

I have some questions about ethical hacking careers that I would like answering, if you don’t mind? :)

What is the role and responsibilities of an ethical hacker?

I don’t want to seem rude in asking, but what is the money like?  I’ve seen jobs for ethical hackers and information risk consultant (which i believe is another term for ethical hacker?), with the salary to be around £50k-£70k a year. Is this true for most jobs?

Where do you work? This may seem like a weird question, but, do you have a permanent place of work, or do you work nearby to your employer? Like, if a bank asks you to test their system, would you work in a nearby cafe on a laptop? :P

Thank you for taking the time to read this, and hopefully answering my questions.  ;D
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Jul 06, 2010 11:53 am

Re: What is it like being an ethical hacker?

Where to start? The women? The money? The fame?

While an information risk consultant might do some ethical hacking, I would expect that role to be focused mostly on risk management. Terminology varies quite a bit in this industry though, so review the responsibilities/qualifications for such a role. "Penetration tester" is the title that's most synonymous with ethical hacker. My official title is "Information Security Analyst," but I also do more than just penetration testing.

Money ranges based on skill. I know some people that make six figures while some of the unskilled newbies we mold right of college make help-desk wages.

I do remote work (i.e. external penetration test) out of our office, and I regularly go on-site (2-3 weeks per month) for the variety of on-site services we perform. I have friends at different companies and they do remote work from home and also go on-site. I wouldn't expect anyone to work professionally from a coffee shop or other semi-public network as there would likely be legal risks involved with that.

As far as the work itself goes, once a penetration test is assigned to me, I work with the client to verify IP address ranges, setup scheduling, address any special needs, etc. Once we're all squared away, the actual testing begins with information gathering, mapping, and so on. Upon completion of the test, I write a detailed report explaining the issues found, what the consequences were, and provide general direction for remediation.  This last part is where I see a lot of people struggle and become unhappy. It's definitely not fun, but it's a necessary evil for a quality test. I spend a significant portion of my time writing reports, so be sure you're able/willing to handle that aspect of the job as well.
The day you stop learning is the day you start becoming obsolete.
<<

Hacks McSpack

Newbie
Newbie

Posts: 3

Joined: Tue Jul 06, 2010 10:39 am

Post Tue Jul 06, 2010 12:37 pm

Re: What is it like being an ethical hacker?

Hey, thanks for the reply.  :)

So, an "Information risk consultant" asses risks and how they can be avoided, and "Information Security analyst" is someone who tries to hack into a system?

For the work itself, thanks for saying your roles and responsibilities. :) It seems quite an interesting job. Everyday a new challenge. :) And as for the reports, I do not mind doing them at all. :)

Once you have gained the qualifications of ethical hacking from university, is it hard to get your first job? And is it easy to pick up on what you need to do? Like, as if you were just doing what you were taught in university? Or is it a step up from that? (if that makes sense?).
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Jul 06, 2010 12:50 pm

Re: What is it like being an ethical hacker?

Hacks McSpack wrote:Hey, thanks for the reply.  :)


Anytime! Welcome to the forums, btw  ;D

Hacks McSpack wrote:So, an "Information risk consultant" asses risks and how they can be avoided, and "Information Security analyst" is someone who tries to hack into a system?


Like I said, titles are all over the place and are not consistent at all. I wouldn't necessarily define an Information Security Analyst that way. I also do risk assessments, IT audits, social engineering, and security awareness training. Penetration tester is just one of the hats I wear.

Hacks McSpack wrote:Once you have gained the qualifications of ethical hacking from university, is it hard to get your first job? And is it easy to pick up on what you need to do? Like, as if you were just doing what you were taught in university? Or is it a step up from that? (if that makes sense?).


It's usually pretty difficult to go right into a security role. IMHO, you end up selling yourself a bit short even if you can manage it. You'll more than likely have to get started doing systems and/or network administration and work you way into the security side of things from there. As always, you can't secure what you don't understand.

I would say it's a leap up from anything you'd do in school. I spend hours a day outside of work just trying to keep current and learn things I feel I'm weak in. You really have to enjoy learning and working with this type of stuff as a hobby to really take things to the next level.
The day you stop learning is the day you start becoming obsolete.
<<

Hacks McSpack

Newbie
Newbie

Posts: 3

Joined: Tue Jul 06, 2010 10:39 am

Post Tue Jul 06, 2010 6:11 pm

Re: What is it like being an ethical hacker?

Would you say it's a good career to get into?

What are the pro's and cons of it?  :o
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Jul 07, 2010 6:11 pm

Re: What is it like being an ethical hacker?

Hacks McSpack wrote:Would you say it's a good career to get into?


It really depends on the person. I think it's great for me. YMMV.

As far as jobs go, this field seems to be increasingly more popular. It seems like it will stay that way for the foreseeable future.

Hacks McSpack wrote:What are the pro's and cons of it?  :o


Like I mentioned before, you really need to be passionate about the material and enjoy working with it. If it's just appealing because you're after a big check or it seems exotic, you're not going to last. It's going to take a lot of time outside of business hours. I would wager that most of us are ok with that because we also consider it to be a hobby.

I also see others get frustrated and quit because they're not willing to put in the time mastering the fundamentals and want to do exciting work right off the bat. Like I said, you'll more than likely have to put in some time as a systems and/or network administrator. You're only going to be able to do a half-assed job (at best) if you don't develop a solid understanding of  TCP/IP first.

What appeals to me is the fact that things are constantly changing, and I'm constantly learning. As you can see, what may be considered a con to some people is a pro to me. That's why the answer to a lot of your questions are going to be, "it depends." I enjoy doing challenging work and having to think critically. Some want a job that's slower-paced with less pressure. I think you get the idea...
The day you stop learning is the day you start becoming obsolete.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jul 09, 2010 11:45 am

Re: What is it like being an ethical hacker?

I covered a lot of those questions in my talk on DIY Career in Ethical Hacking. There's a PG and an R rated version. You can find them as well as some pretty extensive reviews of CEH, CISSP and GPEN. They will give you a great idea of what they cover and what possible career paths you can get from them. Look here:

http://www.ethicalhacker.net/content/category/7/15/24/

Hope it helps,
Don
CISSP, MCSE, CSTA, Security+ SME

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software