Update! Rather than re-invent the wheel a million times we thought we’d just go ahead and ask the experts directly how they became Penetration Testers (or Ethical Hackers if you want to call them by that term!). Here is the blog post in which we interview over a dozen cybersecurity professionals and ask them how they became Penetration Testers.
Does intrusion detection, social engineering, denial of service, session hijacking and being able to hack web servers sound like your idea of fun? If so, then a career as an Information Security professional, or ethical hacker, might just be for you.
What is an ethical hacker?
This is our take on the matter: you have to think like a hacker to defeat a hacker. Said another way, the best person to protect a home’s security system is the guy that installed it – right? Well, it’s the same thing for information security and protecting data.
Being a legal hacker is commonly referred to as being an ethical hacker, “white hat” hacker, or as often referred to as being a “penetration tester”.
With the growth in cyber warfare, and data being leaked and hacked into on a daily basis – heck even today Adobe had 150,000 emails and passwords hacked.
The demand and salaries for information security professionals is excellent. For example, Data Security Analysts can expect between $89,000 – $121,500 which is a 6.8% increase from the same time last year. Here are some other figures:
Systems Security Administrator: $89,500 – $123,570 5.0% increase
Network Security Administrator: $89,750 – $123,500 5.7% increase
Network Systems Engineer: $93,500 – $123,250 5.6% increase
Information Security Manager: $108,000 – $149,750 4.4% increase
In summary, the security IT market overall continues to grow. Research firm Gartner and from Robert Half estimates that worldwide enterprise IT spending grew by 6 percent between 2009 and 2010, to a total of nearly $3 trillion! At the same time, security is becoming a more pressing concern. Gartner expects to see an increase of nearly 44 percent in all IT spending on worldwide security services during the five-year period from 2011 to 2015, eventually surpassing $50 billion.
When you start your career you can expect anywhere in the region of a starting salary of between $50,000 to $100,000 per year, depending on the company that hires you, and like anything else, your IT/ hacking experience and education. Many ethical hackers end up becoming consultants. In fact, most of our Hacker Hotshots are exactly that.
(Follow this link for a download on how to get started as an ethical hacker and break into the industry!).
It’s kinda difficult to just simply jump in and become a penetration tester. Without IT security experience you are best to get certified.
So – I wanna be one! How do I get started?
Again, we have heaps of advice on this
here but what you definitely need to get started as an ethical hacker is dependent on where you are in your IT career. If you haven’t started your IT security career yet, why don’t you consider military service? The armed forces offer some really excellent IT opportunities, and you get paid to go to school! We have a couple of excellent Hacker Hotshot presentations on this very subject – G Mark Hardy (ex-military) “Hacking As An Act of War.” G Mark is a director of Cyber Watch for the last seven years which is a consortium of colleges, universities, government agencies and what they do is provide a pathway for students to get a two year associates degree, transfer 100 percent of the credits on to the university, perhaps even get a 2 year full scholarship under the government scholarship for service. In exchange, you agree to a 2 year tour with government as a civilian.
Another Hacker Hotshot presentation is titled: “Solving the Cyber Security Hiring Crisis DHS and the Great Talent Search” by Winn Schwartau. Winn is a BlackHat, DefCon and Hacker Halted speaker and industry legend. The presentation he delivered back in mid October 2012 was – and remains – excellent. Winn talks about the hiring “crisis” and provides some really good advice for those seeking a career as an ethical hacker.
If you are just starting out then you probably ought to start with something like CompTIA A+. Hopefully you will then get employed – likely as a desk support technician or something similar then get security certification (Security+, CISSP, or EC-Council certified ethical hacker) and find an information security position.
If you are serious about this profession then go for it! The market and demand for this space is massive. Like anything, what you put in, you will get out. Join us for our Hacker Hotshots and learn more from penetration experts, hacker enthusiasts and just general cool people!