If there was ever a time to get into the IT security field, it’s now: The Bureau of Labor Statistics expects the sector to grow 37 percent by 2022, and according to a survey by the Ponemon Institute, demand for talent so outweighs supply that 40 percent of IT security positions are expected to go unfulfilled in 2014. The pay isn’t bad, either: the average information security analyst in the U.S. makes over $90,000per year.
One of the most in-demand positions in this field is that of an ethical hacker—an IT professional who purposefully penetrates networks and systems to find and fix potential vulnerabilities. If you’re looking to put on your “white hat” and infiltrate systems for good, this position can be a great career opportunity. Depending on your experience and skills, you can earn over$100,000 per year.
To help job seekers learn what’s involved in becoming an ethical hacker and the responsibilities of the position, we spoke with IT security professionals, instructors and certified hackers themselves. Here, we highlight the skills and certifications needed to rise to the top of the talent pool.
What Is an Ethical Hacker?
Ethical hackers are responsible for examining internal servers and systems to discover any possible vulnerabilities to external cyber attacks. Common job functions include conducting “pentests” (purposeful penetration tests to discover security weaknesses in a system) by using software applications such as Metasploit and BackBox Linux.
According to Damon Petraglia, director of forensic and information security services at Chartstone Consulting, other ethical hacker responsibilities include:
- Providing recommendations on how to mitigate vulnerabilities;
- Working with developers to advise on security needs and requirements;
- Updating security policies and procedures; and,
- Providing training as part of a company’s security awareness and training program.
What Are the Job Requirements?
A typical entry-level ethical hacker job posting reveals that a bachelor’s degree in computer science or a related work field is a must. Beyond that, security certifications can be extremely beneficial in proving you have the requisite knowledge for the job. One survey found that 81 percent of security professionals believe getting certified was a key factor in the decision to hire them.
While many IT security certifications exist, the three main ones for ethical hackers are:
- Certified Ethical Hacker (CEH)
- GIAC (Global Information Assurance Certification) Penetration Tester (GPEN)
- Offensive Security Certified Professional (OSCP)
CEH: The Most Basic and Widely Recognized Certification
If you’re looking to get started as an ethical hacker, the CEH certification, the broadest of the three, may be right for you. Offered by the EC-Council, the CEH certification is designed to give IT security professionals a baseline knowledge of security threats, risks and countermeasures through lectures and hands-on labs.
According to Paul Coggin, a certified EC-Council instructor, it’s recommended that students who enroll in the course have a background in “Windows and Linux systems administration skills, and are familiar with TCP/IP [the core Internet protocol] and virtualization [creating a virtual version of a hardware or software platform].”
If you plan on skipping the classes and taking the exam without training, you’ll need to submit proof that you have at least two years of experience in IT security.
A big benefit with the CEH certification is flexibility: there are options for self-study, video lectures you can watch at your own pace and instructor-led lessons you can take online. The EC-Council even provides the option of bringing training to your business or organization. Upgrades for physical courseware, additional practice exams and tablet usage are also available.
Instructor-led lessons take place from 9 a.m. to 5 p.m. over the course of five days, and students can access online labs for up to six months. The latest version of the test consists of 125 multiple-choice questions. Students have four hours to complete the exam and must receive a score of at least 70 percent to receive the certification.
The cost of the CEH depends on the level of instruction needed: it ranges from $825 for the basic self-study coursework all the way up to $2,895 for instructor-led courses, online lab access, a test voucher and a test prep program. If you don’t buy the voucher, the test itself costs $500, and all students must pay a $100 application fee.