Over the past few years, hackers have gotten a bad reputation in the media. Recent headlines have purported that hackers have interfered in elections, brought down huge corporations, and stolen individuals’ passwords and personal information. As such, the court of public opinion has determined that individuals that operate in the hacking profession thrive in a position that creates chaos for other people.
In recent years, especially, individuals often think of hackers as people from foreign governments who worked to compromise state voting systems, impersonate users online, and dox prominent thought leaders.
More recent accounts have proven that these examples are not always the norm, however. Today, hackers have begun to create a new brand for themselves, using their skills in ways that help rather than hurt.
“We’re ignoring a different group of hackers who aren’t lawless renegades, who are in fact patriotic, public-spirited Americans who want to use their technical skills to protect our country from cyberattacks, but are being held back by outdated rules and overly protective institutions,” New York Times author Kevin Roose ponders. “In other words: What if the problem we face is not too many bad hackers, but too few good ones?”
Now, more than ever, tech experts, government agencies, and businesses are hiring ethical hackers and cybersecurity consultants to help test, probe, and improve their network security in an effort to prevent data theft and fraud.
What do ethical hackers do?
Ethical hackers and cybersecurity experts perform a necessary service in today’s business and political climate. These individuals work with businesses and government organizations to combat vulnerabilities in their network security, while keeping in mind the context that a blackhat or unethical hacker might have. In essence, they combat criminal motivations by thinking about criminal motivations, and working to stop them.
“Businesses don’t understand what they don’t know,” writes Candy Alexander, a cybersecurity consultant working in Manchester, New Hampshire. “That’s where I can help, by working with them to identify their requirements — and to protect their information according to the law and according to risk … From a risk perspective, you need to know how hackers work so you can protect against them. A lot of organizations have penetration tests: they hire a ‘good guy’ to hack in and act like a ‘bad guy.’ Then they build their security around that.”
Experts from across the field agree, noting that one of the unique benefits of their job is that they essentially get to act creatively as a detective, assessing what information criminals might be trying to access. They then work to prevent those specific events from happening.
“Companies basically hire me to try to break into their computer networks in order to figure out how a real criminal would do it,” Ben Miller, an ethical hacker at Paramater Security tells Life Hacker. “People in this profession use all sorts of tricks to sneak in — you can hack your way in, con employees over the phone or email, use impersonation to walk in, it really doesn’t matter. I’ve never come across a business that couldn’t be compromised. I’ve broken into a wide range of companies and organizations, from banks to hospitals, Fortune 500s, manufacturers, city utilities, government agencies, you name it.”
He goes on to say that it’s not only an interesting and challenging profession, but it’s also an incredibly rewarding career.
“I know I’m helping to protect companies and institutions from malicious hackers who would otherwise have nothing to stop them from breaking in.”
How Do You Start a Career as an Ethical Hacker?
Like many jobs in the tech sector, ethical hacking doesn’t necessarily require a specific degree or certificate. What is required, however, is a solid knowledge of computers, software and programming languages, creativity, problem solving, persistence, and drive. In essence, experience can prove to be far more valuable than a degree in this particular instance.
“Do you need a college degree to work in cybersecurity? Yes and no,” Alexander writes. “I know a bunch of people working in the field today who don’t have a degree. But should you get one? Yes, because it gives you the discipline to develop skills for lifelong learning … But if you’re driven and passionate about cybersecurity, you can come from any background.”
Still, it can be a difficult profession to break into. Many companies are under the impression that data security breaches are unlikely to happen, which prevents a bit of an obstacle in convincing them that they might be at risk.
For other, larger firms, however, ethical hacking is a means of keeping their businesses afloat and ensuring that their user’s information remains secure.
“We do everything we can to secure our products and services but occasionally things fall through the cracks,” Square’s information security technical lead Dino Dai Zovi told CBS News in 2015. He continued that Square, and other companies like it will continue to use ethical hackers moving forward. “So we aren’t just focusing all our efforts on locking the front door when there’s a wide open window we don’t know about.”