An ethical hacker is a computer and network expert who uses their skills to find weaknesses and vulnerabilities in system security. Ethical hackers are employed by organizations to test their systems and make sure they are secure from outside cyber security threats.
But what does an ethical hacker’s day-to-day job look like?
Before we answer that question, it’s important to understand that the job role of a certified ethical hacker doesn’t exist as such. Rather, a certified ethical hacker is a title that can be earned through certification, namely the Certified Ethical Hacker (CEH) certification offered by the EC-Council.
Nevertheless, ethical hackers who get certified go on to work in a variety of industries and sectors, including government, healthcare, finance, and retail.
So, with that in mind, let’s take a look at what the job description of a certified ethical hacker might entail.
Where do ethical hackers work?
As mentioned above, ethical hackers can work in a number of different industries. According to statistics, the top three industries with the highest number of data breaches in the United States in the past decade are:
- Medical and healthcare
- Banking, credit, and financial
This means that both public and private sector organizations in these industries are in dire need of ethical hackers to keep their systems secure.
Of course, that doesn’t rule out the possibility of an ethical hacking career in other industries, such as retail, education, or even the food and beverage industry. Wherever there is a need for computer and computer network security, there is a need for ethical hackers.
Additionally, CEH professionals (those with the Certified Ethical Hacker certification) can work in many roles that are not ethical hacking roles, such as in the position of a certified security analyst, security engineer, information security manager, and more.
The workplace environment
Depending on the location and size of the organization they work for, ethical hackers may find themselves working in a variety of environments. For example, they may work in a small office with a team of other ethical hackers or they may work remotely from home.
Some ethical hackers may even travel to different locations as part of their job in order to test the information security of an organization’s systems on-site.
Whatever the workplace environment, ethical hackers will need access to a computer with the necessary software installed, such as Kali Linux. And, they will need to be able to communicate with their team members (if they are working as part of a team) via email, chat, or video conferencing.
A day on the job with an ethical hacker
The exact time an ethical hacker starts their working day will depend on the organization they work for. The exact list of tasks they need to complete will also depend on the organization, as well as the specific project they are working on. However, there are some tasks that are common to all ethical hackers, regardless of industry or workplace.
Here are some daily tasks you may be expected to do as an ethical hacker:
Conducting security audits
This is one of the most important tasks an ethical hacker will need to do. A security audit is a comprehensive assessment of an organization’s security posture. This will involve looking at all aspects of the organization’s security, including its computer networks, systems, and applications.
The aim of a security audit is to identify any weaknesses or vulnerabilities in the security of an organization. Once these have been identified, the ethical hacker will need to report their findings to the organization’s management so that they can be addressed.
Daily meetings with their team (if there is one) or their managers or clients are a necessary part of an ethical hacker’s job. These meetings may be used to discuss the progress of a project, review the results of a security audit, or plan future projects.
Rhiannon Nee-Salvador, a pen tester for the Commonwealth Bank of Australia, says that these daily meetings determine her priorities for the day. “Team meetings determine which tests to run. The kinds of tests I do change depending on the system I’m working on.”
Attempting to break into systems
One of the most important (and fun) tasks an ethical hacker will need to do is attempt to break into the systems they are responsible for securing. This process, known as penetration testing or pen testing, is used to identify any vulnerabilities in a system that could be exploited by a malicious attacker.
To do this, ethical hackers will use a variety of tools and techniques to try and gain access to a system. Once they have gained access, they will attempt to escalate their privileges within the system so that they can access sensitive data or perform actions that could, if performed by a malicious hacker, cause harm to the system.
If an ethical hacker is successful in breaking into a system, they need to report their findings to the organization so that the vulnerabilities can be fixed.
Documenting their work
Another important task for ethical hackers is documenting their work. This includes documenting the results of security audits and penetration tests, as well as keeping a record of the tools and techniques they used to break into systems.
This documentation is important as it can be used to help improve the security of an organization in the future. It can also be used to prove to clients or managers that the work an ethical hacker has done is valuable and has helped to improve the security of their systems.
Research and training
To be successful, an ethical hacking cybersecurity professional will need to keep up to date with the latest security threats and vulnerabilities. They will also need to train themselves in new hacking techniques so that they can be used on future projects.
This research and training can be done in a number of ways, including reading security blogs and following security researchers on social media. Ethical hackers also need to attend security conferences and training courses to stay up to date with the latest security information.
“I research and read about the work other testers have done,” says Nee-Salvador. “It gives me ideas for my next tests.”
Ethical hacking misconceptions
Influenced by Hollywood and the media, many people have misconceptions about what ethical hacking is and what an ethical hacker does. Here are some common ones that you may have heard:
- Ethical hackers can do anything
You probably have a scene in mind: a highly intelligent, slightly unkempt hacker sitting in a dark room, their face illuminated by the light of their computer screen as they type away at breakneck speed, hacking into any system they please. They can enter any computer system they want, do whatever they want, and as long as they use what they discover for good, everything is fine.
This is, of course, not true. Ethical hackers are bound by the same laws as everyone else and can be prosecuted if they break them.
Ethical hacking is a highly controlled activity, meaning that ethical hackers can only test systems that they have been given permission to test. They are also usually required to sign non-disclosure agreements (NDAs) before they start work, which means that they cannot share the details of what they have found with anyone outside of the organization they are working for (often not even with everyone working at that organization, just a selected few people).
- Ethical hackers often enter a building pretending to be an employee to test security
While this is incredibly popular in movies and TV shows – and while it may happen that an ethical hacker gets assigned a role that involves going undercover in an organization – it is incredibly rare in real life.
And when it does happen, at least one person in the organization will be aware that the ethical hacker is going to be there and what they will be doing.
Again, not a single task in ethical hacking is performed without the knowledge and permission of the organization being tested.
- Ethical hackers are socially awkward
There is no denying that socially awkward people can become ethical hackers (and, indeed, ethical hackers can become socially awkward people), but the two don’t necessarily go hand in hand. In fact, many ethical hackers are quite sociable and have excellent communication skills – they just happen to be very good at finding security vulnerabilities in systems.
What’s more, if they work in a team, they will need to be able to communicate effectively with their team members in order to coordinate their efforts.
The job of an ethical hacker is, first and foremost, a job. It involves research, training, and a lot of hard work. The work environment you may find yourself in can vary from a corporate office to an unassuming home office, and you will likely be working with a team of other ethical hackers.
Despite what Hollywood might have you believe, the job of an ethical hacker is not glamorous. It is, however, important work that helps to keep organizations and individuals safe from cyber criminals. And it can be extremely exciting at times.
Is the job role of a certified ethical hacker right for you? Why don’t you contact us to find out more about how you can earn your Certified Ethical Hacker certification. We’d be happy to chat with you about your career goals.