When most people hear the words “ethical” and “hacking” together, their first thought is often a question: “Isn’t that a contradiction in terms? How can someone who breaks into other people’s computer systems be ‘ethical’?” Those more familiar with what “ethical” and “hacking” mean on their own, as well as some awareness of current events, might think about groups like WikiLeaks or Anonymous: hacktivist collectives whose aim to infiltrate computer systems with the utilitarian goal of exposing “the bad guys” for a greater good is known across the globe. Still others might think that ethical hacking is as simple as when you open up a friend’s laptop to a logged-in Facebook account, post a joke or funny picture, and leave their page a little better off than how you found it.
None of these people is far from the truth. Even ethical hackers and computer scientists sometimes think of the words “ethical hacking” as an oxymoron; hackers associated with WikiLeaks and Anonymous have participated in (or taught) the kinds of security-testing hacks that are deemed ethical with the permission of the “hacked” organization; and hacking someone else’s Facebook, if it was done with the user’s permission and for the purpose of security testing, can actually fall under the category of “white hat” (as opposed to “black hat“) hacking.
So what is ethical hacking and who can be said to do it properly? The long complicated answer is “Cybersecurity professionals who are paid penetration testers.” The short simple answer is Certified Ethical Hackers (CEH). Using PayScale, we found the three top job titles that CEH’s commonly assume in the workplace, as well as a few resources for where to go to become a Certified Ethical Hacker if you’re interested in a career in white hat hacking. Contact us if you have questions about this blog post or any others on CSZ.org.
Information Security Analyst
Information Security Analysts are often responsible for solving security problems at companies and organizations with substantial technological and informational infrastructure. Duties usually include conducting research on a company’s or organization’s computing systems, a task that requires the ability to collect data, develop large-scale, logistical, and problem-solving strategies for potential security breaches, as well maximize computational productivity. Most Information Security Analysts are highly equipped multi-taskers and superb critical thinkers. They often monitor and document security breaches of company rules that govern computer usage. They sometimes draft these rules altogether. And of course, they must know how to operate every central component of a company’s technological infrastructure, from routers, to firewalls, to memory storage hardware, as well as how to lead IT professionals as a team in their effort to ward off cyberattacks.
- Common places of work: Medium-to-large corporations, Governmental organizations, and Universities.
- Salary: $50,000-$105,00 per year, depending on location
Security Engineers are often responsible for creating new and effective ways of ramping up security at their employing institution. They are on the front lines of solving problems that lead to better detection of unwanted intruders, as they are usually the first responders to technical problems that deal with software and hardware malfunction. In order to perform this job, Security Engineers require exceptional skills, not only in their ability to respond to emergent security situations, but to track down infringements against security policy using in-depth knowledge of computer forensics. They also need to know when and how to take direction, when and how to work independently, and most of all how to maximize utility within a team of IT professionals whose end-goal is always more secure computation and connectability. In-depth knowledge of the principles and practices of computer engineering is a must.
- Common places of work: Small, medium, and large corporations, Cybersecurity firms, Home
- Salary: $57,000-$125,000, depending on location
Penetration Testers are often responsible for maintaining secure connectability between internal and external communications. This means they’re often the stewards of the computational border between email servers, accounting and communications software, and the Internet. Penetration Testers work tirelessly to ferret out weaknesses in company firewalls that may otherwise allow hackers the inadvertent access they crave for sensitive personal, professional, and otherwise private data. They might even build their own tools for security testing, tools that are designed to compromise their own systems, as they’re always striving to think like a hacker in order to remain one step ahead of the threat they protect against. Communication and teambuilding skills are a must for penetration testers, who often rely on coordination and collaboration with multiple other penetration tester to address every angle of the collective threat that hackers pose today. Expertise and experience in cybersecurity are also a must, while expertise in black hat hacking might be a plus.
- Common places of work: Small, medium, and large corporations, Cybersecurity firms, Governmental organizations
- Salary: $43,000-$130,000, depending on location