This continues our IT Career series. These are designed to introduce you to the variety of career options in information technology and how you can get started.
Certified ethical hacking is a relatively new job gaining traction in IT, security, and government industries. Because the job itself is up-and-coming, positions related to certified ethical hacking are constantly evolving. You’ll find positions at a variety of companies that require different skills and experience because the jobs themselves are different. While that can make a career in certified ethical hacking confusing at first, it’s actually good for someone seeking to add this skill set to their resume. It means that you aren’t tied to a specific job title and that growth opportunities are available if you know how to become a certified ethical hacker.
What is a Certified Ethical Hacker?
Certified ethical hackers are also called white hat hackers or penetration testers. Ethical hackers use the same hacking skills that cyber criminals use, but they do so to test networks and security and identify areas of weakness for clients or employers. Penetration testers and ethical hackers deal in viruses, buffer overflows, DDoS attacks and other hacking schemes, but they often deploy such tools in test environments. Whether penetration testing occurs in test or live environments, ethical hackers do have responsibilities outside of hacking a system. They must provide reports and recommendations to the organization on how to prevent someone else from hacking a system.
What Kind of Jobs Do Ethical Hackers Get?
Most individuals with ethical hacking certifications don’t end up with jobs as an “Ethical Hacker.” Instead, companies are hiring information security analysts, security engineers, penetration testers, and security consultants with ethical hacking skills. Some of these positions are limited to ethical hacking while others, such as information security analysts, might cover other job duties. According to the Bureau of Labor Statistics, an information security analyst might plan and implement security upgrades, manage security controls, safeguard networks and data, and work with others in an organization to respond to security risks and breaches.
While all types of organizations hire candidates with ethical hacking skills, government agencies and government contractors often lead the field with open positions and hiring numbers. Government contractors such as Lockheed Martin and Booz, Allen, and Hamilton are leading employers of ethical hackers, although they often hire via contract, making their hackers freelancers. Other organizations that hire security consultants and ethical hackers include the U.S. Army, U.S. Airforce, IBM, U.S. Marine Corps, AT&T, HP, and Northrop Grumman. In addition to government organizations, you can see that technical corporations are well represented.
How Much Do Certified Ethical Hackers Make?
The BLS notes that information security analysts in the United States make a median of $44.83 per hour or $93,250 per year. At the lower end of the spectrum, information security analysts make approximately $24.65 per hour and top earners make around $69.00 per hour. Wage ranges vary according to job title and company, though. Ethical hackers who work as penetration testers make between $49,000 and $129,000 while security engineers report salaries between $62,000 and $126,000. Wages for this type of job depend on the company you work for, whether you are a contracted hacker or a W-2 employee, and what your other responsibilities might include.
How to Become a Certified Ethical Hacker: Experience and Education
Certified ethical hackers usually have education and experience in an IT field, whether that experience was gained through technical college and work or via the military. If you are starting fresh with a technology career, begin by working on basic credentials such as a Microsoft A+ certification. Without relevant experience, it will be difficult to move forward in certification processes and get an ethical hacking position, so consider seeking work in IT support functions or attending technical college while you continue with education to obtain Network+ or similar certifications. Important certifications for an ethical hacker include CISSP, TISCA, or Security+; these certifications can help you land a job in an information security department where you can begin developing penetration testing skills and experience.
Once you have the relevant experience and education, you can pass the International Council of Electronic Commerce Consultant’s Certified Ethical Hacker test. Once you obtain the CEH credential, you can seek work as a certified ethical hacker or even market yourself as a consultant and build a small business for yourself.