What is an ethical hacker?

Data is valuable, and people will pay a lot of money for it, even when it is gained illicitly by hackers. Digital thievery is not a new practice, and has been a threat since the birth of the internet. However, unlike these illegal hackers, there are hackers who operate inside the law to help protect your data from malicious attacks. These people are called ethical hackers.

An ethical hacker is someone who is paid by a company or business to purposefully hack into their websites, systems or computers in order to assess and identify potential threats. The idea is that the ethical hacker exposes areas of weakness to the company before they can be found by a malicious hacker, thereby helping to keep data safe and secure. While not a foolproof solution, as technology is constantly evolving and allowing malicious hackers new avenues of attack, the ethical hacker will provide vital intelligence. There’s massive demand for their skills, so if you are a computer whizz, who enjoys a constant challenge in their work, then this could be the career for you.

I can’t believe I get paid to do what I do. It’s a surreal childhood dream come true for me.

Gavin Loughridge, Ethical Hacker

How to become a hacker

Ethical hackers are increasingly viewed as a necessary and vital part of the digital landscape. Without someone who thinks with the mindset of a hacker, it’s almost impossible to identify and isolate all the potential security weaknesses in your systems or websites. These vulnerabilities are inevitable, especially with the rapid advancement of digital technology, so the skills of ethical hackers are highly desirable. 

It’s a highly competitive career, so the best way to get ahead of your competition is to complete training courses, or to start working in the internet security industry and gain professional training there while working in government. With well-recognised training available from GCHQ and the EC-Council UK, there are a good range of options for obtaining the necessary qualifications for the role.

Hacking a computer

Are ethical hackers in demand?

Ethical hacking is in huge demand worldwide, with major money to be made if you become highly skilled within the industry. Due to the high level of demand, many companies t have “bug bounties” available, so that if you find and report vulnerabilities to them they will pay you a set fee. This money can include sums of thousands or even tens of thousands of US dollars, so it’s certainly a lucrative field. This high pay reflects the large amount of experience and skill required to isolate these bugs, but while there is a steep learning curve, anyone can become a successful ethical hacker with the right training.

What qualifications do you need to be an ethical hacker?

To become an ethical hacker, you do not officially require any qualifications. The emphasis here is placed on your actual demonstrable skills. However, there is a definite moral grey area around obtaining practical hacking skills without a qualification — where exactly DID you practice your skills in order to get this good? And, more importantly, was it legal? If a company asks that question, and you don’t have all the answers, there’s a real risk that they won’t feel able to trust you. As such, you will likely earn less, and be less likely to be hired if you do not hold an appropriate certification.

This is because companies still have major trust issues regarding hackers, with many having felt the bite of malicious hacks on multiple occasions. If you cannot prove yourself as being utterly trustworthy, you may find it hard to land jobs, especially if you work as a freelancer where your reputation is key to obtaining contracts. While agencies do exist, and provide one form of demonstrating you as an individual worth trusting, by having recognised qualifications you can easily help your case. It will also be beneficial to hold a bachelor’s degree or above in a field related to either information technology or network security.

What skills does an ethical hacker need to have?

Ethical hackers need to have a wide skill set, with plenty of practical experience. These skills should include:

  • Programming skills — the central element of any attempted hack will most likely be a heavily customised computer programme. With numerous languages currently in existence, you should learn the ones that will work best against the target computer systems and platforms you will be engaged with. 
  • Network skills — penetration testing, or the ability to break through cyber defences, is often heavily aided by network skills. This will allow you to infect a single computer or entry point, and then use this as a way to internally access other areas without facing the same levels of security.
  • SQL skills — SQL, which stands for Structured Query Language, is a standard language for retrieving and manipulating databases. With databases forming the back-end of many web applications, being able to use SQL injections to create, read, update or even delete information from a database provides a user with huge power. Unsurprisingly, SQL attacks are among the most common forms of malicious hack.
  • Hacking tools — unsurprisingly, there are a wide range of hacking tools available for download online. These are often used by IT security teams to help understand the threats posed to their systems. Naturally, if you intend to break into a computer system, then being able to use pre-existing programmes will save you a lot of time.
  • Excellent ability to utilise search engines — an easy way to gain extra information related to your hack, search engines allow you to find information that could make your job into a breeze. Knowing how to best use search engines will make your job as an ethical hacker far easier.
  • Highly motivatedethical hacking is a highly intensive process, and while each success will feel very rewarding, the workload will likely be high. After each hack, you will need to produce reports, and show the client all the weaknesses you may have found. As such, being able to stay highly motivated is a must for any aspiring ethical hacker.

Steps to becoming an ethical hacker

Step 1 — begin learning programming languages

The most important step in becoming an ethical hacker of any type is learning programming languages. These will form the basis of all your future work, and will be vital to you achieving success in your chosen career. There are numerous online resources for learning programming languages, including many which are entirely free. Alternatively, you could attend classes open to the public at educational establishments such as colleges or universities in order to gain these skills.

Step 2 — practice, practice, practice

Once you’ve learned the basics of each programming language you want to learn, the only way to improve is through practice, and lots of it. Much like when learning a foreign language, you will find that your ability improves over time, so the more practice you do, the easier you will find the language.

Step 3 — hold a degree level qualification

A good way to show your ability as a programmer is to hold a relevant degree level qualification. Alternatively, having a degree in any subject shows you have dedication and the ability to train yourself and be self motivated. However, if you hold an irrelevant qualification such as a history degree, or a biology degree, then be prepared to explain at interviews why you want to become an ethical hacker instead of pursuing other options!

Step 4 — obtain necessary professional qualifications

If you want to really demonstrate your skills as an ethical hacker, then obtaining a professional qualification from a recognised provider will help your case.The Ethical Hacker Certification from the EC-Council UK is the most widely recognised qualification, and can make all the difference between being hired as a mere penetration tester or as a high-flying certified ethical hacker.

Step 5 — find a job

The final step is to find a job. With high demand for ethical hacking skills, if you have followed the steps above, then there is no reason you cannot find a well paid role as an ethical hacker.

Is ethical hacking legal?

Yes, ethical hacking is legal within the United Kingdom and United States, with some limitations. This includes that the ethical hacker must report all potential weaknesses, and must never leave themselves a backdoor into a company’s systems for personal use. 

An ethical hacker will always have the consent of their target to undertake a hack. The purpose of their actions is to help prevent future attacks by a malicious hacker. As such, they should not use it as an opportunity to create weaknesses or leave themselves a ‘backdoor’ for entry when the job is finished as this is both illegal and leaves a weak point a malicious hacker could exploit. This is what makes them distinct from malicious hackers – a malicious hacker is someone who does not get permission for their work, and who intends to use their hack to create disruption or damage in their target’s systems, be that for personal entertainment or financial gain.

Can you become an ethical hacker with a criminal record?

It is possible to obtain work as an ethical hacker with a criminal record, however, it will make it far harder if you do not have someone able to back up your claim that you have left the criminal life behind. This is because ethical hacking involves a huge amount of trust between the client and the hacker – the hacker will be gaining access to internal systems and could steal data from the company, so the trust must be absolute. 

However, if you do have a criminal record, do not attempt to hide it – this information will be discovered. There are also a small number of employers who specifically work with those with juvenile criminal records with the intention of bringing them back into the fold, so there is definitely room for you within the sector, even if you have a criminal record.

I hope you understand that not all hackers are there for the money – there are these hackers out there, ethical hackers, who are looking to protect you.

Ruben van Vreeland, Ethical Hacker

Is being an ethical hacker anything like it is on TV?

No, or at least not in the case of older depictions of hacking. Where an onscreen hacker may wiggle their fingers a few times and say the infamous words “I’m in”, a real hacker will spend hours on each hack trying to find the right way through the defences that are present. While some modern shows, for instance Mr. Robot, have shown the actual hacking process in a more realistic light, the rest of the action is more reminiscent of a high stakes thriller than the normal day-to-day experiences of an ethical hacker.

How much does an ethical hacker make?

An ethical hacker can be paid very well, especially if they can be demonstrated to be highly skilled. The pay range is reported to be approximately:

  • Penetration tester: £32,000
  • Certified Ethical Hacker: £43,000
  • Senior Ethical Hacker: £75,000+

How long does it take to become an ethical hacker?

To become an ethical hacker, it does not take much time, assuming you already have the necessary skills. If you already hold the skills, then the qualifications will be very easy to acquire, and obtaining a job from that point onwards will be relatively simple. However, if starting from scratch, assume that it will take you months, if not years, to gain the necessary skills, especially if you do not have easy access to on-the-job training or to individuals with expertise as ethical hackers.

What programming languages do ethical hackers use?

Ethical hackers use a range of programming languages. Each language is used for different tasks, though some are more important than others. Please be aware that this list is not exhaustive. Potentially useful languages for an ethical hacker include:

  • HTML – while not a true programming language, this is the primary language used to write web pages. However, many login forms and data entry methods on websites use HTML, so being able to understand the language can be highly useful.
  • JavaScript – JavaScript, not to be confused with Java, is a programming language used for client-side scripting. You can use JavaScript to read saved cookies, and perform cross-site scripting.
  • PHP – a server-side scripting language, PHP is used to process HTML forms and perform custom tasks. You can use PHP to write a custom application that modifies a web server, or makes it vulnerable to attack.
  • SQL – as already mentioned, SQL is used to communicate with most major databases. This allows you to modify, update, create and delete data if there are insufficient protections on the database.
  • Python – Python is among the most common high level programming languages, and is used to develop tools and scripts. You can also use it to modify and customise available tools too.

Related occupations

  • Front-end web developer
  • Back-end web developer
  • Web security architect
  • Game developer
  • Mobile applications developer