Ethical Hacker

Career Guide
Marlese Lessing | SDxCentral

What’s Inside
• What is an Ethical Hacker?

• Top 10 Skills

• Top 10 Interview Questions

• Interview with an Ethical Hacker

• Related Definitions
E T H I CA L H AC K E R CA R E E R G U I D E

What is an Ethical Hacker?

Ethical hackers, or white hat hackers, act like the enemy when it comes to
cybersecurity. Companies that want to see how strong their security is will
contact a consulting firm and have an ethical hacker attempt to break into their
system.

Annual Salary: $69,000 (via Glassdoor), $110,000 if certified (via Notes

EC-Council)

Growth Projection: 32% per year (via the Bureau of Labor Statistics)

Minimum Education: Bachelor’s Degree (via the Bureau of Labor

Statistics) and Ethical Hacker Certification

Average Years of Experience: Fewer than 5 years in a related field

(via the Bureau of Labor Statistics)

Ethical hacking methods can involve everything from SQL injections, to DDoS attacks, to using
social engineering to gain access. The hacker will then write up a detailed report of the system’s
vulnerabilities and how the company can fix them. Ethical hackers are typically certified, meaning
they have to sit through an accredited course and pass an exam.

Ethical hackers need a creative mind, good client-facing skills, and the ability to stay on top of
the latest trends in malware and tech. They use a variety of techniques and tools to hack into an
enterprise’s systems, from finding vulnerabilities in the software, to using social engineering —
which is the psychological manipulation of people in order to gain their trust and get access to
restricted systems and areas.

In essence, they use the same tools and techniques that black hat (malicious) hackers depend on to
help enterprises fix the gaps in their security. Ethical hackers do this before black hat hackers can
exploit those gaps.

While not all ethical hackers are certified, a certification can make an applicant more desirable and
offer a higher salary range. The Certified Ethical Hacker exam is administered by the International
Council of Electronic Commerce Consultants (EC-Council), which offers a masterclass and
educational materials in preparation for the exam. The exam itself costs $1,199 to take (not counting
instructional expenses). There are several exam preparation courses available online, both for a
charge and for free.

Check out SDxCentral’s How to Get A Job in Tech Guide for resume and cover letter tips, top IT
skills, and other insights into the tech workforce.

1
E T H I CA L H AC K E R CA R E E R G U I D E

Top 10 Skills
Ethical hackers need to have a wide pool of knowledge, and avoid specializing
too much in one field at the expense of other skills.

1. Malware 6. Analytical Thinking

Ethical hackers need to know different types of malware, how they can Hacking requires a creative and analytical mind. Ethical hackers need to be
be used to gain access into a system, and the latest types of emerging able to reverse engineer security frameworks, come up with unique ways to
malware. Hackers will use malware either as a way to gain entry, or to break into a network. This also requires thinking outside of the box — social
corrupt and steal data once they’ve gained access. An ethical hacker may engineering is a common technique for both white hat and black hat
write their own malware, or use malware toolkits written by others. hackers, and uses psychological techniques to gain access into restricted
areas. This is why some hackers have been able to steal credentials and
install malware with only a clipboard and a toolbelt.
2. NICE 2.0 Framework
The National Initiative for Cybersecurity Education (NICE) Cybersecurity 7. SQL
Workforce Framework, which is written and published by the National
Institute of Standards and Technology (NIST), is a standard for categorizing SQL, or structured query language, is the language data centers use to
cybersecurity roles within an organization and identifying any gaps in communicate with one another. It’s also the bread and butter of one of the
knowledge or responsibility. It essentially outlines the responsibilities of most common IT attacks: SQL injection. Ethical hackers need to know how
employees in an organization and provides a roadmap for career advance- to write SQL statements for in-band, out-of-band, and blind SQL attacks,
which can quickly compromise a database’s operation and its data.
ment. As well, it highlights where cybersecurity responsibility falls when
identifying vulnerabilities in an organization’s security.
8. Cryptography
3. IoT Device Security Knowing encryption and decryption is highly useful as an ethical hacker
skill, since organizations will often encrypt their sensitive data or network
IoT devices are often highly insecure, making them a prime target for
traffic to prevent outsiders from abusing it. Hackers need to know the
gaining access into an enterprise’s network. Mobile devices are especially
various techniques for breaking encryption — through brute-forcing,
prevalent, since nearly everyone has them, and they are often directly
algorithm keyword searches, and ciphertext analysis.
connected to an organization’s network through WiFi. Hackers should be
familiar with the tools used to extract information and gain access, such as
As well, cryptography is an essential component to ransomware, since it
Wireshark, BinWalk and SAINT.
uses encryption to hold its victims’ files hostage, and is a tool for ethical
hackers to demonstrate vulnerabilities in a system’s email and malware
4. Cloud filtering software.

Most organizations are highly dependent on the cloud in order to collab-

orate on documents, run applications, and back up their data. Hackers, 9. Computer Forensics
however, can use the cloud to conduct reconnaissance and build an attack
Computer forensics is the art of collecting criminal data and evidence left
platform. Free cloud platforms are especially vulnerable since organiza- behind in IT infrastructure. This data is then presented in court to help build
tions assume that security is the responsibility of the cloud provider. Ethical a case. Government institutions or law firms may hire an ethical hacker to
hackers should have a broad knowledge of the vulnerabilities present in all break into a suspect’s seized laptop or phone in order to find evidence. As
the major cloud platforms, including AWS, Google Cloud, and Microsoft well, the techniques used in criminal forensics can be applied to finding
Azure. specific information on a target’s device when conducting a security
analysis.
5. Artificial Intelligence and Machine Learning
Hackers use artificial intelligence (AI) and machine learning algorithms
10. Ethical Hacking Software and Tools
in order to mass-guess passwords, scan for vulnerabilities, and decrypt Hackers use various tools to scan, analyze, and break into applications and
encrypted data. Conversely, AI is also a crucial security tool — cyber systems quickly and efficiently. These can include IP scanners, password
professionals can use it to block and detect phishing attacks, perform crackers like John the Ripper, vulnerability testers like Metasploit, and traffic
security diagnostics, and filter out malicious websites and links. Ethical analyzers like Wireshark. Most ethical hackers will have a go-to “toolkit” of
hackers need to know how to get around these security measures, and also programs they are highly familiar with, as well as broad knowledge of more
implement the right AI tools when prescribing a post-hack security remedy. obscure tools for unique or difficult jobs.

2
E T H I CA L H AC K E R CA R E E R G U I D E

Top 10 Interview Questions

Ethical hacking interviews are about methodology — an interviewer may start off
with a penetration scenario and ask more questions based on your answers.

1. Where do you get your news? Notes

Knowing about the latest ransomware attack or Windows vulnerability is crucial for an ethical
hacker’s job. You should be getting your news from a wide variety of sources, both official and
unofficial. Google Alerts, Reddit, RSS feeds, and tech news sites like SDxCentral. As well, mention any
ethical hacking chat channels you’re a part of on Slack or Discord, since they can be a good way to
get news and tips from others in the field.

2. How would you conduct an external penetration test?

This question can vary broadly, with the interviewer outlining different parameters, systems, and
tools to account for. They may purposefully leave out some details, so don’t be afraid to ask follow-up
questions.

An important thing to remember when answering this question is that penetration testing does not
begin with scanning or technical tasks — instead, it starts with sitting down with the client to plan out
the timing and scale, and verifying the information they give to you. Ensure, for example, that the IP
addresses they give to you are correct, since it’s common for them to have typos.

When outlining how you would tackle the test, be detailed — outline which tools and methods you
would use, and why you would use them. As well, outline which factors would make you change your
approach.

3. How would you write up a vulnerability report for a client?

Interviewers are looking for two things when you answer this question: how well you handle written
communication and how well you handle customer relations. Vulnerability reports should explain
the problem in detail, how it was found, and why it poses a risk to the network and to the enterprise.
Reports should include the business impact as well to justify to higher-level executives the time and
effort required to fix the vulnerability.

4. What are the stages of hacking?

1. Reconnaissance, also termed footprinting, scouting, and info gathering. This involves evaluating
the network, system, and environment. This can be active (engaging directly with the target system
through social engineering or otherwise), or passive (gathering info without interaction, such as
through public websites).

2. Scanning, which is looking through the system for access points. This includes port scanning,
vulnerability scanning, and network mapping.

3. Gaining access, which involves the hacker using one of the ports or vulnerabilities to get into the
system.

4. Maintaining access, which is when the hacker manipulates the system for their own ends —
whether it’s gaining information, taking control of multiple email accounts or inserting malware. This
is all done without detection on the user or administrator’s end.

5. Covering tracks, which puts the system back as the hacker found it in order to avoid discovery.
This can include deleting or hiding files, clearing out email logs, and using a VPN to avoid IP tracking.

3
E T H I CA L H AC K E R CA R E E R G U I D E

5. What is SQL injection? How do you conduct it? Notes

SQL injection, or SQLi, is when malicious SQL statements are inserted and executed on the database.
These malicious statements can include dumping the database entries or sending the data to
another server. Hackers can conduct SQLi in-band, which is on the same channel of communication
as the server, and thus is an internal attack.

On the other hand, hackers can perform a blind (or inferential) attack by sending data to the server
and seeing how it responds, gaining insight on the database’s response time and behavior. SQLi can
also be performed through a web application, which is known as an out-of-band attack.

6. What can you do with a username and password?

In an ethical hacker interview, when you’re asked this question, the interviewer wants to see how
creative you can get. The first step should be to see the administrative level the credentials grant
you. See if you have remote access privileges, if you can control or access other credentials, and
how you can leverage it to gain other passwords through emails or spoofing. As well, poor password
hygiene means that people often use the same passwords for multiple accounts, possibly giving you
information outside the scope of the enterprise.

7. What’s in your toolkit?

Interviewers want to get a sense for what you’re comfortable with and what you’ll most likely use
on the job. Don’t just give them a list — explain why you use each tool, how long you’ve used it, how
experienced you are with it, and how it’s essential to you. Be sure to highlight if you’ve created some
of your own tools or contributed to open source ones, which will add strength to your skillset.

8. How would you explain a vulnerability to the developer who created

the site/software?
Often in your line of work, you’ll come across a client who is unhappy with the fact you’ve managed
to break into a system they built. The key here is to be empathetic and communicate that you want to
help them and their project — not just tear it down. Explain the vulnerability in detail and how to fix it,
and how it will overall make the site or software more robust — as well as the consequences for not
doing so. Avoid pinning blame on the developer directly, even if their product is poorly constructed.

9. How could you prevent ARP poisoning?

ARP poisoning, or ARP spoofing, is an attack carried out over a LAN that sends malicious packets
to the enterprise network’s address resolution protocol (ARP). An attack like this causes the ARP to
connect the hacker’s MAC address to the network’s IP address. This means network traffic is sent
to the hacker’s address instead of the network, putting the network’s information in danger. These
attacks are usually easy to conduct, since ARPs are often poorly secured. ARP poisoning can be
prevented by implementing packet filtering, installing a static ARP, using VPNs when on public WiFi,
and installing monitoring and detection software.

10. Why do you think ethical hacking is important?

This question is used both to determine what the job means to you, and how you will justify the
expense and effort your clients are putting into hiring you to evaluate your systems.

Penetration tests give clients a solid idea of how secure their network and IT systems are, without
having to rely solely on promises from security firms and software companies. It also serves as
a learning opportunity for the enterprise on every level — from training lower level employees on
avoiding social engineering, to showing higher-level executives the devastating business impact a
poor investment in security can pose.

You should explain that security is more important than ever — as malware attacks continue to rise,
ransomware runs rampant, and as businesses lose millions of dollars and put their customers at risk
due to leaked information, it’s more critical than ever to have a robust security framework in place.

4
E T H I CA L H AC K E R CA R E E R G U I D E

Interview with an Expert

Women make up only 24% of the information security workforce,
which is a troubling number in an age when equal representation
is needed more than ever. Ethical hacker and hacker advocate
Chloé Messdaghi wants to change that by advocating for more
women and underrepresented genders in the hacker field.

Bug hunting in particular is a hot topic, since more businesses are That’s one way to do it. The other way is if I’m trying to get a hold of an
offering payouts for hackers who find and report vulnerabilities in their assistant, I’ll usually write, for example, “Hi, Tom I need to have this PDF
networks and sites. printed out immediately. Put it on this person’s desk, if you can do that
within the next hour or two, that’d be fantastic. This is an urgent matter.”
Messdaghi is the founder and CEO of women’s hacker advocacy group And usually the assistant downloads the PDF.
WeAreHackerz, leader of the San Francisco Bay Area chapter of Women
of Security, and an advocate for hacking as a more acceptable way to It’s fun sometimes, but also it lets you know that you have to be on your
protect enterprises from malware. Here are her thoughts on security, toes. I always tell people to not check your emails unless they’ve had their
representation, and hacking for the forces of good. caffeine intake. Attackers are aware that on the weekends and evenings
you’re probably under some sort of influence, or you’re not fully awake yet.
What’s your hacking background like? And so that is the perfect time to launch an attack.

I’ve been in the field for three years now; before I came in, I was a
management consultant for a cyber security company. I kind of learned What are your favorite aspects of ethical hacking?
it by accident. When I started working at a company called Bugcrowd, One of my favorite aspects of it is that a hacker has made a conscious
which is in the bug bounty space. I had a manager named Jason Haddix, decision to do it on the good side, which makes me really happy because
who is pretty well known in the bug bounty space, and he started teaching there are a lot of malicious actors out there. We need as many ethical
me the basics in Burp Suite. hackers as malicious actors to try to prevent these situations from
occurring.
I still promote bug bounty. I think it is one of those things that we don’t
really talk about how much it has impacted the infosec community,
The thing that I love about the hacker community, in general, is that
especially the hacker community, because it’s the first time that compa-
everyone supports each other and they hold each other accountable. If
nies or organizations are communicating with the hackers.
you were to go out of scope and you exploit something and you shared it
online, the bug bounty community will call you out on it.
That’s kind of a game-changing moment, because it’s slowly changing
the stereotypes of hackers and starting to bring more of a bilateral
Hackers are already on a fragile line as it is when it comes to recording
trust amongst organizations and hackers. Hackers are scared to report
things and the way that the public perceives us. When one person acts
vulnerabilities — 60% of them that find vulnerabilities don’t report it —
out in the way they’re not supposed to, it removes trust that has taken a
because of the fear of being prosecuted by an organization.
very, very long time for an organization to have when coming to work with
hackers.
Now one of the things I work on is social engineering. So I will test people
in companies, if they are on their toes when it comes to being phished or
hacked. What are some of the most valuable skill sets that
you’ve found that you need to rely on?
So when I do it for training purposes, usually where the person doesn’t
know they’re being tested, what I’ll do is I’ll send an email from maybe Curiosity. No matter if you’re technical or not technical, curiosity is
like a spoof personal email for the manager saying, for example, “Hey something you need to have, because infosec is such a big field of its
Jen, you’ve done such a fantastic job on the past few months, and I’ve own, and it’s very different from most other tech sectors. New things are
recognized it and I just wanted to give you this Amazon gift card,” with a happening all the time, new tools get out all the time, new vulnerabilities
[malicious link] in the email. to exploit happen all the time.

5
E T H I CA L H AC K E R CA R E E R G U I D E

If you have that constant curiosity, and you ask yourself how can I I had guys call me baby, or they turn around and tell you, “Oh, can you give
outsmart this and that, and how can I do whatever I can to serve and me a water?” “Hey, aren’t you supposed to be taking down notes?” I would
make sure that I’m protecting people, then you’re set. Many of us came in make a comment in the boardroom meeting, and no one would hear me.
here because of the curiosity, and many of us came in here because we It would just be like crickets. And then a guy would say the same thing I
want to prevent attacks from occurring. did, and everyone went to applaud him. And it just kept occurring.

I would [also] say the ability to keep up with the news. Infosec Twitter is After all that, I basically was looking for jobs outside of infosec. I was like,
definitely one of those things you have to be part of to understand what’s that’s it, I’m out. But then I went to a conference called Data Security and
going on. Follow people, ask questions, reach out to people. The thing I walked in this room, there’s like 200 women in there. It was the first time
that I really love about this industry is that you can write to a complete ever I saw women in infosec, like a whole group of women in infosec and I
stranger, and most likely they’re gonna respond to you. didn’t feel isolated anymore. It made me realize: I need to fight for this. We
need to fight for this.
Why are you an advocate for ethical hacking? Why
Since I’ve been in infosec, I have been assaulted twice at conferences.
is ethical hacking so important? I’ve had men try to get into my hotel room a few times as well. As you can
For me, it’s hearing people’s stories of what it’s like when you want to imagine, it gets pretty scary. So now I don’t stay in conference hotels, I
report something that you found, and you just can’t because you’re usually have someone with me at all times when I’m in public, to try to
worried that you’re going to be prosecuted if you even give them just a protect myself when I go to conferences. And I still continue to do that to
small mention. keep myself safe.

It’s sad to see all these incredible people that are trying to do something
good, but the laws themselves are so out of date. I mean, we’re still
What advice do you have for both women and
dealing with anti-hacking laws from 1984. We have anti-circumvention young professionals breaking into the hacking
laws around from 1998. And when you think about it, that was a whole space?
different world than how we are today. That was before Y2K.
Have a support group. I also really recommend that also to never, ever,
It’s really sad to see that this is still an ongoing thing. And then when you ever be silent about anything that has happened to you. That is bad.
see the press reporting how hackers are these terrible people, they’re Because chances are there are other people out there that have gone
doing these terrible things, you have to remind them there’s a difference through something just like you have, and they need to hear your story so
between a hacker and a cyber criminal. they can come out too.

Even still today, when I tell people I work with that in the hacker com- When it comes to if you have been assaulted or sexually harassed at
munity, they take a step back, or their jaw drops, because they’re afraid. work, make a police record. Don’t go to HR. HR is not there to help you.
Sometimes hackers do report it, but companies don’t fix it in time, like They’re there to protect the company. And so by filing a police report, it
what we saw on Equifax. You need a lot more ethical hackers than cyber prevents that person from ever doing it again.
criminals in this world.
As well, I always recommend reading into the people who are known
in the field. There’s this great book series called Tribe of Hackers, with
What kind of challenges have you come across as
different editions for different career paths. That is so important, because
a woman in infosec? I think that when you’re starting to see if this is a field for you, you need to
There are many. In my first year of work in the infosec field, I actually read about it and research it. It’s one of my favorite books in this industry
almost left. It got to a point where it was just so bad — I could not believe because it really touches on all the different elements in hacking that play
that people are putting up with this BS. a role.

In the first two weeks of joining infosec, the first cybersecurity company
Any final thoughts?
I worked for, I looked around the offices, and thought, where are the
women? I remember researching and finding out that like, only 11% of In terms of gender representation in the industry: It’s not changing fast
people in infosec are women. enough. We need to fix what is happening internally before we recruit
more women because, if anything happens to these people, you feel that
That scared me, and it really sunk in when I went to RSA in 2018 and I was guilt with it. We need to fix it.
in a room for a talk, and I saw that there were only a couple other women
in this room that had hundreds of men. This interview has been edited for brevity and clarity.

6
E T H I CA L H AC K E R CA R E E R G U I D E

Topics You Should Know

How is the Internet of Things (IoT) Vulnerable? What are Endpoint Protection Platforms (EPP)?
Internet of Things (IoT) vulnerabilities stem from the tendencies of the An endpoint protection platform (EPP) is an integrated security platform
devices to have low computational power and hardware limitations that that combines multiple security services into a single, centralized system.
don’t allow for built-in security features. The platform protects endpoint devices — such as IoT devices, comput-
ers, phones, and printers — from security threats.
On top of that, IoT devices may sacrifice security in order to be first to
market. If the vendor is a startup that fails, the needed updates of security Read more
patches won’t come, leaving a user with an open attack vector on their
network. What is Ransomware?
Read more Ransomware is a form of malware that prevents a user from accessing
their files, operating system, or applications. The malware encrypts the
victim’s files and data, making it inaccessible and unusable. The attacker
What are the IoT Security Standards? will then demand a ransom in order for a user to regain access to their
Internet of Things (IoT) security standards are few and far between and files.

are rarely mandatory or part of industrial or governmental regulations like

Read more
other IT standards. However, there have been certain guidelines estab-
lished by regulatory and standards agencies over the past few years.
What is a Virtual Private Network (VPN)?
Read more
A virtual private network (VPN) creates a private network to separate the
user’s traffic from the rest of a public or shared network. There are both
Cloud Security Basics hardware and software versions. VPNs are primarily used for remote
access to a private network. For example, employees at a branch office
The basics of cloud security include being aware of what security teams
could use a VPN to connect to the main office’s internal network.
must secure in the cloud, managing what employees have access to the
cloud, what they can do with the cloud, and ensuring cloud security teams
Read more
are sufficiently trained.

Read more What is the Advanced Encryption Standard (AES)?

The Advanced Encryption Standard (AES) is an encryption algorithm
Data Security in the Cloud Best Practices that was selected by the National Institute of Standards and Technology
(NIST) for the United States government, commercial, and private
Data security in the cloud best practices include: understanding and organizations to use for securing sensitive unclassified information. It
implementing security fundamentals, securing cloud infrastructure encrypts 128-bit blocks of data at a time using cryptographic keys.
along the shared responsibility model, encrypting data in the cloud, and
ensuring compliance with applicable regulations. There are three options for encryption key lengths: 128-, 192-, or 256-bits.

Read more Read more

What is a Computer Worm? Data Center Security and Network Virtualization

A computer worm is a form of software that can replicate and spread Data center security refers to the process of using physical and virtual
itself on a network, accessing other computers and devices connected to components (such as firewalls) to protect a data center from malicious
the infected host. Worms can be malware, often used by hackers to eat activity. In recent years, network virtualization has improved and
up bandwidth or manipulate files or programs on the system. expanded the security tools available to data center operators.

Read more Read more

7
Notes

About SDxCentral
SDxCentral is the leading resource for IT infrastructure knowled ge. IT departments and personnel are under more demand and
more scrutiny than ever. Their very role in their organizations is shifting. Along with that are new skill requirements cropping
up nearly every day. SDxCentral career content gives IT professionals a leg up in a competitive market, educating them on not
just the necessary hard skills but the soft skills that separate the good from the great. These guides are independent content
designed to share knowled ge and help technology professionals stay ahead of the curve. Sponsors have no say in the content
and do not review it in advance.

www.sdxcentral.com