The demand for white hat hackers is on the rise. Bug bounty programs and full time ethical hacking jobs are becoming a prominent part of the cybersecurity industry and this trend is expected to continue upwards. The American employment search engine, Indeed, lists the average salary for a penetration tester to be:
$117,255 per year
The competitive salary and high demand for new ethical hackers has led many tech-savvy people to consider switching their career focus to ethical hacking or penetration testing.
But, just how feasible is breaking into the ethical hacking job market without going back to school? It turns out, it’s very feasible if you put in the work.
As an emerging area of cybersecurity, ethical hacking is yet to clearly define the barriers to entry for ethical hacking jobs. This means companies are much more flexible when it comes to formal education requirements and a proven understanding of hacking skills and hacking methodologies takes precedence.
Adding to this, the increasing pressure companies are facing from cyber threats is, in turn, putting pressure on those companies to fill cybersecurity vacancies and hire new talent. As cybercriminals become more sophisticated the potential for catastrophic cyber disturbances increases and companies can’t afford to wait.
This means the barrier to entry for ethical hacking jobs is lower when it comes to formal education requirements. For example, it would be unusual to find an ethical hacking job with a Ph.D. or Masters in a computer science related field as a requirement for the role – something which is commonly expected for entry-level science jobs.
While you don’t need to go back to school, you will need to make sure you have the right skill set to add value to your team.
Below are some of the best resources to use to learn how to be a hacker and land your first ethical hacking job.
Video tutorials are your friend
The best way to learn a new skill is to immerse yourself in the community and receive your knowledge from a varied set of sources. Sure, reading books and taking courses is essential to understanding the foundations of your craft, but you should supplement your study with other content.
Other useful channels are:
- Pentester Academy TV – The latest cybersecurity tool and gadget reviews
- Penetration Testing in Linux – Hacking tutorials and tool tutorials for the Linux operating system.
- Open Security Training – A breakdown of hacking tools and techniques
A good foundation in IT
It’s also important to have a good foundational knowledge in computer science and programming. For this, you can use resources like Teach Yourself Computer Science which breaks down the different components of computer science into manageable chunks and tells you the best books and videos to consume to upskill in that area.
Many prestigious universities like Massachusetts Institute of Technology (MIT) allow people to watch their computer science lectures on YouTube for free, or you can follow the whole course including the video lectures on their website.
You don’t have to become a computer science expert, but you should have a basic knowledge of all of the components of computer science. After all, to break something you need to know how it works, and to secure something, you need to know how it breaks.
Courses and Certifications
Many ethical hacking courses will give you a comprehensive overview of the field and take you from beginner to advanced. Courses can be a great alternative to creating your own study plan since it ensures you don’t accidentally miss something crucial. Hackerone provides an ethical hacking course that is accessible to aspiring hackers of all levels.
The leading certification in ethical hacking is the Certified Ethical Hacker (CEH) qualification by The EC-Council. This qualification involves study and an exam. This qualification may help set you apart from other applicants and demonstrate your intent for an ethical hacking job, however, it may not be affordable for everyone with the exam typically costing $950 USD.
The qualification isn’t essential for many ethical hacking jobs but it’s something to consider. If you already have a background in IT and maybe even some IT qualifications, this certification will be less essential but if you are switching careers from an entirely different field, it may help in conveying to your potential employer that you are sure about the switch.
Join the community
You should join hacking and ethical hacking groups in order to share ideas and experiences. Reddit has various hacking communities such as r/kalilinux, r/Howtohack, r/hacking, r/netsec, r/Asknetsec, r/security, r/malware, r/reverseengineering, and r/infosec. r/hackwarenews People in these communities like to share the latest hacking news and discuss new tools and techniques as well as any current issues the industry is facing.
They are also great places to get quick advice if you’re struggling with anything. Even if you don’t feel comfortable participating just yet, they’re a great resource for browsing and learning.
Twitter is also great for following hacking news or prominent white hat hackers. Many ethical hackers will share their discoveries on Twitter after they have permission from the company and the hack has been patched. You can also learn about the latest bug bounty programs from Twitter.
You should also be following professional ethical hackers and penetration testers on LinkedIn, as well as tuning your profile and job searches. By doing this you’re letting prospective employers know who you are and that you’re open for opportunities.
Keep up to date
Follow hacking and cybersecurity news by setting up alerts so that you get notified, or by setting aside time every day to read the latest news. A great alternative or addition to this is listening to podcasts such as The Cyberwire, Darknet Diaries, Open Source Security, Hacking Humans, Defensive Security, Security Now, and Command Line Heroes.
You can listen to podcasts while you’re busy doing other things so they’re a great way to consume hacking news while on the go. There are also good TED Talks on cybersecurity that are worth listening to if you can set aside the time.
One often overlooked feature of consuming cybersecurity media is that it will give you great talking points in an interview. Conveying subject expertise is essential, but displaying passion can put you one step ahead of the competition.
If you can find ways to talk about a particular hack that inspired you or a well-respected cybersecurity professional who transformed the way a problem was tackled, or even how listening to a TED Talk changed the changed your approach, then you’ll be noticed. If you do this, you’re demonstrating to the interviewer that you have passion, you’re hungry to learn, and you’re adaptable, which are extremely desirable traits.
We would like to hear your opinion on other useful resources within the community. Please share in the comments below