In recent years becoming a certified ethical hacker has become a much sought-after skill in the cybersecurity world. Seeded by small groups of early hackers who bucked the trend of hacking for financial gain or simple disruption, it took time for the practice to be accepted as a legitimate role in the business world.
But how do you become a certified ethical hacker?
As the internet flourishes and cybercrime becomes more sophisticated and widespread, certified ethical hackers prove that one of the best defenses against cyberattacks is to employ people with the same (or better) hacking skills to identify vulnerabilities before they can be exploited.
Most mid-to-large-sized organizations employ certified ethical hackers to perform social manipulation and penetration testing on their systems, and pay them well to do it. With an ever-increasing threat landscape, organizations are adding ethical hackers to their IT staff, leaving many companies struggling to fill open positions. This is particularly true around Washington DC, Virginia, and Maryland, where there are large concentrations of security-minded government agencies, military organizations, and corporate headquarters.
The good news for you is that the resulting skills gap pushes salaries higher and creates lots of choices for those with the necessary skills. So, if you have been wondering how to become a certified ethical hacker, now is a great time to do it.
What is a Certified Ethical Hacker?
As you may have already gathered, ethical hackers are employed or sub-contracted by an organization to break into their computer infrastructure and systems. Ethical hackers will do this by applying a wide range of techniques and tools.
Critically important to companies around the Washington region, ethical hackers give transparency to an organization's IT security threat level. At a time when most boardrooms believe they have better-than-average security in their networks, study after study shows that many companies still have significant issues. Ethical hacking can be the best way to shine a light on those issues and get them fixed.
Ethical hacking is often compared to the practice of pentesting. While the two disciplines are very similar in intention, pentesting refers to a much narrower and technically focused approach to breaking into an organization's computer system and is typically conducted on a regular basis. Ethical hacking is a much broader discipline covering a wide range of attack methodologies, of which pentesting can be part.
Reasons Why You Should Become a Certified Ethical Hacker
The ethical hacking community has a genuine sense of pride in its evolution as a somewhat anti-establishment cohort. Indeed, the 2018 Hacker Report states that while most of the community has some form of computer certification, less than 5% had formal qualifications in ethical hacking.
So, if you are a proud, self-taught member of the ethical hacking community, why should you bother getting formal certifications for your ethical hacking skills?
There are more, but here are the top three reasons to formally qualify your hacking skills:
1. Organizations are Increasingly Using Formal Certifications When Recruiting Ethical Hackers
Organizations, especially large corporations, rely heavily on formal qualifications to assess job applications and chose recruits for interviews. If you are looking to turn your ethical hacking passion into a lucrative career, you need to formalize your skills. Of course, your skills and experience are important, but recruiters will weed out people without relevant qualifications during the application process. Around Washington you'll find many companies including as General Dynamics, Logistics Integration Systems, and Accenture asking specifically for ethical hacker credentials for roles located in Maryland, Virginia, and DC.
2. You Need to Cover All the Fundamentals.
The desire to learn new skills organically on your own is admirable and a great way to develop yourself. But however passionate you are about a topic, there is a tendency to focus on specifics that drive your interest and neglect areas that do not.
Then there is the possibility that there are new developments in the industry that you miss altogether. Some formal study and certification, whether it is self-guided or with an instructor, will ensure you are covering all the latest hacking skills and knowledge.
If you want to turn your passion for hacking into a career, gaining formal certifications will ensure that you cover all the bases. It also proves to recruiters that you have the skills to deal with all aspects of the job, even the areas that may not be particularly interesting to you but are vital to your employer.
3. You Need to Market Yourself as an Ethical Hacker
Maybe the most important reason to gain formal qualifications and become a certified ethical hacker is the ability to market yourself and your hacking skills confidently. Although opportunities remain for IT professionals who have lots of experience but lack specific certification, as the role becomes more formalized, you will increasingly find yourself competing for positions with candidates who have taken the time to get certified.
How to Become a Certified Ethical Hacker
If You're Starting with Little or No Experience
Suppose you're looking to get into ethical hacking as a career, but have little or no experience in IT. In that case, you'll need to learn some basic computer and networking skills before you start applying for cybersecurity roles or studying for a certification like CEH. As we noted earlier, most people working in the cybersecurity community have at least some foundational IT certifications and a couple of years of experience behind them before they jump into ethical hacking.
Your best path into ethical hacking is to get as much general experience working with computers and computer networks as possible and complement that experience by taking CompTIA A+ and Network+ certifications. If you find it hard to find paid work in IT, you can look for volunteer opportunities. These days most volunteer organizations can use people with some IT skills.
While studying for your A+ exam, you will learn how computers are put together and how they work. You will also learn some basic networking skills. Once you have A+, CompTIA Network+ will expand your knowledge of networking to have a sound understanding of how organizations set up and manage their computer networks.
At this point, it's essential to understand that gaining CompTIA A+ and Network+ certification is unlikely to net you a cybersecurity role from the get-go. At this stage of your career, you should be looking for IT support and help desk-type functions to build your experience and skills in real IT environments.
Don't think that working these types of roles isn't going to help your longer-term goal to become a certified ethical hacker; far from it. As well as solidifying your technical skills, help-desk roles typically require you to work and communicate with computer users throughout your working day. This interaction will build up your understanding of how people interact with computers in an organization, giving you critical human behavioral skills that will be invaluable as an ethical hacker.
Getting into Ethical Hacking with Previous Experience and Qualifications
Armed with some real-world experience and your foundational IT qualifications, you can start your ethical hacking career track.
To be taken seriously by employers, you will need to gain one or more cybersecurity-related certifications. There are several different certifications you can take, but the most commonly sought after by employers are CompTIA Security+ and CEH, or CompTIA Pentest+ (if you prefer to study the narrower, more focused discipline of penetration testing).
CompTIA Security+ in a Nutshell
CompTIA Security+ is the most widely accepted certification for roles across the entire cybersecurity field. Its focus is on defensive security, so it is not a specific ethical hacking or pentesting qualification. Still, it introduces you to critical concepts and skills you will need moving forward into those fields.
Accepted worldwide, this vendor-neutral accreditation demonstrates that you have the knowledge and skills necessary to secure an organization's networks and IT systems.
The Security+ exam consists of 90 multi-choice questions in an exam that lasts 90 minutes. Candidates have to score 750 points to pass
EC-Council Certified Ethical Hacker (CEH) in a Nutshell
EC-Councils' Certified Ethical Hacker (CEH) is the most popular ethical hacking certification available. This is a vendor-neutral certification accepted worldwide by employers looking to fill certified ethical hacker roles.
Unlike Security+, CEH focuses on offensive security, introducing you to both technical and social manipulation exploits.
Typical candidates for this certification have a minimum of CompTIA A+ and Network+ (or equivalent). They must also be able to document a minimum of two years working in the InfoSec field (or equivalent).
The CEH exam consists of 125 multi-choice questions and takes up to 4 hours. You must score 70% or more to pass the exam and become certified.
CompTIA Pentest+ in a Nutshell
CompTIA's Pentest+ certification is a vendor-neutral accreditation focused on the discipline of penetration testing. As previously discussed, pentesting takes a narrower, more disciplined approach to system testing, so although Pentest+ focuses on offensive security, the curriculum for Pentest+ differs somewhat from CEH.
This is an intermediate certification that will ensure you have the skills and knowledge required to identify information-system vulnerabilities and effective remediation techniques for those vulnerabilities.
There are no required prerequisites for the Pentest+ exam, but CompTIA recommends that candidates have at least Network+ and Security+ or equivalent before sitting the test. It is also recommended that you have at least a couple of years of hands-on experience working in information security.
The Pentest+ exam consists of 86 multi-choice and performance-based questions and lasts 165 minutes. The passing score is 750 or higher.
What Else is Required to Become a Certified Ethical Hacker?
Ethical hackers are required to perform a wide range of technical and social tasks to achieve their goals. To be a successful ethical hacker you need to get a solid grounding in as many IT disciplines as you can, particularly programming languages, operating systems, and databases.
On the social side, ethical hackers need to understand human behavior since the biggest vulnerabilities in any system are the people who use it. Gaining knowledge in the psychology of how people interreact with their digital devices is an essential skill for ethical hackers.
Security Clearance and Background Checks
Given the nature of an ethical hacker job, security clearance and background checks are often required before a candidate is offered a job. Depending on the organization you are applying to you may have to have one or both of these. Gaining security clearances can take time to get, but the wait is often rewarded with an interesting and well-paid job.
What Are Your Next Steps to Becoming a Certified Ethical Hacker?
- If you have limited or no experience working with computers, your next step is to get your CompTIA A+ and CompTIA Network+ training and certification. These are two entry certifications that will get you on an ethical hacking career track.
- If you have your basics down, it's highly recommended that you have CompTIA Security+ under your belt before attempting the specialized CEH specialized ethical hacking or penetration testing certifications. Security+ is an excellent qualification to have as it is the base requirement for a wide range of IT roles, particularly if you are interested in cybersecurity.
- If you have all those qualifications and wish to explore the broader ethical hacking role, CEH training and certification is the way to go.
- If you're looking to go into the more disciplined penetration testing field, consider taking CompTIA's Pentest+.
- Ultimately having both Pentest+ and CEH will enrich your skillset and open up more opportunities. Given that there is a certain level of overlap between the skills needed for both certifications, there may be value in taking them relatively close together to reinforce what you learn as you take each.
- Remember that right now there is a huge skills gap for people with cybersecurity skills. So, now that we've laid out how to become a certified ethical hacker, if you're serious about getting into cybersecurity, now is a great time to do it.
Training for all these certifications is available in a wide range of formats, both online and in person. Your choice of training method will depend a lot on your learning style, your budget, and availability.
Online, self-paced classes are popular and tend to be the most affordable. Self-paced learning is also great if you are very self-disciplined and can stay focused on the training. We meet a lot of people who try this method, but find that it’s hard to keep on track and eventually give up.
For most people live, instructor-led training tends to be the most effective, but it will cost a bit more than pre-recorded classes. With a live class, you can ask the instructor questions and interact with the class discussions. You are also more likely to stay on track since the classes run at specific times and run through a comprehensive curriculum.
TrainACE offers online and in-person instructor-led training in Certified Ethical Hacking and many other IT disciplines, from its offices in Greenbelt, Maryland.
We run classes during the week, in the evenings, and on Saturdays to suit your schedule.
Complete the form, or call us at (301) 220 2802 to find out more about our services or to book a seat in one of our classes.