What is ethical hacking? Getting paid to break into computers


Ethical hacking, also known as penetration testing, is legally breaking into computers and devices to test an organization’s defenses. It’s among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested. 

Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester’s point of view, there is no downside: If you hack in past the current defenses, you’ve given the client a chance to close the hole before an attacker discovers it. If you don’t find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn’t break into it.” Win-win!

I’ve been in computer security for over 30 years, and no job has been more challenging and fun than professional penetration testing. You not only get to do something fun, but pen testers often are seen with an aura of extra coolness that comes from everyone knowing they could break into almost any computer at will. Although now long turned legit, the world’s former most notorious uber hacker, Kevin Mitnick, told me that he gets the exact same emotional thrill out of being paid to legally break into places as he did for all those years of illegal hacking. Mitnick said, the only difference “is the report writing.”

How to become an ethical hacker

Any hacker must take some common steps to become an ethical hacker, the bare minimum of which is to make sure you have documented permission from the right people before breaking into something. Not breaking the law is paramount to being an ethical hacker. All professional penetration testers should follow a code of ethics to guide everything they do. The EC-Council, creators of the Certificated Ethical Hacker (CEH) exam, have one of the best public code of ethics available.

Most ethical hackers become professional penetration testers one of two ways. Either they learn hacking skills on their own or they take formal education classes. Many, like me, did both. Although sometimes mocked by self-learners, ethical…

Source…