Welcome to securityCRUSH

Welcome to the securityCRUSH blog, a place where you can find random musings as well as postings relevant to information security, penetration testing, and my latest projects - Daniel Wood.

Friday, February 3, 2012

What it takes to be an "ethical hacker"

Forget all the glitz and glamour that Hollywood would lead you to believe.  Being an “ethical hacker” (sic penetration tester) as a profession is an extremely difficult job with its fair share of ups and downs.

As a pen tester you are required to be the foremost technical subject matter expert on many different topics.  Businesses, organizations and large corporations rely on you to not only find every vulnerability within their architecture (hardware AND software), but also give them accurate and precise information on how to protect themselves and mitigate these vulnerabilities.  This requires you to understand the underlying technology behind networking, specific server OS’s and how they integrate with the application layer, services and middle-ware, etc.

Without knowing these things you cannot be a successful pen tester; the onus is on us to learn as much as we can all the time as the environment we are working within is ever evolving.  We have to wear the hat of a programmer occasionally, requiring us to know scripting languages, we have to be experts in COTS tools as well as open source tools.  We also have to be technical writers, as what good is finding vulnerabilities if we don’t report them.

If you want to be a truly successful “ethical hacker”, penetration tester, cyber security engineer, etc it is up to YOU to learn as much as you can all the time. The satisfaction you can feel once you reach a certain level of knowledge and practical skills can be awe-inspiring, however, when you snap out of it you start to feel as if you truly know nothing again as everything is changing around you constantly with new research in different fields progresses, or new technologies emerge.

Becoming a student for life is key.  Through dedication and persistence you can accomplish anything.

P.S. I hate the term "ethical hacker" - let's ditch the buzz word...

- sC

No comments:

Post a Comment