Who does ethical hacking

Ethical Hacking - Fix security deficiencies and prevent cybercrime

There is no recognized multi-year professional training as an ethical hacker. However, the EC Council, which specializes in security training and cybersecurity services, has one Certification developed. The associated IT training courses are offered worldwide by various official partners and organizations; certified EC Council trainers are responsible for implementation.

In Germany, for example, the TÜV Rheinland Academy IT courses lasting several days for the acquisition of the certificate with the official designation CEH 312-50 (ECC EXAM), 312-50 (VUE). Further recognized qualifications and certificates were issued by the company Offensive security (Offensive Security Certified Professional, OSCP) and from SANS institute (Global Information Assurance Certifications, GIAC).

Many professional hackers reject training-based certificates and rate them as not particularly practical. For companies, however, they offer an important point of reference, as they can better assess the seriousness of an ethical hacker. The certificates are also an expression of a increasing professionalization in that area. With rapidly increasing demand, ethical hackers can market themselves better through certificates, get hold of more lucrative jobs and present themselves as reputable service providers on their own websites, for example.

Certificates can be helpful for ethical hackers in acquisition, but they are not (yet) an absolute necessity. White hat hackers are currently mainly IT specialists, who usually do extensive knowledge in the following areas bring:

  • Computer security
  • Networks
  • different operating systems
  • Programming and hardware knowledge
  • Basics of computer and digital technology

Beyond these qualifications is one more precise knowledge of the hacker scene and their ways of thinking and acting helpful.

Of course there are many Career changerswho acquire the knowledge required for ethical hacking in self-study (e.g. through online research). They are also particularly suitable for demanding work IT professionalswho have acquired the basic knowledge through training as an IT system electronics technician or through a classic degree in computer science. In the Hacker-Powered Security Report of 2018, 1,698 ethical hackers were asked about their training. At the time of the investigation, almost 50 percent were working full-time in information technology. The focus was on hardware and especially software development. Over 40 percent of IT professionals specialized in security research. A high percentage of respondents (25 percent) were still studying. Also 2019 was mainly part-time chopped. According to HackerOne's 2020 Hacker Report, only 18 percent of those surveyed were involved in ethical hacking full-time that year.

Ethical hackers don't just work as external IT experts. There are also companies that do in-house permanent IT specialists train hackers to become white hats and ensure that they continuously take part in advanced training courses on (ethical) hacking and cybersecurity

White hat hackers often find specific jobs through a special tendering procedure. Use companies like Facebook, Google or Microsoft Bug bounty programs (analogous translation: bounty programs for bugs), in which they precisely define the conditions and specifications of cyberattacks and troubleshooting, and successful hackers in some cases considerable Cash rewards for found security problems in prospect. Bug bounty programs are often carried out as a supplement to penetration testing.

Internationally recognized placement platforms such as HackerOne are often involved in awarding the contract. Their 2020 Hacker Report states that hackers earned around $ 40 million in bounties in 2019 alone; A total of 82 million US dollars have been paid out since the platform was founded. Ethical hackers also acquire orders beyond such platforms through their own initiative and put their services online.