The penetration tester, previously regarded as a furtive and nerdy character who tested computer networks for security flaws, is enjoying a makeover.
First is the name change to ‘ethical hacker’, and this may explain the rising popularity of the job role among graduates. The other reasons are that the job is fascinating and, perhaps most important, practitioners are increasingly in demand.
As cyber space becomes the preferred domain for criminals and governments to wage industrial espionage, businesses big and small are hiring experts to protect their interests online. Graduates are becoming a popular choice of raw material because of the sheer amount of learning needed to perform in this role. The recent emergence of university courses dedicated to the discipline reflects this new reality.
This highly specialised and skilled role has always required an apprenticeship of sorts because of the very steep – and long - learning curve required to become a practitioner. Peter Wood, founder of First Base Technologies, reckons it takes five years from hiring a candidate to have them trained to a point where they can be let loose on a customer problem. Here are his tips for making progress as an ethical hacker.
What type of person should you be?
There’s no getting around this - you need to be highly intelligent and have a big IQ. But it’s not necessarily the intelligence that comes with a first class degree, or any degree, come to that. If you like taking things to bits to see how they work and then putting them back together again, that’s a strong clue you may have the aptitude. Whether it’s a video, a clock or a radio you’re dismantling, it’s called reverse engineering and is the method used for solving today’s software security threats.
An enquiring mind and persistence are the other distinguishing attributes that will mark you out for this career. Integrity is the other must-have. If you’ve been on the darker side of hacking, it’s unlikely that a corporate will want you in their team.
How do you get your first job?
Graduates of specialist ethical hacking degree courses, run by a handful of universities in the UK, are being hired directly by employers.
Curiously, these universities are mostly located in the north: Northumbria, University of Abertay, Dundee, Glasgow Caledonian University run degrees, as does Coventry University.
The other way to get noticed is to enter a cyber security challenge: these are becoming virtual recruitment fairs with serious industry sponsors. Last year’s event was won by a postie from Wakefield.
Are there professional qualifications?
Surprisingly, for such a cloak-and–dagger trade, there are a few. For a week’s course you can acquire the certified ethical hacker (CEH) badge. The computer hacking forensic investigator (CHFI), secure analyst (ECSA), and licensed penetration tester (LPT) programs from the same family of accreditation.
Membership of the Institute of Information Security Professionals (IISP) is a more heavy-weight kite mark of respectability, as it takes years and is accomplished only after passing an intensive peer review.
However the gold plate of ethical hacking is fast becoming the Council of Registered Ethical Security Testers (CREST), which is allied to the government-approved CHECK scheme.
What’s the job market?
There’s a shortage of cyber skills in the UK, according to the national sector council, e-skills. The salary is good too. According to ITJobswatch, the average UK salary is £48,250, a 27% increase on last year.
Search CWJobs for graduate jobs.
