Find rich rewards but little glamour in ethical hacking

Hot skills: Penetration testing is well paid but takes stamina

What is it?

Ethical hackers attempt to use the same methods criminal hackers would use to break into an organisation's systems to expose gaps in security, which can then be closed.

These methods can be physical as well as internet-based - a team of IBM security consultants once blagged its way into the computer centre of a financial services company during working hours and took over its systems.

The number of training companies offering courses towards certification in ethical hacking, or penetration testing, has increased over the past year, with several of the pioneer companies setting up networks of authorised training partners.

The University of Abertay has introduced the first four-year BSc in ethical hacking and countermeasures, and the University of Glamorgan has launched a postgraduate certificate in penetration testing and information security.

Where did it originate?

The first organisation to target its own systems was the US Department of Defense. In 1993, two researchers, Dan Farmer and Wietse Venema, published their findings on the use of hackers' techniques to test security on Usenet. The move was widely seen as irresponsible, particularly when the pair made available the tools they had used as a package called Satan (Security Analysis Tool for Auditing Networks).

The move to open-sourcing ideas and technology has continued, and the most widely used source for ethical hacking is the Open Source Security Testing Methodology Manual (OSSTMM), a peer-reviewed methodology for performing security tests and metrics, from the Institute for Security and Open Methodologies (Isecom), which has headquarters in New York and Barcelona.

What's it for?

As well as testing the security organisations have in place, ethical hackers examine the assumptions on which security systems are based and whether they truly reflect vulnerabilities. An example of the kind of meticulous logic and lateral thinking required can be found in a deconstruction of the marketing claims of security product suppliers on the Isecom site.

What makes it special?

The work is highly paid and challenging, though far from glamorous, often requiring days of persistent, repetitive work.

How difficult is it to master?

Perhaps surprisingly, many of the best practitioners do not come from a security background. According to IBM, they include "computer users from various disciplines who took it personally when someone disrupted their work with a hack".

You will however need an exhaustive experience-based knowledge of operating systems and networks. Most courses require as a minimum a background in Windows or Unix and TCP/IP.

People who try to show their skills by breaking into systems uninvited will find themselves blacklisted. IBM and others will not hire former "criminal" hackers, no matter how talented. One of the prerequisites for any penetration testing assignment is a "get out of jail free" contract, authorising you to carry out what would otherwise be criminal acts.


Two good starting points for those wanting to get into ethical hacking are the Institute for Security and Open Methodologies, which provides OSSTMM professional security tester and analyst certifications, and UK-based 7safe, which offers the certified security testing associate/professional and certified forensic investigation analyst qualifications in conjunction with the University of Glamorgan.

Rates of pay

Ethical hackers earn between £30,000 and £60,000. Rates are much higher for the most senior consultants.

Read more on IT risk management