What is it like to be an ethical hacker?February 11, 2019
When a company or organization wants to know how vulnerable its networks are to a cyber-attack, how can it find out? One way is to call in a team of expert hackers who will set out to discover and exploit vulnerabilities – which can include anything from poorly secured firewalls to improperly trained employees.
In internet slang, these professionals are often known as “white hat hackers” or “ethical hackers.” Their job is to think and act just like a cyber adversary would – but for an altogether different purpose.
Depending on the client’s needs, they might conduct penetration testing or mount a red team assessment. Pen testers are frequently compared to pirates: they swoop in, identify vulnerabilities, and exploit them – in the process, demonstrating how an intrepid criminal could access everything from employee records to trade secrets.
A red team operation typically takes place over a longer period of time, simulating the efforts of a patient adversary with a specific set of objectives. The red team will not only look for technical vulnerabilities but also employ social engineering – for example, by posing as a site visitor in order to gain access to a facility and plant a device that will intercept network traffic. The exercise may also employ a blue team, whose job it is to protect the network and block the red team from achieving its goal.
Cybersecurity professionals pursuing a career as an ethical hacker typically describe it as challenging but also rewarding and fun. We asked Nathan Wray, an ethical hacker who teaches in Capitol Technology University’s cybersecurity program, to fill in some of the details.
Being an ethical hacker sounds exciting. What is it like in practice?
Wray:It is a very interesting career field; however, you do have to have the right mindset. It requires self-study and a lot of practice – so that you’ll have the skills and experience you need when you’re called to do an assessment or penetration test. Learning from others is also important. With the team I’m on, we’ll talk every day and share different tool sets.
Being an ethical hacker requires determination, but it’s also rewarding. We’re ultimately helping others – in particular, the blue team that’s responsible for defending the network – become better, by showing how an adversary could move around in their system. At the same time, we’re also becoming better, and in the process helping other red teams in the community. If we’re working with a defense contractor, or with the DoD, then we’re also ultimately helping America.
What is the process for setting up a penetration test at an organization?
Wray:Typically, the customer organization will come to the ethical hackers and request an assessment. Ground rules will be set, determining what is and isn’t allowed. Once the scope of and the ground rules have been established, we’ll go to the customer location and perform the test.
In a red team assessment, what are some of the things the blue team may do?
Wray:They could be watching different sensors, monitoring network traffic, and trying to find us – or any other adversary that might be out there.
Who do ethical hackers work for? Are they self-employed or do they go to work for companies specializing in cybersecurity?
Wray:There are multiple options. Many ethical hackers are independent consultants, working on their own or with a small team. There are also companies that specialize in ethical hacking. In the Department of Defense (DoD) space, you’ll frequently encounter teams that include military personnel as well as contractors.
What’s a typical day in the life of an ethical hacker?
Wray:I spend a lot of my time doing research, honing my skills, and experimenting with different tools. When a new tool becomes available, I’ll want to practice with it in our test environment. Looking for new capabilities and toolsets, training, building new skill sets -- all of this helps you prepare for the next engagement.
What is the most challenging part of the job?
Wray:Sometimes you’ll find yourself up against a really good defender team that makes it hard to get into the network. When that happens, you’re forced to discover new techniques that will enable you to get around whatever they are doing to prevent you.
Astechnology continues to grow rapidly and as adversaries continue to find ways to circumvent security measures, it is important for ethical hackers to stay up to date/current. An ethical hacker must have the drive to want to be a lifelong learner - to want to learn and continue learning. I say this because it is far too easy to fall behind and become stagnant in the field. To be a better ethical hacker, a person must continue to grow, learn, and adapt. The goal is not only to understand the motivations behind the adversary but to be able to better emulate the adversary. By learning new techniques and staying current, an ethical hacker is better able to assist customers in improving their security posture and protecting the organization from future attacks.