It hasn’t been a good year for cybersecurity. People are being RATted and swatted, governments are leaking, and companies are being phished. In the Netherlands, DDoS attacks hit three large banks as well as the Dutch tax office over the past few days, temporarily blocking all web traffic.
For those of us just trying to get our Netflix on, surf for the latest memes, and indulge our laziest instincts by banking, shopping, and working from the couch, the internet is becoming an increasingly scary place.
And it could get scarier. In the next decade, as more and more things become connected to the Internet of Things and thus vulnerable, hacking has the potential to put our lives and even our civilization at risk in countless ways – from precipitating nuclear war to causing global blackouts or even destroying the global economy.
Therefore, it brings some measure of comfort that in addition to “bad hackers,” also known as “Black Hats,” there are now good, ethical, hackers who can protect us in these dark times where even your refrigerator and your precious snacks aren’t safe from internet trolls.
The “good” hackers, known as ethical hackers or “White Hats” use the same methods and techniques as Black Hats to bypass a system’s defenses. However, rather than taking advantage of vulnerabilities, they provide advice on how to fix them.
Where Black Hats make their living through theft, fraud, and extortion, White Hats work within the system, employed by cybersecurity companies, security departments of large organizations, or chasing after bug bounties to make a living.
Black Hat VS. White Hat
To the uninitiated — let’s call us the plain old dunce hats —these hackers’ methods of controlling everything from our webcams and bank accounts to our refrigerators and cars amount to about as close as we can get to modern black magic. So with all of this talk of black hats and white hats I tend to think of the conflict between the Black Hats and White Hats as similar to the battle between Saruman and Gandalf.
And right now, it’s looking a lot more like The Fellowship of the Ring out there than The Two Towers:
Where in the past, Black Hats needed crime skills as much as coding skills, recently dark web forums have emerged that enable hackers of all stripes to easily become black hat vendors for crime without exposing their identities.
This has led to a mass influx of coders of all specialties into Black Hat hacking and has created an entire growing professional class of cybercriminals. As a result, 2017 was one of the worst cybersecurity years on record: $5 billion in global ransomware damages and 791 US data breaches.
To win the war we need more White Hats. Luckily, as the internet becomes more dangerous cybersecurity spending is reaching new heights: 86.4 billion in 2017 to be exact. As a result, White Hats are attracting increasingly hefty compensation packages — so it’s never been a better time to take up the ethical hacker charge and protect the massive amount of internet muggles like myself just trying to watch cat videos.
So the question remains: Do you have what it takes to fight Black Hats in the war for the internet? Or are you better off hiding in the trenches?
Here are five signs you would make a lousy (ethical) hacker.
# You can’t think like a hacker with a questionable moral compass
Sun Tzu’s Art of War says: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
The war might have moved to the internet, but the principle is the same.
There is a reason many of the top white hat hackers are former black hat hackers who got caught and left a life of crime to put their skills to work in a more legal way. Ethical hackers need to be able to think like an unethical hacker to discover the vulnerabilities that a Black Hat might exploit.
This means knowing the ins and outs of Trojans, RATs, password cracking, phishing, rootkits, social engineering, keyloggers, and more. It also means cybersecurity professionals need to master other nefarious skills, such as manipulation and social engineering. To be effective, at times a White Hat needs to be able to persuade their colleagues, or at least their employers’ colleagues, to disclose credentials, restart or shut down systems, or execute files.
# You actually have a questionable moral compass
While being an ethical hacker can be profitable, so can being a Black Hat. As an ethical hacker, you have access to confidential information and a lens into your employer’s vulnerabilities. These vulnerabilities and confidential information can carry a high price on the dark web.
The temptation to take advantage of vulnerabilities you discover as an ethical hacker to a make a quick buck can be incredibly high. In fact, some of the most famous ethical hackers have been caught red-handed working both sides. Even if you don’t get caught or convicted, crossing ethical lines will likely kill your ethical hacking career eventually. Ethical hacker jobs often require security clearances and polygraph testing that make illegal activity tricky.
# You are unable to teach yourself anything and hate all forms of education
There are no standardized educational criteria — every organization can impose its own requirements — for becoming an ethical hacker. In fact, 58% of hackers say their skills are self-taught. However, approximately half of the ethical hackers studied computer science at an undergraduate or graduate level.
So while there are no standard education criteria for becoming an ethical hacker, having a bachelor’s (or even better) a master’s degree in information security, computer science or even mathematics sure doesn’t hurt.
# You are a terrible spy
Yes, ethical hacking is even cooler than you thought. Spy skills are required.
Not all aspects of ethical hacking are digital. Sometimes, to find vulnerabilities ethical hackers need to get their hands dirty. Security experts refer to the security features of a facility as “physical security.” Penetration testing also must involve attempts to compromise physical security.
And yes, this does mean ethical hackers sometimes have to do spy things like trying to break into physical facilities (in other words, not over the interwebs). Sometimes this means tailgating through an access gate, using a grappling hook (maybe not), drinking martinis shaken not stirred (almost certainly not), or using social engineering to get around physical security controls.
For this reason, for those who aren’t college bound, a military background, especially in intelligence, can help prepare you for an ethical hacking career.
# Your ego is larger than life
Cybersecurity is constantly changing because attacks and vulnerabilities are always evolving. Black Hat Hackers can change their tactics just as soon as ethical hackers reverse engineer them.
They sidestep security by changing their IP addresses, adding a few lines of code to their malware, and relentlessly picking apart apps, websites, and devices to find vulnerabilities to exploit. Worse, many experts now believe that Black Hats are outperforming White Hats in terms of both experience and daring.
Even worse, Black Hats have math on their side — they can launch thousands of attacks quickly, and they only need to be right once. White Hats need to protect massive systems against attacks and be right every single time.
Long story short, as an ethical hacker you should be prepared to take a few losses and to constantly be learning and evolving your approach.
Final piece of advice: do get trained and certified.
Once you are ready to start your ethical hacking career and to take on the Black Hats in the war for the internet, there are lots of resources to get trained and certified. An ethical hacking and security-related IT certification is critical to getting your foot in the door with employers.
This post was brought to you by PwC.