A career as an Ethical Hacker

Have you ever watched a good movie with hackers in it and you just thought: “Wow I wish I could be that good with a computer!”? If this is true then maybe you should consider a career in information security. Hackers don’t do it the way you see it on movies though; nor do the guys on the defending side against those attacks.

Hacking isn’t about typing furiously at a computer and throwing hieroglyphic-like commands at it. No! Hacking is actually well structured tactical work that involves research, software tools and so on. Often the people who perform such exploits are not even trained IT professionals, rather just people who know how to exploit certain software tools to breach network security, crack passwords and trick people into giving up their passwords or other valuable bits of data like credit card numbers.

You may be asking yourself by now if I’m trying to get you interested in becoming a hacker. Lol. The good news is there are “good” and “bad” hackers, ethical hacking and illegal hacking, White Hats and Black Hats. Ethical hackers are those professionals that are hired by Companies to try and hack their network. A report will then be produced identifying loopholes if any are found and any other relevant recommendations. The job of an information security professional usually includes:

  • Crafting strategies to prevent and mitigate attacks
  • Training users on how to avoid falling for attack strategies
  • Monitoring the network and computers on a network
  • Carrying out the same attacks that a malicious hacker might attempt as a way of testing security and identifying loop holes. This is called Penetration Testing

Information security is a tricky field for formal qualifications in that it tends to be reactive instead of proactive. What does that mean? Exploits are weaknesses in software that are used by hackers or other harmful software to carry out an attack. As technology advances and new software is released, you will have to recertify and update your skills to include those new technology fronts. To become a good security expert you have to keep reading up on current software packages. A good formal qualification may set you on your way: but it definitely won’t suffice for the task ahead.

To become a security professional it is necessary to get a good understanding of networking and programming. So a qualification that gives you those skills is a good start. It may be a degree or a diploma in information systems or other qualification. Some study options available in Zimbabwe include:

  • Bachelor of Technology in Information Security & Assurance : This is a 4 year full-time study programme offered by the Harare Institute of Technology( HIT). HIT requires you to have “at least 2 ‘A’ level passes including Mathematics and Physics or Mathematics and Computer Science or Mathematics and any other relevant science subject”. Or NC, ND or HND in Information Technology (HEXCO) or equivalent
  • Certified Ethical Hacker (CEH): This is a certification offered by the Ecommerce Council which is based in America. There are a number of training institutions locally that offer tutoring for this qualification. You may also opt to buy material online include video training and then register at any Prometric exam center. The concept with ethical hacking is, you study hacking and then use your knowledge to stop hackers. The actual exam will set you back (or forward) around $500.
  • Certified Information Systems Security Professional( CISSP): This is an internationally respected and well-paying qualification which you should definitely look into if you do decide to get into this area. You can check them out here: https://www.isc2.org/cissp/Default.aspx
  • CompTIA Security+ : This is another well rounded qualification which you can do locally with some training institutions. It is also one of the scurity qualifications recommended by the U.S Department of defence for their employees.

Job Opportunities:

Cyber security is currently one of the fastest growing employment fields. As systems get more and more online and move into the cloud, information security will become a critical issue. Some of the career options you can explore include:

  • Security Consultant
  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Information Security Officer
  • Director of Security
  • Network Architect
  • Computer Crime Investigator
  • Penetration Tester
  • Software Engineer
  • Network Administrator
  • IT Auditor