Today, the ethical hacker career is a great opportunity worth exploring if you are an information security professional (or plan to become one). Wearing the 'white hat', the ethical hacker has to test security systems and
To start off with, ethical hacking is also known as penetration testing or intrusion testing. There are multiple ways to get into ethical hacking. You can be an auditor and go on to make a career as an ethical hacker. A good ethical hacker is one who knows technology inside out. He should have knowledge about operating systems and networks. The ethical hacker should understand the working of different protocols and services, as well as how different applications interact with each other. In case of a security incident, he should give viable solutions based on his knowledge, experience and industry best practices.
The ethical hacker should be able to scan a system and give out valid suggestions in case of raised vulnerabilities. Also, if you plan to choose a career in ethical hacking, you should understand the used tools, as well as how they work. There are many manuals available for checking the reports, but these are only available at a commercial level. Also, an ethical hacker needs to have programming and scripting knowledge. At the end of the day, if the ethical hacker is not a techie, he will not understand these aspects, which will cause difficulties in his career.
Ethical hacking certifications available in India
If you plan to pursue the ethical hacker career, certifications are also available to this end. For someone who is looking at an ethical hacking career, certification acts as an advantage. Certifications teach you not only technical aspect, but also the legal angle. If a person isn't certified, there are possibilities that he may face legal problems in case of an incident.
Ethical certifications range from anywhere between a week's time to three months, and cost between Rs 50,000 to Rs 1,50,000. The various ethical hacking certifications available today include:
• Certified Ethical Hacker, a professional certification provided by International Council of E-Commerce Consultants (EC-Council.)
• Certified Hacking Forensic Investigator offered by of E-Commerce Consultants (EC-Council.)
• GIAC certified penetration tester (GPEN), offered by SAN (security, audit and network)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC certified forensic analyst (GCFA).
These ethical hacking certifications will certainly help you gain knowledge and experience. It will also help you get an entry into the ethical hacking career. However, do remember that just certifications won't help. There's no substitute for hands-on experience.
About the author: Deepayan Chanda is GCIA, CHFI, CEH certified, and is a lead consultant at security practice company.
(As told to Anuradha Ramamirtham)
This was first published in July 2010