How Ethical Hackers Are Changing the Game in Cybersecurity

It’s strange to think about, but imagine walking into a business and saying, “Yes, hello. I’d like to hack your entire computer network…ethically.”

If the company was smart, they’d respond: “That sounds great—let’s talk.”

The Need for Ethical Hacking

Ethical hacking has become a highly in-demand field. Ethical hackers can conduct a variety of useful assessments (Ahmed, 2021), including:

◉ Exploring a company’s security system to find vulnerabilities

◉ Assisting a company in developing appropriate training tools to close security loopholes and prevent social engineering and phishing attacks

◉ Making recommendations about network vulnerabilities and how to address them

Ethical hacking works well when combined with other cybersecurity measures, such as penetration testing. Penetration testers check for weak points in computer networks, analyze security systems, and identify openings that ethical hackers can exploit. Penetration testing is the first step in testing a network’s security, since it often happens after a vulnerability assessment (a test that helps show where weaknesses lie).

What Is a Certified Ethical Hacker?

EC-Council’s Certified Ethical Hacker (C|EH) certification allows cybersecurity professionals to demonstrate their competency in the technical skills required to perform ethical hacking. The certification teaches learners how they can use the most up-to-date hacking tools and information about security flaws to better protect their clients.

The C|EH certification from EC-Council is the leading ethical hacking course available today, as it teaches an array of skills unavailable elsewhere. In the C|EH program, you’ll learn about numerous essential topics, including vulnerability assessments, social engineering and phishing tactics, and penetration testing.

Certified Ethical Hackers Create Value

Ethical hackers have a significant and positive impact on the business community. Consider the following:

◉ Billions of records—including sensitive personal information—have been compromised in hundreds of attacks over the past few years (Lazic, 2021), and businesses are growing increasingly nervous about cybercrime’s potential impact.

◉ By October, the number of cyberattacks in 2021 had already eclipsed all of 2020 (Brooks, 2021).

◉ The average cost and overall number of cyberattacks continue to grow, with ransomware attacks becoming increasingly common (Insurance Information Institute, 2021).

The fact that cybercrime has become such a massively pressing issue demonstrates the importance of ethical hackers. Businesses increasingly need to develop robust anti-hacking protocols, and ethical hackers are a vital part of these security plans.

Career Opportunities for Certified Ethical Hackers

Ethical hacking certifications are not only good for businesses that hire certified ethical hackers—they’re also good for ethical hackers themselves.

What does this mean, exactly? Career opportunities. The demand for ethical hackers is rising, and as many as 3.5 million new computer security positions may open up in the next 3 years; however, hundreds of thousands of these jobs will go unfilled unless more people become qualified cybersecurity professionals (Morgan, 2021).

The laws of supply and demand will likely apply here, pushing salaries higher. As of March 2022, the average salary for a certified ethical hacker is around USD 103,000 (Salary.com, 2022). This salary is well above the average American’s annual pay, and it seems likely to increase in the future.

Comparing Cybersecurity Certifications

EC-Council’s C|EH is the leading certification for those seeking a career in ethical hacking. While you may have seen the C|EH compared with other certifications, like CompTIA’s Security+ and PenTest+, you should know that these comparisons are misleading. Directly comparing the C|EH certification with Sec+ or PenTest+ fails to consider the C|EH’s unique strengths.

The truth is, there’s no one-to-one comparison for these certifications—each is designed to achieve different things. A better comparison would be EC-Council’s Certified Cybersecurity Technician (C|CT) versus Security+ or EC-Council’s Certified Penetration Tester (C|PENT) versus PenTest+. These offerings from EC-Council have numerous advantages, including flexibility, more up-to-date curricula, and integration of real-world examples and practice.

How to Become an Ethical Hacker

Becoming an ethical hacker can be exceptionally useful. Ethical hacking is a valuable skill that can protect an organization and position you for significant career success.

At EC-Council, we’ve developed a robust curriculum for the C|EH program: a serious, in-depth certification designed to give you the industry-relevant skills necessary to become an ethical hacker.

In the C|EH course, you’ll learn about a wide variety of aspects of ethical hacking, including:

◉ The 18 most common attack vectors used by hackers

◉ Modern exploit technologies, including application to existing, new, and emerging vulnerabilities

◉ Contemporary and ongoing cyberattacks, including what you can learn from them and how ethical hackers could have helped prevent them

◉ How to stay on top of the latest technological developments to ensure that your skills are always as sharp and up to date as possible

Source: eccouncil.org

Continue reading

Understanding the Basics of Footprinting and Reconnaissance

Footprinting and reconnaissance are two essential steps in any security assessment (Hunt, 2021). They help provide a blueprint of an organization’s security posture and can uncover potential vulnerabilities. This article will discuss footprinting, reconnaissance, and different types of footprinting methodologies. We will also look at what information can be gathered through footprinting and how it can improve organizations’ cybersecurity.

What Is Network Footprinting?

“What is network footprinting?” is a common question among novice ethical hackers. It is the process of identifying and understanding the security risks present in an organization. Like reconnaissance, it involves gathering as much information about the target as possible, including information that may not be readily available online. This information can then be used to build a profile of the organization’s security posture and identify potential vulnerabilities.

There are two main types of footprinting: passive and active.

◉ Passive footprinting: Gathering information from publicly available sources such as websites, news articles, and company profiles

◉ Active footprinting: Using more intrusive methods to access sensitive data, such as hacking into systems or applying social engineering techniques

The type of footprinting approach you use will depend on what information you want to collect and how much access you have to the target. For example, if you’re going to collect information about an organization’s network infrastructure, you may need to use active footprinting methods such as port scanning and vulnerability assessment. However, passive footprinting will suffice if you want to gather publicly available information, such as the names of employees and their contact details.

What Is Reconnaissance?

Footprinting is a part of a larger process known as reconnaissance. Reconnaissance is the information-gathering stage of ethical hacking, where you collect data about the target system. This data can include anything from network infrastructure to employee contact details. The goal of reconnaissance is to identify as many potential attack vectors as possible.

Data collected from reconnaissance may include:

◉ Security policies. Knowing an organization’s security policies can help you find weaknesses in their system.

◉ Network infrastructure. A hacker needs to know what type of network the target is using (e.g., LAN, WAN, MAN), as well as the IP address range and subnet mask.

◉ Employee contact details. Email addresses, phone numbers, and social media accounts can be used to launch social engineering attacks.

◉ Host information. Information about specific hosts, such as operating system type and version, can be used to find vulnerabilities.

Footprinting Methodology

There are many different ways to approach footprinting, but all approaches should follow a similar methodology. This includes identifying the assessment goals, gathering information about the target, analyzing this information, and reporting your findings.

The first step is to identify the goals of the assessment. What do you want to achieve by conducting a security assessment (Arora, 2021)? Do you want to find out how easy it would be to hack into the organization’s systems, or do you want to gather general information about the organization’s network infrastructure?

Once you have identified your goals, you can gather information about the target. This includes anything relevant, such as the company’s name, website, contact details, and relevant social media profiles. It is also essential to gather information about the organization’s security posture, such as what type of security measures they use and how they are implemented.

Once you have gathered all this information, it needs to be analyzed and evaluated. What threats does this data pose to the organization? Are there any areas of weakness that an attacker could exploit?

Finally, what recommendations can you make to improve the organization’s security posture? Reporting your findings is an essential part of the footprinting process. You need to provide a detailed report that outlines your conclusions and recommendations. This will help improve the organization’s awareness of cybersecurity threats and help it take steps to mitigate these risks.

Information Gathered Through Footprinting

The information gathered during a footprinting assessment can be used in many different ways. It can be used to improve an organization’s security posture by identifying vulnerabilities and recommending corrective actions. It can also be used in future penetration tests or red team exercises (Forbes Technology Council Expert Panel, 2021) to assess the effectiveness of security measures.

Finally, it can also be used as evidence in the aftermath of a data breach or cyberattack. Having a comprehensive record of its security posture can help an organization show that it took all reasonable steps to protect its data.

How Footprinting Is Used

Footprinting in ethical hacking is a common technique used by security professionals to assess an organization’s security posture. It can be used as part of a more extensive assessment or in isolation and can provide valuable information about the organization’s cybersecurity vulnerabilities.

For hackers, footprinting can be used to gather information about a target that can then be incorporated when planning an attack. This includes information such as the names of employees, contact details, and social media profiles.

The Golden Career Opportunity: Start Your Cybersecurity Journey

Learning footprinting is an excellent way to get started in cybersecurity. It is a relatively simple concept, and there are many tools and resources available to help you get started. There are also many job opportunities available for those with cybersecurity skills like footprinting, which opens up a world of possibilities for your career.

For those looking to get into or improve their competencies in cybersecurity, it’s essential to take an accredited course to ensure that you have the most up-to-date knowledge and skills. EC-Council is one of the world’s largest cybersecurity training and certification providers, with courses covering everything from penetration testing to digital forensics. The Certified Ethical Hacker (C|EH) is one of EC-Council’s most popular courses. The C|EH program covers the basics of ethical hacking, teaching you how to find and exploit weaknesses in systems using the latest methodologies and tools.

Whether you’re looking to get started in cybersecurity or improve your existing skills, EC-Council has a program for you. With world-class instructors and a wide range of courses, you’ll be able to find the perfect fit for your needs, from the basics of footprinting and reconnaissance to advanced penetration testing techniques. Equipped with the knowledge and skills you’ll gain from these courses, you’ll be ready to take your cybersecurity career to the next level.

Source: eccouncil.org

Continue reading

Understanding and Preventing Social Engineering Attacks

According to PurpleSec (2021), 98% of cyberattacks rely on social engineering. The same report indicates that new employees are the most susceptible: 60% of IT professionals cited recent hires as at high risk of falling for social engineering tactics.

Social engineering attacks use deception, coercion, or other interpersonal methods to achieve an illegitimate or fraudulent outcome. As Jenny Radcliffe, founder and director of social engineering cybersecurity firm Human-Centered Security, says: “Criminals use the fear, the uncertainty, and the doubt—or FUD, as we call it in the business—to create this atmosphere of uncertainty in people’s heads” (Tanium, 2020, para. 11).

Read More: EC-Council Certified Chief Information Security Officer (CCISO)

In this article, we’ll cover the top social engineering attack methods and explain how to defend against them.

Social Engineering Attack Patterns

Social engineering attacks all follow a broadly similar pattern. First, the hacker identifies a target and determines their approach. They then engage the target and build trust. Next, they launch the attack. Finally, once the hacker has what they want, they remove the traces of their attack.

CNN ran an experiment to prove how easy it is to pull off these types of attacks (O’Sullivan, 2019). In the experiment, a hacker successfully obtained a CNN tech reporter’s home address and cell phone number by calling a furniture store where the reporter had recently purchased an item. She got the name of the store from a tweet where the reporter had shared information about his latest purchase.

Spear Phishing

Between March 1 and March 23, 2020, Barracuda Sentinel researchers identified 467,825 spear-phishing email attacks (“Coronavirus-related spear phishing,” 2020). Spear phishing targets specific individuals with malicious attacks that exploit the target’s trust to get them to divulge sensitive information.

A spear-phishing attack starts with investigation. The goal is to gather enough information about the target to fool them into believing the attacker is a trusted person or entity. Attackers often pose as a friend, coworker, or supervisor.

In spear-phishing attacks, hackers send emails that appear to come from a trustworthy source, such as a bank or favorite retailer. The email encourages the recipient to follow a link that enables the hacker to obtain sensitive information, like usernames, passwords, and credit card numbers.

Why Spear Phishing Works

Spear phishing uses the element of trust. People let their guard down when they trust someone. Cybercriminals use this technique because it is an easy way to convince a target to carry out a desired action.

How To Avoid This Type of Social Engineering Attack

One of the easiest ways to stop phishing attacks, including spear phishing, is to carefully check the sender’s email address. Phishing emails that might at first appear to come from a well-known business often have slight spelling variations that are difficult to detect without paying close attention.

It’s also a good idea to check the subject line of the email. Phishing emails often attempt to create a sense of fear or urgency to get the recipient’s attention. Words such as “Important,” “Urgent,” or “Account Past Due” are all red flags.

Baiting

Baiting is a type of social engineering attack in which the cybercriminal lures the target by using a reward as bait. The goal is to gain confidential information or access to a company’s internal network by offering the target something they can’t refuse—for example, a free download or participation in a contest to win money.

Why Baiting Works

Humans are curious by nature. Cybercriminals know this and construct offers that seem too good to be true. If the offer is compelling enough, the target is more likely to divulge sensitive information.

How To Avoid This Type of Social Engineering Attack

Be wary of emails, links, posts, and advertisements. If something looks suspicious, don’t click on it. Likewise, don’t respond to emails that request sensitive information to be provided via email, and before sending personal information online, check the URL. Cybercriminals are good at making sites appear legitimate, so look for slight misspellings or a different domain, such as .net instead of .com.

Quid Pro Quo

In a quid pro quo attack, also known as “gift exchange,” the attacker tries to get a favor from the target in return for something desirable. Similar to baiting, a quid pro quo attack involves a cybercriminal offering to do something that benefits the target but requires the target to perform an action in exchange.

Read More: 312-50: Certified Ethical Hacker (CEH)

For example, the attacker may call several extensions at a company and pretend to be calling back about a technical support issue. When they identify someone with an existing support issue, they pretend to help the target. However, they instruct the target to perform actions that (unbeknownst to them) will compromise their machine.

Why Quid Pro Quo Attacks Work

People fall for quid pro quo attacks because they believe the task they’re being asked to perform is small and insignificant. These tasks could range from giving out their email address to accepting software upgrades. Attackers are more successful in getting the information or access they want if they make requests that don’t require a significant commitment from the target.

Quid Pro Quo Attack Prevention

As a rule, don’t provide sensitive information unless you initiated the exchange. Verify the company by calling back on a publicly posted phone number. If something seems suspicious, hang up the phone.

Source: eccouncil.org

Continue reading

Ethical Hacker or Forensic Investigator? The Ideal one for you...

Security of information is a matter of prime concern in today’s information based economy. It is the responsibility of every employee of a company to keep important data safe from the intruders and hackers. The increasing use of social engineering has increased the risk of attacks on the information data of any company or business establishment. To secure  company’s data from attackers, everyone in the company has to be a part of its security system. It has been proved through various studies that most of the incidents of data theft occur due to lack of training and knowledge of keeping it secure. To ensure security of data, most of the companies have started taking services of ethical hackers or computer hacking forensic investigators. In order to understand who is better of the two, you must know some basic facts about them.

Ethical Hackers

Some institutes provide training program for certified ethical hackers to train the aspirants about keeping the data safe from malicious hackers. One must have foundational knowledge of computer Operating Systems and Networking protocols to be a part of this training program. After completing their training program, certified ethical hackers use their knowledge and tools to reveal the weaknesses in the computer system of an organization. They also suggest about the precautionary, remedial and defensive measures after detecting the weaknesses of a system. They are trained to protect all types of networks from unwanted hackers.

During the training program of certified ethical hackers, the students get familiar to an interactive environment in which they are taught about scanning, testing, hacking and securing their own computer system from attackers. Each student is provided with detailed theoretical and practical knowledge about the essential current security systems in the lab intensive environment. They gradually start understanding the working of defense systems along with scanning and attacking their own computer systems without harming them. They are also taught about the escalation of privileges done by intruders and how to save the system from them. Policy Creation, Intrusion Detection, DDoS Attacks, Social Engineering, Virus Creation and Buffer Overflows are the other fields of learning for a certified ethical hacker. After completing this program successfully, one can start his career as a certified ethical hacker with any business organization or security agency to save their computer systems from malicious hackers.

Fig: Architecture of a D DoS Attack

Forensic investigators

Forensic investigators, or hacking forensic investigators, are the professionals who work for detecting the attacks of hacker on the computer system of an organization along with extracting the evidences properly to report the crime to the higher authorities. They also help in preventing the hacker attacks in future by auditing the system thoroughly. The simple meaning of computer forensic is the application of the techniques of computer investigation and analysis to determine potential legal evidences for the safety of the computer system of the organization in future. These evidences can be required to resolve a number of computer related misuse or crimes along with theft or damage of intellectual property, frauds and theft of trade secrets etc. In order to discover the data or recovering encrypted or deleted data or information of damaged files from in the computer system of an organization these computer hacking forensic investigators use various methods.

With the increase in number of cyber-crimes and other conflicting situations, it has become necessary to analyze the computer systems through a competent investigator to find out and secure the evidences on electronic system. These evidences become important in various situations including hacking of computer, disloyalty of employees, breach of contract terms, misuse of pornography, email frauds, industrial surveillance, disputed sacking of employees, bankruptcy, theft of company’s documents and defacement of web pages etc.

One can be a certified computer hacking forensic investigator after attending the training program and passing the exam offered by a number of institutions. You must be having fundamental knowledge of the operating systems of the computer along with networking protocols to be an eligible candidate for this certification course.

After completing this course you are enabled to identify the evidences carefully and systematically in case of any abuse of computer system or in case of computer related criminal. For this purpose you will have to trace out how the hacker has intruded the computer system of your client to find out the signs of fraud and trace the creator of offensive emails. The candidates of this course are provided with the skills necessarily needed to identify the signs of hackers along with gathering the evidences properly to put the culprit on trial in the legal court.

The course of computer hacking forensic investigator is beneficial for defense and military personnel, police and personnel of other law enforcement agencies, system administrators, security professionals of an e-business, Banking and Insurance professionals, legal professionals, IT managers and professionals of government agencies etc.

Which is ideal Ethical Hacker or Forensic Investigator?

In fact, the basic purpose of ethical hacker and computer hacking forensic investigator is to keep the important data of a business organization or a security agency safe from the malicious hackers. But ethical hackers investigate only the probabilities of hacking a computer system and fix the weakness of the system. The computer hacking forensic investigators, on the other hand, also collect evidences to prosecute the hackers in the court of law along with detecting the reasons of intrusion by the hackers. Both ethical hackers and forensic investigators are performing well in their respective fields.

Continue reading

How To Become a Professional Hacker

Demand for IT Security professionals is very strong right now, and many people are wondering how to get into the action. You need only turn on the news to hear of the latest cybersecurity breach, and this visibility means more companies are paying attention to Information Security than ever before. This is good news for IT Security Professionals with the right skills and experience, as well as newcomers to the field. You have come here to learn how to become a Professional Hacker, an elite cybersecurity professional with a very bright employment outlook.

This article discusses one particular role in the cybersecurity career landscape, the Penetration Tester, and examines the job responsibilities, skills, and personality traits that allow an individual to thrive in that role. We also examine how one might learn those skills and position oneself optimally as a candidate for employment as a Penetration Tester.

What Is a Hacker?

The term “hacker” has several meanings, beyond the obvious, which is “one who hacks.” Originally a derogatory term for someone lacking sufficient skills to do a task with finesse, “hacker” has come to mean an individual with sufficient knowledge to misuse computer software or infrastructure to achieve results that are inconsistent with their design and purpose. Simply put, a hacker uses computer resources in ways that achieve their own ends, not those of the owners. Very often this means the theft of valuable sensitive information for monetary gain. In fact, this is the type of hacker that we hear most about, because news of large breaches are shocking, scary, and newsworthy. This type of hacker is a criminal and is breaking the law as they go about their work.

What Is a Professional Hacker?

A “Penetration Tester,” on the other hand, is employed or engaged by an organization to test its defenses and report any vulnerabilities discovered and how they could be exploited. This individual has a highly valued skill set that allows them to examine an organization’s software and infrastructure and make specific recommendations on how better to secure them. Penetration Testers are in great demand and command impressive compensation.

A Penetration Tester is a professional hacker.

What Skills Are Needed?

Clearly, penetration testing requires extensive knowledge as well as a broad and advanced skill set. This includes a strong grasp and effective mastery of the following:

◈ Computer networking concepts, protocols, appliances
◈ Software, web-applications, including architecture, and the software development lifecycle (SDLC)
◈ Penetration Testing methodology, tools
◈ Vulnerabilities, malware, and weaknesses
◈ Cybersecurity best practices
◈ Communication Skills, written and verbal
◈ It is not for the faint of heart, but nor is it out of reach. With planning and a deliberate approach, each of these topics can be mastered in time.

IT technical roles can be broadly categorized into two categories: software development (a.k.a. applications) and infrastructure (a.k.a. networking), so it is often the case that Penetration Testers master one side or another early in their career before bolstering up the other side. The greater the degree to which an individual has mastered the areas above, the more versatile (and therefor more employable) is that individual as a Penetration Tester.

Skill Development

As we noted above, other roles in IT can provide a springboard into cybersecurity and penetration testing positions. An individual with strong expertise in networking or infrastructure will often just require concentrated training on core Penetration Testing skills and tools to round out their qualifications. Indeed, there may be much in the way of review in the journey.

Of course there are training courses that can help you acquire the necessary skills, some more focused and concentrated than others. College and university offerings are likely to be the most in-depth, albeit at greatest cost and time. Private training classes are another option, but be sure to have a comprehensive plan to ensure that all relevant subject matter is addressed within whatever patchwork of offerings are cobbled together. Yet another approach, which is faster and less expensive than the others, is to study specifically for the Penetration Testing role. This can be an effective approach for individuals with significant overlapping IT experience.

Certification

One important way to distinguish yourself from the competition and land that next job may be to earn one or more relevant industry-recognized certifications. This demonstrates a commitment to the profession and role to which you aspire, as well as an independent endorsement that a certain core knowledge base has been achieved.

In fact, in the face of high demand for qualified Penetration Testers and a low supply of qualified applicants, hiring managers will be practical and will naturally bias towards hands-on ability vs. formal education. This means the right certification(s) can get you past the gatekeeper for an interview.

Our favorite for Penetration Testing is the EC Council Certified Ethical Hacker (CEH) certification. Hiring managers know that a CEH certified candidate for a Penetration Testing role has made a commitment to the field and is familiar with all the relevant skill areas. A certification such as CEH can be a discriminating factor in landing you a job.

Familiarity With PenTesting Tools

Penetration Testing relies extensively on software tools, and while there is no official tool-set, there are certain tools and commands that you simply must be familiar with in order to have any credibility in the field. Note that we are not describing a superficial knowledge; to be productive you must have hands-on expertise with a certain critical core set of tools.

Another advantage of Penetration Testing-oriented training is that those tools will be covered, and you will have the opportunity to work with them. More importantly, you will come to understand the problems they solve and when they are the “right tool for the job.”

I have asked job candidates questions such as, “what would be a good tool choice in the following situation…?” as well as, “what are the trade-offs between using tool X and Y in this scenario?” This approach separates the book learners from the hands-on practitioners.

Certified Ethical Hacker (CEH) Certification

One of the reasons we rate the EC Council CEH Certification so highly is that we are very familiar with it. Affinity IT Security is an EC Council Accredited Training Center (ATC), and we offer CEH Certification preparation training. The CEH Certification coverage is both broad and practical, and it includes the opportunity to get hands-on experience with a large set of Penetration Testing tools. The examination is carefully engineered to assess both the taker’s knowledge and abilities by including real-world scenarios and questions about specific tools.

Preparing for and passing the exam is one means by which you can acquire and strengthen the necessary skills to be a professional Penetration Tester, enhance your credentials, and distinguish yourself from the competition.

More information on Affinity IT Security CEH Training can be found here.

Is Hacking For You?

In addition to the technical skills and credentials discussed above, the ideal candidate for the role of Penetration Tester must possess the following personality traits:

◈ Strong analytical skills
◈ Natural tenacity and persistence
◈ Curiosity about how things work
◈ A pathological willingness to upend designer expectations
◈ Strong communication skills
◈ A strong moral compass

Continue reading

On Hiring a Hacker

One could argue that there are two crises in the IT world today. The first is the seeming inability of many (or even most ?) companies to secure their IT infrastructure, and the second is the shortage of talent to help them do so. This article will explore the motivations and challenges that businesses face in hiring qualified individuals for Information Security roles, with special attention to the roles that hackers play.

What is a Hacker ?

Let’s start by clarifying what we mean by a “hacker.” In its modern and colloquial meaning, it refers to an individual who has the skills necessary to bypass the conventional deterrent controls we deploy to protect our IT resources and sensitive information. The term is often prefaced by “black hat” or “white hat” (think: Western movies) to distinguish those that act in their own interest to defeat an organization’s security from those acting to improve the security of an organization. In practical terms, this means that “white-hat” hackers, also known as “Ethical Hackers,” have previously obtained the permission of the organization they attempt to breach, whereas “black-hat” hackers have not.

The irony, of course, is that there is huge overlap in the skillset of black-hat and white-hat hackers, and the same skills that enable one to breach an organization’s security also empower one to make specific and concrete recommendations as to how to improve it.

Why Hire a Hacker?

When I was a kid (totally dating myself here), there was a popular TV series called “It Takes a Thief,” starring Robert Wagner as a reformed elite criminal who assisted law enforcement in catching criminals. (As an aside, he was highly skilled, and very cool for the times.) The underlying premise of the show was “to catch a thief, you need a thief.” In other words, to anticipate what the bad guys will do, you need to think like them. You probably see where I am going with this.

The conventional approach to cybersecurity is to embrace a continuous ongoing improvement model that iteratively assesses risk, identifies and implements risk-reduction controls and policies, and then measures against practical success criteria; rinse and repeat.

The role of the hacker comes into play during the “measure against practical success criteria” portion of the process. A typical goal of cybersecurity initiatives is to reduce the number of network and software vulnerabilities, particularly those that are “exploitable” (i.e. can be used to effect a breach). Who is better qualified to find them and recommend deterrents that a professional hacker?

The professional job title is “Penetration Tester,” and it describes someone responsible for the ongoing security testing of network infrastructure, web-applications, and other software. The deliverables are typically test reports that detail the vulnerabilities found, whether and how they were exploited, and recommendations for their elimination.

Regardless of whether it is is full-time or part-time, employee, contractor, or vendor, a Penetration Tester is an essential role within any company that seriously hopes to thwart attackers.

Finding a “Hacker”

Assuming that you agree with the premise that you would be better off having a friendly hacker testing your infrastructure before a hostile one does, the question becomes how you find one that best serves your needs. The avenues are fairly obvious:

◈ Try to hire one
◈ Try to grow one inside the organization
◈ Contract one

As you ponder which of the options is viable within your organization and situation, recall our earlier premise that there is currently a dearth of cybersecurity talent, and consequently proficient Penetration Testers are neither common nor cheap.

Qualifying a “Hacker”

Candidates must be carefully screened to ensure they have the necessary skills. This is often especially challenging because the hiring organization may be completely lacking in those skills themselves. The organization might engage a specialized recruiter or consultant to assist them, but this is sounding more expensive by the minute. I can hear managers saying, “I was lucky enough to get the headcount to begin with; I can’t go asking for more funding to qualify them.”

Thus, we broach the topic of Certifications: topic-specific industry standard accreditations that professionals may earn to demonstrate their knowledge, expertise, and commitment to their profession. Such professional certifications are essentially third-party endorsements that an individual has demonstrated a core knowledge of a particular subject.

IMPORTANT: Certifications are no substitute for a rigorous interview and qualification process for candidates, and I am not suggesting otherwise. It is safe to ask, however: if all other things are equal, why wouldn’t you choose the candidate with relevant industry recognized credential(s)?

In the context of Penetration Testing, one such certification is the “Certified Ethical Hacker,” developed and managed by the EC Council. It is one of many, but a good example of a widely recognized, highly respected credential that demonstrates the holder has made a study of Penetration Testing.

A “Certified Ethical Hacker” (CEH)

If we consider the actual skills that an effective Penetration Tester must bring to the table, the list is extensive and intimidating.  The individual must be knowledgeable in the following areas:

◈ Networking, wired and wireless
◈ Host and service discovery
◈ Network and Application (desktop, web, and server) Vulnerability Scanning
◈ Vulnerability Exploitation
◈ Social Engineering
◈ Technical Writing
◈ Technical Presentations

We must then consider the hundreds of tools available in each of these areas and acknowledge that a working competency of at least one tool in each area is necessary.

It is a formidable skill set, which leaves no wonder as to why such individuals are in scarce supply.

The Certified Ethical Hacker certification realistically acknowledges these requisite skills and does its best to test for them in the form of a 125 multiple-choice, 4-hour proctored examination. Exam preparation training is typically grueling: 5 full days of lectures and hands-on labs, punctuated with thought-provoking mock exam questions.

Concluding Thoughts

Readers (who remain conscious at this point) will note that we made the following arguments, which I am elaborating slightly for dramatic effect at the end of the article:

◈ It is a good idea to have a Penetration Tester around, at least periodically
◈ Penetration Testers need to know a lot about a lot of things, and consequently they are hard to come by
◈ Due to high demand and scarce supply, truly qualified individuals will command premium compensation in the marketplace
◈ Current market dynamics incentivize individuals to present themselves as more qualified than they actually are
◈ Industry standard certifications distinguish professionals who have earned them, as being committed to their role and the industry
◈ It may be more practical to grow Penetration Testing skills internally rather than seek to recruit them
◈ Encouraging and incentivizing existing employees to obtain industry standard Penetration Testing certifications such as Certified Ethical Hacker can be part of a strategy to grow much needed cybersecurity expertise in-house

Continue reading