By: Cybrary Staff
November 11, 2021
Jobs After Ethical Hacking Course
By: Cybrary Staff
November 11, 2021
What job opportunities can Certified Ethical Hackers expect? Certified Ethical Hackers can expect to open up a raft of lucrative new job opportunities from penetration testing to security consultancy.
Summary: The Certified Ethical Hacker accreditation is one of the most widely recognized in the industry, and successful candidates can expect to open up a raft of new job opportunities. This blog explores the various roles that certificate holders can move into, such as penetration testing and security consultancy.
In an era of increasingly sophisticated cyberattacks, ethical hackers are rapidly becoming one of the most in-demand information security specialists. Their primary purpose is to help identify hidden weaknesses in computing infrastructures before malicious actors do.
Unlike black-hat hackers, who use their network security and computer science skills illegally and for malicious purposes, ethical hackers use those same skills for good. To that end, they play a key role in protecting organizations, government agencies, and others from a range of cyber threats, including advanced persistent threats (APT) and business email compromise (BEC) attacks.
Naturally, white-hat hackers command a great deal of trust, which is why they exclusively work under contract and almost always carry an industry-standard certification. Among the most broadly recognized accreditation in the area is the Certified Ethical Hacker (CEH) qualification, maintained by the EC-Council.
Becoming a CEH typically requires at least two years of experience working in the information security field and passing a 125-question exam for which candidates are allocated four hours. This certification is valid for three years and can be renewed by earning 120 EC-Council Continuing Education (ECE) credits during that period.
Job roles and responsibilities of certified ethical hackers
Many organizations hire ethical hackers, either in the capacity of a full or part-time employee or as a one-off freelance project. Private, public, and government organizations across all sectors routinely work with ethical hackers to proactively step up their information security strategies. Some of the most popular industries for ethical hackers to work in include state and federal bodies, software-as-a-service companies, data centers, and e-commerce marketplaces.
According to PayScale, certified ethical hackers earn an average base salary of $83,000 in the US. However, this can vary considerably due to the fact that ethical hackers can fill a wide variety of job roles in different industries. That said, typical day-to-day responsibilities include:
- Evaluating internal networks, servers, and systems with penetration tests
- Scanning computing infrastructure and assets for potential weak spots
- Documenting any discovered vulnerabilities and providing remediation advice
- Helping organizations build out their risk profiles and risk management plans
- Assisting software development teams with training and security awareness
Working routines and hours can vary widely. For example, some shifts may even extend past 12 hours due to a critical vulnerability discovered in an organization. As such, ethical hackers often work in high-pressure environments, albeit with a very respectable salary.
Here are some of the most popular career options for certified ethical hackers:
Network security engineers
Network security engineers are typically full-time employees tasked with the implementation and maintenance of network and server architecture. However, routine responsibilities extend beyond penetration testing and ethical hacking to general maintenance of security protocols and policies. As such, network security engineers often hold multiple certifications, including CEH accreditation.
Network security administrators
Network security administrators are high-ranking employees tasked with overseeing the work of network security engineers and other information security experts. They may not be directly involved in roles like hacking and penetration testing themselves, but they often work closely with their practitioners to carry out audits, write up network security policies, and take steps to remediate vulnerabilities.
Security consultancy is one of the highest-paid roles in ethical hacking, though consultants often hold multiple certifications. That said, consultancy work is an important part of the routine for most ethical hackers since a major part of their job involves providing remediation advice. A security consultant may be a full-time employee of a managed security services provider or a full-time in-house employee for a large enterprise. Others work in a freelance capacity.
Penetration testing is often confused with ethical hacking. However, despite their similarities, penetration testing is more a subset of ethical hacking. The process is naturally very technical since it involves a deliberate attempt to break into a network to find possible exploits and map out potential attack vectors that malicious actors might deploy. Another central part of the job is creating reports and providing recommendations in an advisory capacity.
Freelance ethical hackers
Many certified ethical hackers work as freelancers because most companies only have an occasional need for their services and do not require full-time placements. Many start out working for managed security services providers to gain experience before going at it alone. Freelance ethical hackers and penetration testers may find work via freelancing platforms or by setting up their own business.
How to become a certified ethical hacker
Ethical hacking requires a broad range of technical skills, including a deep understanding of business operating systems, network protocols, and common programming languages. Also, ethical hackers should be very familiar with popular hacking tools, such as Metasploit, Cain & Abel, Angry IP Scanner, and Burp Suite.
The CEH certification is the industry-standard accreditation for ethical hackers, although those interested primarily in penetration testing may prefer to pursue the PenTest+ certification from CompTIA. Both have been approved as baseline certifications by the Department of Defense and recommend at least two years of professional experience in the information security space.
While becoming a certified ethical hacker or penetration tester requires a significant degree of educational and professional working experience, there has never been a better time to get into the field.
Cybrary for Teams is an all-in-one workforce development platform that helps organizations develop stronger cybersecurity skills, prepare for new certifications, and track team progress. Get started with our penetration testing and ethical hacking course to learn more.