Professional Hackers
About
Exploring this Job
In high school and college, learn as much as you can about computer networks, databases, programming, and computer security by taking classes, participating in competitions, and just playing around with computers and the Internet.
Check out the following resources to learn more about computer security and hacking:
- Cybersecurity Glossary: https://niccs.us-cert.gov/about-niccs/cybersecurity-glossary#
- National Initiative for Cybersecurity Careers and Studies: https://niccs.us-cert.gov/workforce-development/cybersecurity-careers
- IEEE Security & Privacy: https://www.computer.org
- ISSA Journal: https://www.members.issa.org/page/ISSAJournal
- SANS Cyber Security Blog: https://www.sans.org/blog/
- Information Security: https://searchsecurity.techtarget.com/
- 2600: https://www.2600.com
If you have some computer skills, download the Android app Droidsheep and try to hack your online accounts, but be sure to NEVER use this tool to hijack other people’s accounts (this could result in legal troubles if you do). Another option is Hack This Site (https://www.hackthissite.org), which bills itself as a “free, safe, and legal training ground for hackers to test and expand their hacking skills.”
The Job
When the word “hacker” is mentioned, most people conjure images of criminals breaking into people’s and organization’s information systems to steal credit card information, access trade secrets, shut down or deface Web sites, and steal top secret government intelligence. These hackers are also known as black hat hackers. But there’s another type of hacker known as a professional hacker (or white hat hacker) who uses his or her skills to benefit society. With the permission of companies, government agencies, and individuals, they hack into software applications, web services, network infrastructure, and mobile devices to test their vulnerability to black hat hackers. Duties for professional hackers vary by the type of employer and job title, but most have the following responsibilities:
- conduct risk analyses of hardware and software systems
- use software applications such as Metasploit to conduct simulated attacks (called pentests) to test an organization’s defensive measures
- send fake “phishing” e-mails in an attempt to induce the organization’s employees to enter their user names and passwords, which the hacker then uses to break into the system
- prepare vulnerability assessment reports or record their hacking actions to show how they were able to access an organization’s computer systems
- recommend corrective actions to address security threats
- work closely with software architects, software developers, hardware engineers, and other computer professionals to develop custom software or systems to help organizations remedy these issues
- identify and develop new tactics, tools, and procedures for targeting and addressing new threat scenarios
- stay up to date on industry developments regarding new attack strategies and defense mechanisms
- develop tools that improve security testing and monitoring