Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical
Hacking
1
UNIVERSITY OF MUMBAI
DEPARTMENT OF LIFELONG LEARNING AND EXTENSION
CERTIFICATE
Name of the Student:
PARAS MODI
Project: Career
3
Acknowledgements
I would like to thank Dr. Priya J. Shah the I/c Principal of Jitendra Chauhan College of
Law for permitting me to take up Career Planning as a project. I would also like to thank
Dr. Dilip Patil, the Director of DLLE for sensing the need of our generation to extend our
support to the community.
Dr. Shrima Banerjee was a caring field co-ordinator who provided valuable advices as
to how to go about the extension work. I am grateful to Dr. Sharmila Ghuge Assistant
Professor of Jitendra Chauhan College of Law for guiding us throughout our extension
work activity and motivating us to work more all the time.
Last but not the least, I would like to thank Mr. Anand Shaw the Student Manager for
helping us and providing us the necessary support whenever required.
4
A CAREER IN ETHICAL HACKING
OVERVIEW
Hacking has been a part of computing for almost five decades and it is a very broad
discipline, which covers a wide range of topics. The first known event of hacking had
taken place in 1960 at MIT and at the same time, the term "Hacker" was originated.
Hacking is the act of finding the possible entry points that exist in a computer system or
a computer network and finally entering into them. Hacking is usually done to gain
unauthorized access to a computer system or a computer network, either to harm the
systems or to steal sensitive information available on the computer.
A computer expert who does the act of hacking is called a "Hacker". Hackers are those
who seek knowledge, to understand how systems operate, how they are designed, and
then attempt to play with these systems.
There are various benefits of ethical hacking. It prevents the data from being stolen by
attackers. Today, data is the key driver behind any organization. The attackers can
intrude into the system and steal the sensitive information to put it to the wrong use.
Ethical hackers prevent this mishap, they run tests and ethically breach into the system
to strengthen the security system.
Ethical hacker jobs are also in demand due to the increased concern of businesses to
prevent their data. The data could be of any kind of any industry, such as banking,
education, government, military, etc. the ethical hackers break into the system and
identify the weak areas, they gain insight into what could eventually be a weakness in
the system. Ince identified they make sure that the systems are protected from the
potential threat.
5
To ensure success as a certified ethical hacker, you should have advanced knowledge of
computer and internet security systems, high-level hacking skills, and the ability to
create clear and concise reports. A top-notch certified ethical hacker quickly identifies
security flaws and provides useful advice on how to improve the system.
There are various phases of ethical security. Those phases of cyber security are-
1. Identification
2. Protection
3. Detection
4. Reaction
There are various benefits of hacking, such as-
1. Timely identification of vulnerabilities
2. Enough time to devise a strategy for protective measures
3. Protects the data from unauthorized access
4. Build trust from the users in the market
5. Helps in the growth of the organization
The ethical hacking related career maybe not be like the old traditional careers but they
are new age careers that are here to stay. The data is becoming more centric for
organizations. The establishments are willing to spend on data security.
6
TYPES OF HACKING
We can segregate hacking into different categories, based on what is being hacked. Here
is a set of examples –
7
TYPES OF ETHICAL HACKER
Here, in this section, we will discuss various types of ethical hackers and also other
careers.
Data Scientist: Data scientists are generally called big data wranglers, collecting and
analysing vast collections of data from multiple sources. The job of a data scientist
includes computer science, mathematics, and statistics.
9
CERTIFIED ETHICAL HACKER RESPONSIBILITIES
Researching the company's system, network structure, and possible penetration sites.
Conducting penetration tests once new security features have been implemented.
10
CERTIFIED ETHICAL HACKER REQUIREMENTS
CEH Certification.
11
JOB PROFILE OF AN ETHICAL HACKER
A career in ethical hacking will require a person to check for any vulnerabilities within
different organizations’ computer systems, formulate ways to ensure the protection of
information of an organization, communicate with clients, and deliver written reports
after task completion. They must possess a thorough knowledge of computer tools,
programming, and networking. Transparency is the key element for a career in ethical
hacking. Ethical hackers must be transparent with clients while going through their
computer systems. As an ethical hacker, you will need to simulate breaches to the
network security of an organization, conduct advanced evaluations to identify
vulnerabilities in computer systems, and take necessary steps to combat the potential
risk areas. Also, ethical hackers must always stay updated with the latest industry
trends.
Ethical hackers’ job is usually confined indoors within an office setting, probably in
computer labs or server rooms. Their work routine varies depends on their daily work.
There are days when the work shift can extend over 12 hours because of some critical
emergency in the organisation. One can work as an independent consultant or as an
employee of a company.
The job integrates high working pressure and its responsibilities range from finding a
bug in the IT environment to providing a solution to making the IT environment
stronger against external threats. Government organizations, IT security firms, financial
institutes, and telecommunication companies are some of the most prominent recruiters
of ethical hackers.
12
HOW TO BECOME AN ETHICAL HACKER?
Step 1: After the 10th, opt for the science stream with physics, chemistry, mathematics,
and computer science as your main subjects.
Step 2: After the 12th, opt for B. Tech, BE, or B.Sc. in Computer Science/IT engineering.
You can also enrol for professional courses on cybersecurity and ethical hacking offered
by reputed institutes.
Step 5: Try to obtain professional certifications in the field such as CISSP, TICSA,
Security+, Cloud computing, risk management, and application development. The CEH
(Certified Ethical Hacker) course is highly recommended to help people get
polished skills, and it is a mandatory requirement for many organizations.
13
SKILLS REQUIRED TO BECOME AN ETHICAL HACKER
If you want to know how to become a certified ethical hacker then you should keep
reading this article, a career as an ethical hacker. Below, we have mentioned the skills
that are required for an ethical hacking career path.
Tech Savvy: The understanding of information security and also technologies is also a
necessary skill. A candidate who seems to have a firm grip on security could regulate the
security administrator’s built hurdles. Skills such as Public Key Infrastructure, Secure
Sockets Layer, Intrusion Detection Systems, Firewalls, and more are also essential for a
hacker to learn. Safety involves protecting, and also safety or preventive actions are
taken. Security Concepts significantly decrease the risk of falling victim to cyber-attacks
and disruption by businesses. Security Concepts help guard your computers against
harmful spyware. It also guarantees the safety and security of data sharing.
Programming skills: Almost all of the ethical job duties of hackers will indeed require
programming skills associated with the framework. Ethical hacking is a demanding task
and offers interesting jobs in the modern age, where almost every multinational
corporation uses a variety of programming languages to own the virtual space on the
world wide web. Individuals in the ethical hacker career path must be trained in one
language and have some additional professional skills. Individuals in ethical hacking
career path must know coding programming languages such as C/ C++, HTML, SQL, R,
Python, Java, JSP, ASP, and other computer languages.
14
Technical skills: Technical skills are very important and needed to perform multiple
activities that require expertise. They are also most popular in information technology,
mechanics, engineering, science, financial services, and maths. Often it takes technical
skills to perform machinery, tools, software, and software development. An ethical
hacker must have sound technical knowledge. Some of the technical skills that an ethical
hacker should possess are given below.
15
CAREER OPTIONS IN ETHICAL HACKING
1. Government/Private Firms
There’s an increase in cyber threats and because of this government and private
organizations are constantly in search of Ethical Hackers who can be helpful in
protecting organizations from threats or attacks in cyberspace. There is also the
opportunity to work as a freelancer and work for multiple organizations.
Governments require ethical hackers to keep cyber threats and cyber terrorism at bay.
For every nation, it is important to keep the data of high importance and the data of its
citizens secure.
The white hat hackers or ethical hackers as we may call them, provide the government
with the security of the data. These cybersecurity experts find loopholes in the existing
system and take measures to strengthen the system.
16
These professionals make sure to update the security systems and prevent any threats
by monitoring the network. They strengthen the organization’s computer network
system. Apart from other functions, updating the network systems is also another set of
responsibilities of network security administrators.
On average, the salary of network security administrators is 6.7 lakhs per annum. The
average salary ranges from 3.5 lakhs per annum to 10.6 lakhs per annum.
4. Security Consultant:
Security consultants evaluate the existing IT systems and infrastructures for any
weaknesses, and then they develop and implement IT security solutions to prevent any
unauthorized access, data modification, or data loss.
The security consultants analyse and strengthen the security systems. They study the
potential breaches and oversee the company’s preventive mechanism.
On average the salary of the security consultant is 10.9 lakhs per annum. The salary
ranges from 5.4 lakhs per annum to 20.0 lakhs per annum.
5. Penetration Tester:
A penetration tester’s job is to break into the system or find possible exploits in different
computer systems and software. The penetration tester’s primary responsibilities are: to
plan and design penetrative tests, carry out tests and other simulations, create reports
and recommendations, advise management on security improvements, working with
other employees to improve organizational cybersecurity.
This makes for a good ethical hacking career. They perform testing on computer
systems, applications and even networks. They have tools to examine, assess and
identify the weaknesses in the system. Based on their findings they advise and help in
strengthening the systems. With their efforts, penetration testers are able to protect
digital assets.
On average, the salary of a penetration tester is 7.2 lakhs per annum. The average salary
ranges from 2.0 lakhs per annum to 26.0 lakhs per annum.
17
PROS AND CONS OF A CAREER IN ETHICAL HACKING
Pros
Cons
Even though the demand is high, the process of selection and hiring is quite
inconsistent.
The certification and the courses’ completion need to be from a recognized
university/institute or else it would become bothersome for a career in ethical hacking.
There’s a shortage of research facilities in India.
It is highly possible that the work may mostly be part-time.
It is a highly analytical and focused field, where there’s less interaction.
Many people out there are using ethical hacking for the wrong purposes, which is
leading a lot of companies to not be able to build trust in ethical hacking/hackers.
18
TOP ETHICAL HACKING INSTITUTES IN INDIA
One can start their UG in computer science and go forward with various certifications
and further studies. Some institutes that provide computer science for UG level are:
Specific courses/ certificates on ethical hacking are provided by the following institute:
19
ONLINE COURSE ON CYBERSECURITY & ETHICAL HACKING
Job Opportunities:
Cyber Security Expert, Cyber Security Engineer, Software Developer, Cybersecurity
Analyst, Application Security Engineer, Network Security Engineer.
Minimum Eligibility:
Bachelor’s Degree with 50% or equivalent passing marks. It requires no coding
experience.
20
CERTIFICATIONS AND INTERNSHIPS
We have mentioned below various ethical hacker certifications that aspiring individuals
can opt to upgrade their skills for an ethical hacker's role.
Internship Availability
Yes, one can find many internship opportunities through online recruitment websites
such as indeed.com, lets intern, and other online platforms. The individuals get hands-on
experience through internships. Most internships are offered by institutes that charge
for the training. Students practically learn the skills required for cybersecurity such as
secure coding, malware analysis, cryptography, password cracking and guessing, DNS
spoofing and other skills.
21
ROLE OF ETHICAL HACKER
Finding vulnerabilities
An ethical hacker’s job is to scan the systems using various scanning tools such as Nmap
or Nessus to find open ports. They study the vulnerabilities of each port and come up
with remedial solutions. Vulnerability is a weakness that may lead to the security,
credibility or accessibility of an information technology being damaged. Identification of
vulnerability aims at identifying vulnerabilities and analyzing them in a specified
environment inventory.
Examining
22
Applying social engineering concepts
An ethical hacker uses social engineering concepts such as dumpster diving that
includes scouring through trash bins to crack passwords, sticky notes, charts or any
other thing that contains important information required to generate an attack.
Evading
Malware analysis
Network security
23
CAREER PATH PROGRESSION FOR ETHICAL HACKER
Mobile application security executive: With an increase in mobile internet usage, several
tests are performed for mobile apps. The job of a mobile application security executive is to
work with his or her team and conduct several tests for the applications in order to avoid any
sort of data breach from the user’s cell phone.
Security Consultant: A security consultant checks software, and computer systems as well as
the network used for any kind of vulnerabilities which can cause a data breach. They also plan
and design security solutions for the company or organization they work for in order to avoid
any sort of compromise of the company’s data.
Chief Information Security Officer: A chief information security officer also known as CISO is
at the senior level executive post of the company or the organization. They have a team under
them that aims at protecting the several data assets of the company from any kind of cyber
theft by creating a security strategy.
24
INTERVIEW QUESTION FOR AN ETHICAL HACKER
CONCLUSION
25
Ethical hacking can help in lot of ways like it strengthens computer and network security by
performing penetration testing, it enables one to take preventive measures to avoid any
security breach situations. Lastly, I would conclude by saying that the list of benefits provided
by ethical hackers is quite a big therefore Ethical hack Hackers are very much in demand.
UNIVERSITY OF MUMBAI
26
DEPARTMENT OF LIFELONG LEARNING AND EXTENSION
CERTIFICATE
SIGNATURE OF TEACHER
27
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: