Open in App
Dr Mehmet Yildiz

6 Essential Skills for Ethical Hackers

2020-12-28

There are two primary kinds of hackers: the ethical and criminal ones. Ethical hackers play an important role in our society. They are antidotes to criminal hackers. They must possess a wide variety of skills.

https://img.particlenews.com/image.php?url=47ijG5_0Y8gvej500

Photo by h heyerlein on Unsplash

Criminal hackers cost millions of dollars to the economy.

Society needs ethical hackers to address this economic problem.

Ethical hackers support people and businesses. They help improve conditions, resolve difficult situations, and prevent threats and vulnerabilities. They are known as white hat hackers in the industry.

Ethical hackers proactively monitor the systems, identify gaps, inform the stakeholders, create a plan of action, and help execute the plan. Ethical hackers must be more knowledgeable and skilful than criminal hackers.

Ethical hackers are equipped with various powerful security management tools. The most prominent tool-set is the sniffer, also known as the packet analyzer. A packet analyzer is a software or hardware (appliance) program that can intercept in the network and capture network traffic (as communication packets).

In addition to understanding the systems and solutions, ethical hackers also understand regulatory, safety, security and industry compliance requirements. Digital products and services consumption by the public requires rigorous compliance review, auditing, and corrective actions.

From my experience, here are the six critical skills in broad categories for ethical hackers need to perform well and be productive.

1. Security Expertise

From specialty point of view, ethical hackers must have broad and deep demonstrated security and cybersecurity experience. Their security knowledge must be end-to-end and up-to-date.

They need to follow the security news, development, and trends carefully. Global security awareness is a critical requirement for them. At the highest level, they need to know the theories and mechanisms for an end-to-end security requirements perspective in digital transformation programs.

Security architecture is a critical knowledge area for ethical hackers. They must have deep technical knowledge of security systems, security frameworks, security patterns, and integration of security components.

Since encrypted messages in internetworks are critical in transforming business environments, ethical hackers must have a deep understanding of cryptography.

Social engineering is one of the most significant risks in business organizations. Social engineering is a widespread and the easiest way to exploit vulnerable users. Users’ lack of knowledge, social fear, confusion, assumptions can create tremendous risks. Ethical hackers know how criminal hackers use social engineering to hack complex systems. They inform all stakeholders and educate the users not to fall into the social engineering traps.

In addition, ethical hackers understand how the dark side of the Internet works. In digital transformation programs, the darknet or dark web poses high risks and creates a huge fear for digital assets.

To this end, ethical hackers inform the stakeholders and the users to take necessary measures and precautions to protect their assets proactively.

2. Analytical Skills

One of the fundamental roles of ethical hackers is to analyze systems, networks, solutions, applications, data, and databases.

Ethical hackers can deep dive to analytical matters. They have a sharp eye for detail. They are observant and be able to see intricate and obscure patterns. T

An ethical hacker can perform the role of a security auditor in incident management teams.

3. Technical And Programming Skills

Programming (coding) and scripting skills are essential for ethical hackers. Some common languages are Python, C++, and Java. The language requirements may vary based on the program platforms.

Ethical hackers must possess core hacking techniques such as sniffing, scanning (e.g. W3af, Nessus, Burp), reverse engineering, disk/memory forensics, vulnerability analysis, frameworks such as Metasploit, and DoS attack. There are many more specialist hacking techniques, and those details are beyond the scope of this article.

Operating system knowledge is also essential. Some commonly used operating systems are Linux, Windows, Unix, ZoS, Android, macOS, iOS and other proprietary operating systems.

Networking and internet-working skills are critical. Ethical hackers need to understand network protocols, wireless protocols, architectures, frameworks, patterns, devices, functions, tools, connectivity, mobility, communications, and integration both in local and wide area networks.

As ethical hackers have to deal with data from many angles, understanding the data platforms, practices, storage, data lakes, data lifecycle management, databases, information, and knowledge systems. They also deal a lot with the Big Data for special forensic investments.

Digital mobility knowledge is critical for ethical hackers. They understand the digital technologies, mobile networks, workflows in these mobile networks, protocols, and device relationships.

Ethical hackers have a broad understanding of the mechanisms and implications of emerging technology stacks such as IoT (Internet of Things), Cognitive Computing, Cloud Computing, Edge Computing, and Fog Computing, Mobile Computing, Artificial Intelligence, and Big Data Analytics.

4. Interpersonal And Communication Skills

One of the key distinguishing factors of ethical hackers is caring, trustworthy, and reliable nature.

Contrary to criminal hackers, ethical hackers, have empathy and compassion for users. They are non-judgemental and can approach people with corrective actions.

Ethical hackers are team players and mentors for other security professionals.

5. Architecture, Design, and Industry Skills

Even though ethical hackers are considered technical specialists, they also need to understand architecture, design, and governance schemes. These skills enable ethical hackers to understand requirements and architectural decisions, understand the architectural and design constraints, and interpret viability assessment work-products.

Some key points are to understand the business process, consumption model, application landscape, data platforms and practices.

Ethical hackers must know their specific industry details because the rules and regulations may vary in different industries.

In architecture phases (e.g. macro design), ethical hackers perform pragmatically. They can conduct quick experiments, proof of concept, and proof of technology in urgent solution delivery cases.

Ethical hackers participate in design authority and architecture review boards as security subject matter experts.

6. Business, Stakeholder, Project Management, and Organizational Skills

Ethical hackers need to have excellent stakeholder management skills. Some critical capabilities in this area are communicating at all levels and speaking the business language. They can articulate risks, issues, and dependencies both to technical and business stakeholders. While they can see the big picture, they are also capable of delving into details.

In large business organizations, ethical hackers closely work with project managers. Therefore, they understand the project methods and tools. They have a particular focus on agile methods as security and cybersecurity issues are usually considered emergency issues requiring expedited delivery with priority number one approach.

Ethical hackers do not spend too long with root cause analysis during critical situations. They have to deal with incident management processes. During the incident management process, they must identify risks, issues, and dependencies very quickly.

They still need to provide input to the problem management team, but it happens after the priority incidents are resolved. Therefore a reasonable knowledge service management framework such as ITIL is desirable for ethical hackers.

They don’t have to know everything about service management as it is a broad domain. However, ethical hackers need to know how to elicit information and gain tacit knowledge by interacting with architects, specialists, project managers, and power users during the incidents. Event and configuration management are other areas they get involved in the service management domain.

Since the legal departments in digital transformation programs use ethical hackers, they also need to understand the legal issues, hacking implications, and other legal security concerns, and be able to speak effectively with legal professionals.

I hope these skills can provide useful insights to the aspiring security professionals who want to work as ethical hackers.

Thank you for reading my perspectives.

Expand All
Read in NewsBreak
Comments / 0
Add a Comment
YOU MAY ALSO LIKE
Most Popular newsMost Popular
Opinion: "Death To America" Chants on US Soil?
New York City, NY1 hour ago
The 4th U.S. Circuit Court of Appeals in Richmond, Virginia ruled in favor of Donald Trump, Jr.
Richmond, VA19 days ago
Social Security Administration Simplifies SSI with Major Rule Change on Food Assistance
Morristown, NJ8 days ago
The Irvine Police are trying to identify two men who stole Apple products from a Best Buy store
Irvine, CA7 days ago
Social Security Eliminates Overpayment Burden for Beneficiaries
Morristown, NJ8 days ago
Why ‘White Rural Rage’ Is a Threat to American Democracy
Baltimore, MD8 days ago
North Jersey ER Doctor's License Permanently Revoked After Patient's Death
Summit, NJ1 hour ago
CEO Sentenced to 6 Years for $10.4M Fraud
Newark, NJ26 days ago
Counselor Suspended for Distressing Patient at Casino
Puyallup, WA26 days ago
Remembering the clothing optional beach in Colorado
Boulder, CO6 days ago
$60m aid for bridge collapse; Putin says no war with NATO
Baltimore, MD20 days ago

Comments / 0

Community Policy