Career Spotlight: What I Do as an "Ethical Hacker"

You occasionally hear about major security vulnerabilities being discovered before theyre exploited, like the notoriousHeartbleedbug last year.

Security researchers work hard to weed out those dangerous flaws before theyre found by hackers of more malicious intent.

This breed of preemptive hacking is sometimes referred to aswhite hat, or simply ethical hacking.

To learn about what such work is like we spoke with Ben Miller, an ethical hacker atParameter Security.

Ive never come across a business that couldnt be compromised.

What drove you to choose your career path?

I knew from a young age that I was interested in computers.

Luckily, my insightful father bought a family computer when I was in grade school.

It was an IBM-Comptible 286 processor system.

How did you go about getting your job?

What kind of education and experience did you need?

Ethical hacking isnt a regular kind of job.

You dont have to have a college diploma or a certification to do it.

All you need is a good knowledge of computers, software and programming languages, creativity, and drive.

Did you need any licenses or certifications?

Do research on a certification or class before you spend your money!

However, if you do forensic investigations for clients, most states require a private investigator license.

Problem solving, persistence, and good communication skills are all key traits to have for this job.

What kinds of things do you do beyond what most people see?

What do you actually spend the majority of your time doing?

I also see attacks or hear about attacks on Twitter long before they hit the news.

It needs to be just as good.

What misconceptions do people often have about your job?

The ones who do it to steal money or hurt people are just criminals.

We shouldnt have to call ourselves ethical hackerswe should instead emphasize that the bad guys are criminal hackers.

People also see the attacks we simulate and feel that we are performing magic.

are often unaware of the scary things they end up doing.

Another misconception is that all penetration tests are the same.

What are your average work hours?

It really depends on what youre doing.

Ive never had a time when Ive been sitting at a desk going, When can I go home?

What personal tips and shortcuts have made your job easier?

Always be listening and reading.

Banging your head against a wall you should have gone around way earlier is a HUGE time waster.

What do you do differently from your coworkers or peers in the same profession?

What do they do instead?

The problem with that jot down of thinking is that it doesnt really show the client the full picture.

Okay, I know this program and this program are vulnerable, but what does that actually mean?

What could an attacker do with this vulnerability?

How far could they go?

At our company, were extremely goal oriented.

and how could they go about doing it?

Whats the worst part of the job and how do you deal with it?

Whats the most enjoyable part of the job?

This may be the hardest question to answer.

One of my favorite compliments from my former place of work was, You think like a criminal!

(They didnt mean it as a compliment.)

I work with amazing people, doing fun, hard work.

We learn together and laugh a lot!

When my wife and I had our third son, they bought baby supplies and superhero onesies.

The pay is also far better than I thought it would be, back when I watchedSneakers.

Do you have any advice for people who need to enlist your services?

Yesdont expect me to be a superhero.

There is no such thing as 100% secure.

Thats not at all how it works.

You cant protect what you dont know exists.

What kind of money can one expect to make at your job?

), you might make as much money as you want to make in this field.

How do you move up in your field?

This is fairly subjective.

), social engineering (i.e., hacking people), etc.

Others learn management skills and end up running teams of hackers.

Certifications are good, but nothing beats performing these tests, or managing teams, in the field.

What do your customers or clients under/over value?

Clients usually undervalue their own part in the process of security.

They tend to believe that hiring a super hacker is all they need to keep the boogeymen away.

They also tend to undervalue the worth of their assets.

Ive actually heard banks say, were too small to be hacked.

The same is true with hospitals, global companies, etc.

They all have a reason to say it wont happen to us!

until it actually does.

Companies also make the mistake of comparing themselves with their peers.

This question often comes up in board rooms: How do we compare to other businesses like ours?

However, what is often overvalued by clients is compliance standards.

What advice would you give to those aspiring to join your profession?

However, there is hope!

This interview has been edited for clarity.

If youd like to share your career, email us at[email protected].

Photo byCronislaw(Shutterstock).

What drove you to choose your career path?#

How did you go about getting your job?#

Did you need any licenses or certifications?#

What kinds of things do you do beyond what most people see?#

What misconceptions do people often have about your job?#

What are your average work hours?#

What personal tips and shortcuts have made your job easier?#

What do you do differently from your coworkers or peers in the same profession?#

Whats the worst part of the job and how do you deal with it?#

Whats the most enjoyable part of the job?#

Do you have any advice for people who need to enlist your services?#

What kind of money can one expect to make at your job?#

How do you move up in your field?#

What do your customers or clients under/over value?#

What advice would you give to those aspiring to join your profession?#