10 essential skills and traits of ethical hackers

Learn just what it takes to snag this demanding and rewarding job.

CSO > breakthrough / penetration testing / hammer breaking binary glass
Photodisc / Metamorworks / Getty Images

What if you could spend your days trying to gain access to other people's networks and computer systems—and not get in trouble for it? Of course, that's every spy and cybercriminal's dream, but only ethical hackers, also known as white hat hackers or penetration testers, can feel sure that they'll get away with their break-ins. These security pros are hired to probe systems for vulnerabilities, so that their targets can figure out where their security needs beefing up.

At one time there was some doubt in the industry as to whether hacking could ever be ethical, but today this is an accepted practice. Industry certifications are available for those looking to prove their talents, and companies put together so-called "red teams" of pen testers in order to constantly maintain their security posture. It's a job that requires a very particular set of skills, both hard and soft. We spoke to a number of ethical hackers and those who work with them to find out just what it takes to snag this demanding and rewarding job.

Hard skills

While some penetration testers specialize in particular areas of technology, most are broad generalists: after all, there's no telling what aspect of a target system or network will provide a means to force a breach. So, anyone with plans to enter this field needs a broad range of knowledge about technology, though don't fret if you don't have a master's degree or deep book knowledge: hands-on knowledge gained from tinkering and experimentation will be your most valuable resource. That said, our experts provided a good list of technologies you should be comfortable with when starting your journey as an ethical hacker. 

System and database administration. A penetration tester needs to know everything about the systems they're trying to breach, and many ethical hackers emerge from the sysadmin world. Jim O'Gorman, president of Offensive Security, says pen testers should be familiar with general Unix, Linux, and Windows administration, as well as SQL and database interaction.

To continue reading this article register now

Microsoft's very bad year for security: A timeline