Top 3 Ethical Hacking Certifications

Top 3 Ethical Hacking Certifications
Author

Scott Barman

Last updated June 21, 2018


  • 65701 Views


These days, it seems that hardly a week goes by without at least one report of a data breach. A store may have had their credit card data stolen. A health insurance company may have lost the records of those they cover. The government loses records of those with clearances and find what were supposed to be private emails being published on activist websites. It seems as though everyone needs services of an ethical hacker to test their systems.

Companies and governments are turning to ethical hackers to help strengthen security by finding vulnerabilities before malicious hackers can exploit them. Ethical hacking is a growing industry; more and more people are using their technical skills for both fun and profit. 

What’s an Ethical Hacker?

Although ethical hackers use the same methods to test and bypass security defenses as their less-principled counterparts, they are sanctioned to find vulnerabilities. They do this so that companies can document what was found and fix those vulnerabilities as soon as possible to improve security. Ethical hackers also provide individual services to help people recover data, email, and documents that may be inaccessible because of any number of problems.

Why Become an Ethical Hacker?

Over the last few years, the financial services sector has been hiring cybersecurity professionals almost as fast as government contractors. Since the creation of the Consumer Financial Protection Bureau, regulations have forced financial institutions to reconsider how they manage cybersecurity—which in turn has opened new job opportunities for ethical hackers. 

The demand for ethical hackers exceeds the supply, which means that salaries and benefits are generous. A recent review of available jobs consists of listings for some of the world’s largest companies in the financial sector including JPMorgan Chase, Barclays, Bank of America, and Allstate.

In order to be considered for a job as an ethical hacker, most employers require an ethical hacking certification. Certification tests ensure that the hacker not only understands the technology, but also the ethical responsibilities of the job. Since many employers do not have the expertise to technically evaluate applicants for these jobs, a certification gives them assurance that the candidate is qualified.

But what options are available for ethical hacking certification? Below are three of the most common and sought-after certifications today. 

1. Certified Ethical Hacker

The Certified Ethical Hacker (CEH) is the broadest of all available certification options. The CEH exam is designed to test the cybersecurity professional’s baseline knowledge of security threats, risks, and countermeasures through lectures and hands-on labs. An experienced professional may sit for the exam without any training by submitting proof of at least two years of cybersecurity experience.

Managed by the EC-Council, a significant benefit of the CEH certification is flexibility. The EC-Council has options for instructor-led training, video lectures, and self-study. These options are available online and organizations have the option of contracting EC-Council trainers to conduct on-site training. 

Even though many of the job listings for ethical hackers specifically require a CEH certification, it may not always be the best option. A major criticism of CEH is that because of the emphasis on lecture-based training, most of their hacking courses do not provide an adequate amount of hands-on experience. 

2. Global Information Assurance Certification Penetration Tester

The Global Information Assurance Certification (GIAC) program is run by the SANS Institute, one of the oldest organizations that provides cybersecurity education. GIAC offers dozens of vendor-neutral certifications with courses that require hands-on learning. GIAC courses are held online. The company also sponsors research white papers that are provided to the cybersecurity industry without charge.

There are a variety of options to earn the GIAC Penetration Tester (GPEN) certification, but it is highly recommended that learners take the SEC560 course on Network Penetration Testing and Ethical Hacking from the SANS Institute; it is one of the most comprehensive courses on the topic and demonstrates that the certificate holder has received a good balance of theory and hands-on training.

3. Offensive Security Certified Professional

The Offensive Security Certified Professional (OSCP) is the least known but most technical of the certification options. Offered by the for-profit Offensive Security, it is advertised as the only completely hands-on certification program. Offensive Security designed the program for technical professionals “to prove they have a clear, practical understanding of the penetration testing process and lifecycle.” 

Before considering the OCSP certification, understand that the coursework requires a solid technical understanding of networking protocols, software development, and systems internals, specifically Kali Linux, an open-source project maintained by Offensive Security. Most students enrolled in this training program will take the course online; classroom training is only offered in Las Vegas. 

The OCSP exam is conducted on a virtual network with varying configurations. The test-taker is tasked with researching the network, identifying vulnerabilities, and hacking into the system to gain administrative access within 24 hours. At the end of the 24 hours, the Offensive Security certification committee must receive a comprehensive penetration test report for review. They will review the findings in the report and determine whether to grant the certification. 

Ethical Hacking Jobs

Most companies purchase the services of cybersecurity firms that specialize in security compliance and testing. These companies hire professionals that will investigate the root cause of the breach, perform penetration testing, deliver a report of their findings and provide recommended mitigations. Cybersecurity firms accumulate talent and market themselves to the industry.

Many of these cybersecurity service firms are small companies started by entrepreneurs. The advantage of working for a small company is that they can be more ambitious in the type of work they accept. Those interested in working for these companies can look at job sites like Indeed, GlassDoor, and LinkedIn.

Another avenue for finding jobs as an ethical hacker is to work with firms that contract to the federal government. Ever since the data breach from the Office of Personnel Management, executive branch agencies have been mandated to conduct independent security assessments of their systems. Contractors, primarily in the Washington, D.C. metropolitan area, are having a difficult time finding and hiring qualified ethical hackers. 

When looking through job sites, the listings for the Washington, DC area reads like a roll call of the most high-profile government contractors. If your preference is to work for one of these large contractors, ethical hacker or penetration testing jobs are almost always available at Lockheed Martin, Northrop Grumman, CACI, Booz Allen Hamilton, Deloitte, BAE Systems, and many others. 

When looking for cybersecurity jobs that are associated with the federal government, you may require active security clearances or the ability to qualify for a clearance. Government security clearances require employees to be citizens of the United States and undergo background checks. Certified ethical hackers looking to fulfill their career in public service can work directly for the federal government. Agencies like the FBI, Department of Homeland Security, the intelligence agencies, and the Department of Defense all use ethical hackers for various tasks. To find out more about working directly for the federal government, find more information at usajobs.gov. 

If working for the government is not a priority, look at large network service providers like Amazon Web Services and Verizon. With network access as their main business, cloud and other services providers have their own in-house ethical hackers to help maintain security. 

Freelancing as an Ethical Hacker

Ethical hackers who want to set their own schedule or work on a variety of projects may decide to be freelancers. As freelancers, ethical hackers will have to hustle their own contracts, support their own business, and manage their own benefits—and will have the flexibility to work when and where they want. 

Finding contract work has become easier with social networking sites for professionals looking for people who need their services. Two sites like Neighborhood Hacker and the Ethical Hacker Search Engine allow ethical hackers with certifications to advertise their services—and those looking for their services to find a professional. Both sites are responsive as brokers and help manage disputes between ethical hackers and clients.

More general sites for independent freelance consultants also are good sources for finding clients. Two of the top sites for finding this are UpWork and Freelancer.com. These sites combine job listings with project management tools for both the client and the ethical hacker to manage the relationship.

Want to check the course preview of our CEH Course? Click here to watch.

Conclusion

The number of data breaches in the U.S. jumped 29 percent in the first half of 2017; pushing the already-increasing demand for ethical hackers even further across industries. There is no shortage of opportunities for the certified ethical hacking professional, but certification, skill, and solid ethics are key for anyone looking to build a successful career. 

Want to know why you should take the certified ethical hacker training course? Watch our short video “Ethical Hacking Certified Professional Training” to learn more.
 

About the Author

Scott Barman, CISSP, is an information security professional in the Washington, DC area. With over 35 years of industry experience, he has spent the last 20 years working with the federal government helping them identify cybersecurity risks and mitigations.


{{detail.h1_tag}}

{{detail.display_name}}
{{author.author_name}} {{author.author_name}}

{{author.author_name}}

{{detail.full_name}}

Published on {{detail.created_at| date}} {{detail.duration}}

  • {{detail.date}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}

Registrants:{{detail.downloads}}

Downloaded:{{detail.downloads}}

About the {{detail.about_title && detail.about_title != null ? detail.about_title : 'On-Demand Webinar'}}

About the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Webinar'}}

Hosted By

Profile

{{author.author_name}}

{{author.author_name}}

{{author.about_author}}

About the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Ebook' }}

About the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Ebook' }}

View {{detail.about_title && detail.about_title != null ? detail.about_title : 'On-Demand Webinar'}}

Webcast

Register Now!

Download the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Ebook'}}!

First Name*
Last Name*
Email*
Company*
Phone Number*

View {{detail.about_title && detail.about_title != null ? detail.about_title : 'On-Demand Webinar'}}

Webcast

Register Now!

{{detail.about_title && detail.about_title != null ? detail.about_title : 'Webinar'}} Expired

Download the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Ebook'}}

Email
{{ queryPhoneCode }}
Phone Number

Show full article video

Name Date Place
{{classRoomData.Date}} {{classRoomData.Place}} View Details

About the Author

{{detail.author_biography}}

About the Author

{{author.about_author}}