Skip to main content

Job: Ethical hacker

The role: While hackers seek to exploit holes in cybersecurity systems for malicious purposes, ethical hackers are employed by the creators of those systems to help identify vulnerabilities before they can be breached.

“An ethical hacker is a security expert that basically tests systems or software for potential vulnerabilities that would allow them to break through the system, but they do it on behalf of the owner, so the owner of the system is aware of it,” explained Abdul-Aziz Hariri, a Montreal-based senior security researcher at Zero Day Initiative, a “bug bounty” program established by multinational cybersecurity company Trend Micro.

Story continues below advertisement

Mr. Hariri explains that most major technology vendors have similar bounty programs that offer cash rewards to those who report vulnerabilities in their system. While such programs offer one way for ethical hackers to earn an income, many are employed full-time by larger organizations to test systems and software internally, both before and after it is released to the public.

“There’s freelance jobs, there’s jobs as part of a consulting firm and there’s companies that have specific teams in-house who are only built of ethical hackers to test internal systems,” he said.

Although ethical hackers are often required to submit a report on any liabilities they discover, they are typically not responsible for fixing vulnerability themselves.

Salary: According to Mr. Hariri, ethical hackers typically begin their careers earning between $40,000 and $50,000 a year, while those at the top of the field can earn $150,000 to $180,000 annually.

“It doesn’t really matter if you have a computer science degree or a master’s degree, it just matters if you have the skills, if you have a good reputation and you’re constantly finding [vulnerabilities],” he said.

Mr. Hariri explains that when major technology vendors update their systems to protect against a newly discovered gap in their defense, they publicly announce the name of the ethical hacker that identified the vulnerability. As a result, salary expectation in the industry is often tied to reputation.

Mr. Hariri adds that technology vendors often host events and challenges that offer cash prizes as high as six figures to those that identify previously undiscovered vulnerabilities, which some ethical hackers use to supplement their income.

Story continues below advertisement

Education: Those who are yet to receive public recognition for their abilities can instead pursue internationally recognized certification, such as the Certified Ethical Hacker designation offered by the International Council of Electronic Commerce Consultants.

“This can be a good start for someone who wants to learn about ethical hacking and get exposed to different types of network attacks and the tools that can be used for that purpose,” said Mr. Hariri, adding that formal education is not a requirement for working in the industry.

“Most of the skilled researchers that I’ve seen are self-taught, but I’d recommend starting with the basics, like computer science, and then branch out from there,” he said.

No matter how they establish themselves, Mr. Hariri emphasizes the importance of continuous, self-directed learning for anyone that wants to be successful in such a quickly evolving field.

Job prospects: As more companies utilize more advanced technology systems, both within the technology industry and beyond, the need for ethical hackers is only expected to grow, Mr. Hariri said. Furthermore, as a job that can typically be completed remotely, ethical hackers are often not bound by geography or local economic conditions.

Challenges: Playing defence against increasingly sophisticated and well-funded opponents requires ethical hackers to stay on top of quickly evolving industry trends. As a result, Mr. Hariri believes “the hardest part is actually just staying up to date.”

Story continues below advertisement

He adds that the best way for ethical hackers to do so is by participating in industry events and conferences.

Why they do it: While staying up to date on a complex and ever-changing threat landscape has its challenges, Mr. Hariri says most are motivated to enter the industry out of a love for solving complex puzzles and making a positive impact.

Misconceptions: Mr. Hariri says that even with the word “ethical” in the title, many mistakenly associate it with illegal hacking. “Ethical hackers are out there to help make things better, help vendors fix their bugs and help technology owners find vulnerabilities in their system,” he said.

We’ve launched a new weekly Careers newsletter. Sign up today.

Report an error Editorial code of conduct
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter