Skip to main content

Job: Ethical hacker

The role: While hackers seek to exploit holes in cybersecurity systems for malicious purposes, ethical hackers are employed by the creators of those systems to help identify vulnerabilities before they can be breached.

“An ethical hacker is a security expert that basically tests systems or software for potential vulnerabilities that would allow them to break through the system, but they do it on behalf of the owner, so the owner of the system is aware of it,” explained Abdul-Aziz Hariri, a Montreal-based senior security researcher at Zero Day Initiative, a “bug bounty” program established by multinational cybersecurity company Trend Micro.

Mr. Hariri explains that most major technology vendors have similar bounty programs that offer cash rewards to those who report vulnerabilities in their system. While such programs offer one way for ethical hackers to earn an income, many are employed full-time by larger organizations to test systems and software internally, both before and after it is released to the public.

“There’s freelance jobs, there’s jobs as part of a consulting firm and there’s companies that have specific teams in-house who are only built of ethical hackers to test internal systems,” he said.

Although ethical hackers are often required to submit a report on any liabilities they discover, they are typically not responsible for fixing vulnerability themselves.

Salary: According to Mr. Hariri, ethical hackers typically begin their careers earning between $40,000 and $50,000 a year, while those at the top of the field can earn $150,000 to $180,000 annually.

“It doesn’t really matter if you have a computer science degree or a master’s degree, it just matters if you have the skills, if you have a good reputation and you’re constantly finding [vulnerabilities],” he said.

Mr. Hariri explains that when major technology vendors update their systems to protect against a newly discovered gap in their defense, they publicly announce the name of the ethical hacker that identified the vulnerability. As a result, salary expectation in the industry is often tied to reputation.

Mr. Hariri adds that technology vendors often host events and challenges that offer cash prizes as high as six figures to those that identify previously undiscovered vulnerabilities, which some ethical hackers use to supplement their income.

Education: Those who are yet to receive public recognition for their abilities can instead pursue internationally recognized certification, such as the Certified Ethical Hacker designation offered by the International Council of Electronic Commerce Consultants.

“This can be a good start for someone who wants to learn about ethical hacking and get exposed to different types of network attacks and the tools that can be used for that purpose,” said Mr. Hariri, adding that formal education is not a requirement for working in the industry.

“Most of the skilled researchers that I’ve seen are self-taught, but I’d recommend starting with the basics, like computer science, and then branch out from there,” he said.

No matter how they establish themselves, Mr. Hariri emphasizes the importance of continuous, self-directed learning for anyone that wants to be successful in such a quickly evolving field.

Job prospects: As more companies utilize more advanced technology systems, both within the technology industry and beyond, the need for ethical hackers is only expected to grow, Mr. Hariri said. Furthermore, as a job that can typically be completed remotely, ethical hackers are often not bound by geography or local economic conditions.

Challenges: Playing defence against increasingly sophisticated and well-funded opponents requires ethical hackers to stay on top of quickly evolving industry trends. As a result, Mr. Hariri believes “the hardest part is actually just staying up to date.”

He adds that the best way for ethical hackers to do so is by participating in industry events and conferences.

Why they do it: While staying up to date on a complex and ever-changing threat landscape has its challenges, Mr. Hariri says most are motivated to enter the industry out of a love for solving complex puzzles and making a positive impact.

Misconceptions: Mr. Hariri says that even with the word “ethical” in the title, many mistakenly associate it with illegal hacking. “Ethical hackers are out there to help make things better, help vendors fix their bugs and help technology owners find vulnerabilities in their system,” he said.

We’ve launched a new weekly Careers newsletter. Sign up today.

Interact with The Globe