An explanation of ethical hackers

Name: What is an Ethical Hacker and What Do They Do?
Uploaded: 2021-12-20T10:46Z
Duration: 2 min 42 s

Kaitlin Herbert, Content writer

In this video, TechTarget editor Jennifer English talks about ethical hackers, how they differ from typical hackers and how they can aid in protecting an organization's data.

Although the term hacker usually comes with a negative connotation, there are good hackers too.

An ethical hacker is an infosec specialist who breaks into a computer system, network or application with permission. Ethical hackers are hired by organizations to find and attempt to exploit vulnerabilities to see if malicious hackers can gain access.

Ethical hackers can help organizations by evaluating IT security measures and identifying those that are effective, require updating or have exploitable weaknesses. They can also demonstrate methods used by cybercriminals to educate and help companies prevent possible attacks.

Ethical hackers often use the same techniques as malicious hackers to create an overall vulnerability assessment. These techniques can include the following:

Reverse engineering.
Penetration testing.
Port scanning.
Social engineering.
Phishing.
Footprinting.
SQL injection.
Sniffing.
Cryptography.

To identify potential attack vectors that could harm business and operational data, an ethical hacker must have extensive technical knowledge in information security. Technical subjects like programming, scripting, networking, hardware engineering, system administration and software development provide a fundamental understanding of the technologies that ethical hackers work on.

Along with academic degrees in computer science and actual experience working with security systems, there are several industry certifications that can help demonstrate subject matter expertise. A few of these certifications include the following:

Certified Ethical Hacker by the EC-Council.
Certified Information Systems Auditor and Certified Information Security Manager by ISACA.
CompTIA's Cybersecurity Analyst, Advanced Security Practitioner and PenTest+ certifications.
GIAC's Security Essentials certification.

Does your organization employ ethical hackers? Why or why not?

Kaitlin Herbert is a content writer and former managing editor for the Learning Content team. She writes definitions and features.