- Who is an ethical hacker?
- What does it take to become an ethical hacker?
- #1 – CREST
- #2 – CEH (Certified Ethical Hacker)
- #3 – LPT (Licensed Penetration Tester)
- #4 – CISSP (Certified Information Systems Security Professional)
- #5 – CCSP (Certified Cloud Security Professional)
- #6 – GIAC Security Essentials
- #7 – OSCP (Offensive Security Certified Professional)
Who is an ethical hacker?
As an ethical hacker, you have an odd job. Companies hire you to compromise a product’s security. You’re someone who finds “holes” in the final product.
You perform VAPT or Vulnerability Assessment and Penetration Testing. Your job is to produce a report of vulnerabilities while suggesting fixes.
This form of testing applies to almost every IT-related product. It can be a software/app, database, or even a website.
And it’s necessary. After all, if it isn’t you hacking – then it’s someone malicious!
What does it take to become an ethical hacker?
Becoming an ethical hacker requires training. Even more importantly – you need to be certified. And you’re not just getting any certification.
You need specific security testing certificates to prove your efficacy.
I have mentioned here 7 certifications which can help you land a job in a security testing company.
Explore the list, get yourselves trained in these certifications and start your ethical hacking career!
#1 – CREST
It’s an internationally recognized security testing body headquartered in the UK. From there, you can get a special certificate.
It is a special certificate because it is professionally recognized in the marketplace. Getting a CREST certification means many job opportunities, both at home and abroad!
It works well for ethical hackers who work at home. Its wide recognition means being more approved of on the world markets.
CREST provides certifications at multiple levels, and for many jobs. Plus, it isn’t just 1 certificate. There are many schemes you get tested on, which defines your security specialization.
This is their certification framework. It’s also titled as a “cyber essentials” program, and it focuses on solidifying security testing fundamentals.
This scheme focuses on 5 control measures
- Malware Protection
- Patch Management
- Secure Configuration
- Boundary Firewalls/Internet Gateways
- Access Control
In a sense, it’s a certification program for software testing. Thus, CREST is an excellent certification for software testers.
CREST is highly recommended before exploring other options.
The 4 Exam Branches
CREST provides up to 16 types of security tests. They range from practical exams to pen and paper knowledge tests. To be registered as a security specialist, you need 2 years of experience. And to do be certified, you need 5 years.
With CREST, you can get specialized certifications depending on your field. But as a security tester, penetration testing should be your top priority. However, we still recommend exploring the previous branches, and picking your specialty!
#2 – CEH (Certified Ethical Hacker)
This certification is much simpler than CREST. So, it’s recommended for beginners in security testing. Even though it is simpler, it still is highly rated.
And it’ll introduce you to many concepts and tools in the security testing world.
Unlike CREST, there are no eligibility criteria for this certification. That is, you don’t need to wait 2-5 years.
It acts as an excellent “base certification.” Plus, it’s accredited by the EC-Council, which is a global leader in ethical/forensic hacking.
Finally, taking the exam is free. That is, its fee is included in the courses (which you need to take beforehand).
Speaking of that…
Everything is done in live virtual classrooms. And the sessions are recorded, just in case, you miss something. Being an online class, you’ll need headphones and a microphone.
After all, you’ll be talking to others in class too! Additionally, there’s a community and support system behind the certification. If you have inquiries, it’s easy to get help!
While a good certification – it only lasts 3 years. Plus, the course itself is lengthy, and the exam time is 4 hours. This is not a certification you can get quickly!
#3 – LPT (Licensed Penetration Tester)
In the previous point, I had mentioned about EC-Council. As is turns out, they’re endorsing multiple certification programs.
LPT is one of them. In fact, this certification is made by them! You can be guaranteed that it’s designed with quality. And it’s highly regarded when applying for security testing jobs.
Again, there are no eligibility criteria for signing up. You can join the courses, take the exam, and get certified quickly.
However, note that the certification is only valid for 2 years. And when renewing, the cost of retaking the exam is $250.
To take the exam, you need to be 18 years or more. You’re most likely that age or older if you’re reading this. But still, there are a few people out there who want early licensing.
Do note the following…
If you’re under 18 years of age, you can still take the exam with written consent by your parent/legal guardian.
What this means is – this can be the earliest certification you get. You can use it to start your career early!
#4 – CISSP (Certified Information Systems Security Professional)
This certification is more advanced. And there is a reason behind it. It is aimed at full-time professionals.
That is, training for it requires “5 years of fulltime experience” in 2/8 of CISSP’s domains. The requirements are quite tough. The good thing is, you can prepare for it online (both courses and the exam).
The courses contain 32 hours of material – all led with an instructor’s help. You can attend an online classroom or self-learn.
However, note that it is a little pricey – costing $2000 to $3000. So again, it’s for serious professionals.
The material is primarily for managerial roles. It’s more focused on strategy and management of security efforts. That is, if you’re already an ethical hacker, and want a promotion – this is the course you’ll need.
This is an internationally accepted certification (just like CREST). You can take the test as a student in North America, Europe, Asian-Pacific, and the Middle East.
This test is quite serious, and you’ll need to find a Pearson VUE branch to take one. Plus, the exam includes 5 test papers.
And you need at least an 85% or higher score in 3 of them to pass. But then again, the certification is worth it. It’s a step extra in the path of a professional!
#5 – CCSP (Certified Cloud Security Professional)
Not all VAPT protocols are software testing. Sometimes, information on the cloud is what’s protected. And this certification ensures that a hacker is qualified for that job.
This certification is promoted by ISC – a world leader in cybersecurity. ISC promotes many other certifications (like the previous option). And they only recommend the best.
This is one of them.
The exam is 3 hours long, and tests in you in 6 domains. Please note, the test has to be taken in English only. Also, the exam is frequently updated, and so are the course materials that come with it. In fact, the next update is in August 2019.
Costs and Requirements
The exam normally costs about $550 – with retakes being between $300 to $400. Also, you need tons of professional IT job history.
Qualifying requires 5 years of paid full-time experience. Out of those 5 years, at least 3 years should be in information security.
#6 – GIAC Security Essentials
This certification tests for “hands-on” security work. Thus, it’s a practical exam. We recommend this certificate since it has a long life. It needs to be renewed every 4 years, which is a good timeframe.
It’s only one exam, with 5 hours required for completion. It’s taken with a proctor’s supervision, and the passing score isn’t excessively high (only at 73%). You’ll need to take it at a test centre and on schedule.
You would need to find a Pearson VUE branch near you
#7 – OSCP (Offensive Security Certified Professional)
Let’s finish the list with a highly specialized program. It’s designed as a fully “hands-on” test. This program focuses on training hackers exclusively, maximizing their capability.
As for the test – it is 24 hours long.
In that timeframe, you’re given a database that you’re required to breakthrough. You have to research, test, and demonstrate your capability during that period.
Passing or failing depends on whether you hack it or not. So yes, it’s a longer exam than normal. But consider it the epitome of what it takes to be a certified ethical hacker.
You can take courses for this test online or offline. And it has limited seats for signups. It costs about $800, it’s quite expensive. However, it is worth the investment!