Certified Ethical Hacker (CEH) is a professional designation to describe hackers that perform legitimate services for organizations and IT companies. A certified ethical hacker is a skilled individual who uses the same knowledge and tools as a malicious hacker, but who does so in a lawful and legitimate manner to assess the security risks of a network or system.
Typically the CEH understands and knows how to look for weaknesses and vulnerabilities and will assess the security of computer systems, using penetration testing techniques.
Certified Ethical Hacker (CEH) Checklist
Jump to a topic in this article:
The main goal of a CEH is to prevent unauthorized intruders from penetrating computer systems they work with. To successfully do this, the CEH remains up to date on new software and hardware and the latest security threats including viruses, trojans, and other malware. They create scripts that will simulate network security breaches, to test both current and future network additions. These breaches or attempted breaches are reported in detail and analyzed to create a risk assessment.
The CEH must be completely familiar with the business operations and infrastructure of the company in order to ensure that damaging information is not accessed by intruders. This is essential in determining the client’s security needs and effectiveness.
Part of the role of the CEH is to consult with clients; therefore strong interpersonal and customer service skills are required. The security assessments must be explained to the clients or managers, and shared with coworkers and other information security professionals. Due to the nature of the job, thorough problem solving skills are vital. Creating forward-thinking strategies to combat security system problems and writing computer programming code are fundamental skills required for the day to day duties of the Ethical Hacker.
Obtaining a bachelor’s degree in computer science or another related field is a necessity to become a certified ethical hacker. Many employers require a CEH Certification or similar certification to enter the cyber security field as experts. Familiarity with a range of different programming languages and experience with coding is vital. It is not uncommon to see former “black hat” hackers, or hackers who illegally accessed data or attacked networks, to become CEHs. They know and understand cyber threats and can offer protection as opposed to attacks in the security of corporate networks.
Often, CEH professionals are required to conduct testing and risk assessment via scripts. For this reason a strong technical knowledge in several of these areas: tools, testing methodologies, security concepts, network architecture, programming languages, and computer architecture is desirable. Prospective employers also look for individuals with experience using tools such as NMAP, NESSUS, Wireshark, Metasploit, Nexpose, Whitehat and those with knowledge and experience in malicious software techniques and defenses.
Many online job ads highlight the following key skills, responsibilities and work demands when applying for the position of BI developer:
- Internal / external vulnerability assessment and penetration tests
- Application testing and penetration testing
- Exploiting SQL injection, cross-site scripting, parameter manipulation, session hijacking
- Social engineering assessments
- Wireless security assessment
- Network device configuration review
- Technical security assessments (Windows/Unix Based, Firewalls, Routers, Servers, etc)
- Develop low-level tools that improve security testing and monitoring
- Deliver detailed reports to different team members and executives that document security findings
- Analyze and recommend remediation strategies that will address vulnerabilities and mitigate risks
- Review and hire vendors to incorporate security systems
- Maintain current knowledge and expertise with relevant security, IT environment, and industry IT trends
- Set up security policies that help personnel use best practices
- Train staff and personnel on best practices for network security
Certified ethical hacking positions are challenging, interesting and pay well, due to the nature of the job and the expertise required. The average annual pay to a Certified Ethical Hacker is $71,331. Salary ranges from $24,760 to $111,502, however bonus payouts can be between $0.00 and $17,500, and therefore the total salary is approximately between $24,760 and $132,322 (USA 2018).
Similar jobs include the following:
- Security consultant
- Threat and vulnerability manager
- Cyber security consultant
- Information security specialist.
Webopedia’s Top 10