What is an ethical hacker?

An ethical hacker, also known as a ‘white hat hacker’, is employed to legally break into computers and networks to test an organization’s overall security. Ethical hackers possess all the skills of a cyber criminal but use their knowledge to improve organizations rather than exploit and damage them.

By employing an ethical hacker, organizations get an insight into their own security vulnerabilities – thus safeguarding them from future cyber attacks.

Ethical hacking vs penetration testing

Although ethical hacking is sometimes used interchangeably with penetration testing, there are some important differences.

Ethical hackers may get involved in tactics beyond penetration testing. For example, they might choose to test defenses against social engineering techniques by encouraging employees to reveal sensitive business data or log-in credentials.

On the other hand, penetration testing is focused solely on assessing one or a few network vulnerabilities that organizations may have.

How much does an ethical hacker earn?

According to Salary.com the average salary for an ethical hacker is $105,973 as of June 26th  2023. The salaries vary between $95,137 and $119,413 depending on experience, certification level and additional skills.

How to become an ethical hacker?

While there are certainly redemption stories of black hat hackers being converted to white hat hackers, this isn’t always the case. Any individual that possesses the right knowledge and skillsets can become an ethical hacker, especially if they aim to uphold high ethical standards.

CrowdStrike commissioned a review of 900+ job adverts on Indeed to identify what employers are looking for when it comes to ethical hacking roles. Below you can see the most in-demand skills, certifications and education levels for employment as an ethical hacker:

Research showing if you need a degree to become an ethical hacker and the most popular subjects

Obtaining a bachelor’s degree or higher can help a candidate stand out and demonstrate key qualities an employer is looking for, including discipline, critical thinking, good time management and determination.  And according to our analysis 73% of the ethical hacking job adverts analyzed required a degree from applicants.

It’s well documented that one of the most popular ways to pursue a career in ethical hacking is to gain a computer science degree. But our analysis shows just 25.9% of adverts that mention a degree also mention a computer science degree. It is still the most popular degree subject when listed though.

The significant number of adverts that don’t specify a degree subject indicates employers are perhaps more interested in your knowledge set and past experience than educational attainment. If you can demonstrate you have the right computer skill knowledge as a prerequisite, a computer science qualification isn’t essential.

The following knowledge is the most touted by employers, so ensure you understand the advanced principles in each:

Research showing the most important things to learn about prior to becoming an ethical hacker

Cloud knowledge is the most commonly cited by employers. Cloud computing is transforming business operation in the modern age. And as more and more businesses shift to a cloud-based model, it becomes a bigger target for increasingly sophisticated attacks. All ethical hackers, therefore, should have advanced knowledge on cloud security.

Other vital things to learn about are malware, compliance regulations/security standards (especially PCI security standards) and programming systems (such as Linux, Python and Perl).

Tools such as Metaspoilt and Wireshark are important and will help you stand out from the crowd, although they are slightly less cited in job adverts generally.

More basic knowledge around things such as HTML and JavaScript aren’t as well cited, but it’s likely employers will assume you have that skillset.

There are certain certifications you can take to ensure you showcase your breadth of knowledge about hacking and evolving techniques. The most frequently mentioned certifications can be found below:

Research showing the most important certifications to take to become an ethical hacker

Perhaps unsurprisingly, becoming a Certified Ethical Hacker (CEH) is the most beneficial professional certification you can have – it’s mentioned in 77.2% of job adverts. But taking a course to become a Certified Information Systems Security Professional (CISSP) will also help you stand out – mentioned in 62.6% of job adverts.

Finally, there are also some soft skills you’ll need to consider to make sure you’re suited towards a career in ethical hacking:

Research showing the most important soft skills ethical hackers need to have

Research skills are the most important soft skill. Threat actors are constantly evolving their techniques and targets to evade detection, monetize on attacks and cause the widest disruption possible. Therefore, ethical hackers will need to be as equally up to date to protect their clients or organizations.

Collaboration is also key; ethical hackers won’t be in it alone and they’ll likely be working with internal security professionals or colleagues to consult on how to improve systems and/or networks.

Soft skills can be just as important as your security and computer knowledge. Employers will likely be asking about your personal life here to get an idea if you are well suited to the role. So, make sure you can bring up some relevant real-life examples to demonstrate your soft skills.

Where are the most opportunities?

Ethical hackers can be freelancers, work for an agency, or employed within an internal organization. Our analysis stretched beyond looking at a sample of ethical hacking job adverts to identify how many opportunities there were in the biggest U.S. cities.

 Research showing the areas of the U.S. with the most ethical hacking opportunities

Washington, D.C. has the most roles with 23.6% of all advertised opportunities in the U.S. Next was Baltimore with 5.5% of all advertised opportunities.

It’s important to note though that many ethical hackers will be employed remotely, meaning your location might not be too relevant. This also means it’s a career that could give you a lot of freedom to live anywhere in the world. 13.7% of all advertised U.S. opportunities are offering remote work.

JJ Cranford is a Senior Manager of Product Marketing at CrowdStrike primarily responsible for Incident Response and Advisory Services. JJ previously held roles at Cybereason, OpenText and Guidance Software where he drove go-to market strategy for XDR, EDR and DFIR product suites. JJ provides insight into market trends, industry challenges, and solutions in the areas of incident response, endpoint security, risk management, and ransomware defense.