Many of our members here at Null Byte are aspiring hackers looking to gain skills and credentials to enter the most-valued profession of the 21st century. Hackers are being hired by IT security firms, antivirus developers, national military and espionage organizations, private detectives, and many other organizations.
Presently, there is a worldwide shortage of skilled hackers and salaries are rising rapidly. This is a great time to pursue a career in hacking—and this is a good time to discuss how to become a hacker.
Education vs. Experience
There are many paths to entering this profession. Unlike, say medicine, where there is a single proscribed path you must take to enter the profession, the same cannot be said for hacking. Some believe that the only route to the profession is through many years of school and degrees. On the other hand, many simply launch into their skill development at an early age and continue to hone their skills over time.
At this time—the end of 2015—I would say that the vast majority of professionals in this field have taken the latter route. They simply start playing with computer systems, dissecting them, figuring out how they work, and how to break them.
Most have little formal education. For instance, the notorious Edward Snowden of NSA fame did not even graduate from high school, yet held a highly paid position at the CIA, then as a NSA contractor earning about $120,000 year. Firms want practical skills, not gaudy resumes.
I am not trying to discourage anyone from going the formal education route (after all, that is the route I took), but it is not the ONLY route. The formal education route can be the safest route to a career in IT, but from my experience, may not be the most direct route to become a professional hacker.
Most college professors and instructors have little or no experience with hacking. They have been trained in how to build systems, not break them. This means that, although they may offer a course in hacking, they don't have the mindset of a hacker. Their courses are more like trying to learn to build an airplane from someone who has only read about flying a kite.
The Hacker Mindset
One of the key traits that sets apart hackers from run-of-the mill IT folks is the "hacker mindset." This mindset is best described by four attributes:
- Problem solving
- Commitment to freedom
- Creativity
- Helping your fellow hacker
Much has been said already here on Null Byte about helping our fellow hackers, so I won't repeat it. I will, though, re-emphasize that Null Byte is a newbie-friendly environment for learning hacker skills—and I intend to keep it that way. Mistreatment of those trying to learn will not be tolerated here.
Hackers believe in freedom. That's why Linux and so many of the hacking tools are open source. This freedom extends beyond the software and includes freedom of the internet, freedom of information, and freedom to exchange.
The hacker mindset is not limited to a single way of doing things. The hacker realizes that there many, many ways to get the same thing done. When a hurdle arises, they find a new way to bypass it. Sometimes this means using our tools in ways they were not intended, and sometimes it means creating our own tools. To use an overused cliché—don't be boxed in by others' ways of doing things. Think outside the box!
Problem-Solving
The hacker must be a problem solver. This skill comes from repeatedly solving problems without asking someone else to solve it for you. Although it may be easier to Google for the solution, or ask someone with more experience, this will bypass the process of learning how to break down problems into manageable units and solve each one analytically.
ALL hackers have this skill. Without it, you will doomed to frustration and mediocrity. It's okay to ask for help when you are stuck, and our Null Byte community is a great place to ask as there so many knowledgeable and helpful hackers here, but problem-solving is a skill that is only developed and strengthened by practice.
You might be able to ask and get a quick answer here, but if you solve it yourself, you will be strengthening your analytical and problem-solving skills that will not only serve you well as a hacker, but in all endeavors of life.
Persistence
Going hand in hand with the problem-solving skills is persistence. When faced with a hurdle or problem, the true hacker does not throw up their hands and quit, rather they persist until they create a solution. Sometimes those solutions may takes hours or days or weeks or months, but the hacker doesn't quit. They are confident that eventually they can crack the problem, and in the meantime, their persistence is yielding new knowledge and strengthening their very valuable problem-solving skills.
Basics Background
The hacker must have some basic skills of the IT field. These would include Linux basics and networking basics—at a minimum. To be capable of writing your own scripts, you need basic BASH scripting and preferably one of the following scripting languages: Perl, Python, or Ruby.
To delve deeper into exploit development, knowledge of assembler and C is required. If you want to attack databases, SQL knowledge is required. When attacking websites, a whole host of web languages is useful.
In many cases, it's useful to learn how to build something before you try to hack it. For instance, once you have built a web app, then its easier to understand how to hack them. This isn't required, but some people find it a better route. There are some hackers who are incapable of building anything as their mindset is one of finding flaws and breaking things.
Hacker Skills Set
The hacker must develop some hacker-specific skills. As mentioned above, they have a knowledge of networking and Linux, but then must build upon that knowledge by becoming conversant in one of the hacker operating systems, such as Kali, and some of the more widely used tools, such as:
- Metasploit
- Nmap
- Hping3
- Wireshark
- BeEF
- Aircrack-ng
- Snort
- Cain & Abel
- Burp Suite
- Nikto
- Nessus, Nexpose, or OpenVas
- Sysinternals
- Sqlmap
- Dsniff
- Splunk
- Tamper Data
- p0f
- A good password cracker, such as John the Ripper or Hashcat, or any number of other password-cracking tools
Although this not an exhaustive list, I believe these to be the most important tools for the aspiring hacker to master.
Choose a Focus
The world of information technology is vast. There are so many technologies and languages and no one can master them all. If you try, you will likely be stuck in a superficial understanding of all of them without the deep enough knowledge to master any. The same applies to hacking. Choose an area to focus your efforts in and master it. Once you have mastered that one, then look to master another. No one masters them all—and definitely not at the same time.
Attempts to master all of the IT skills, and thereby hacking skills, will only lead to frustration and mediocrity.
Certfications
The IT industry, in general, and the hacking industry, in particular, like to see certifications. The reason for this is that certifications tend to be skill-specific, while degrees tend to be broad and theoretical. For someone trying to enter this field, the certifications are a surefire way to impress a prospective employer.
As a starting point, I suggest the CompTIA certifications such Security+, Network+, and A+. These vendor-neutral certifications will provide you the fundamental skill sets necessary to advance to the next level.
Then I would suggest a hacking certification. The Certified Ethical Hacker (CEH) is the grand daddy of ethical hacking certifications, but it is not held in high regard in the industry. That is why we will be offering our own certifications (CWA, CWE, and CWP) beginning in January 2016.
For those with advanced skills, there is the GIAC Penetration Tester (GPEN) certification and the Offensive Security Certified Professional (OSCP) certification. Both are well regarded in the industry, and they require hands-on skills to pass, unlike the CEH.
The growth of the IT security field and hacking have made this a prime time to study hacking. This growth and the concomitant demand for hackers will likely continue for many years into the future, making this career path a bright one for those with the aptitude and work ethic to study hacking.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
20 Comments
Thanks occupytheweb, your the best and you are a big part of what this site as become.
Dear OTW:
You said, "the true hacker does throw up their hands and quit", did you mean doesn't instead? If not, my mistake and thank you for this! You are quite inspiring.
-Smith
Yes, I meant, "does not". Thanks for pointing that out. I've edited it.
My professors at college focus on defense, which two out of three of them came from so its nice. The last one is more of a networking professor anyways. No hacking experience though.
I am agreed with OTW that experian is moat important for becoming hacker , but industry requires certificates and degrees. They do not gave importance to knowledge.........
This is true but sometimes not, if you dont have certificates and degrees but you got a lot of experience you will find a job a lot faster than the one with a lot of certificates and degrees.
But i think this applys to the people who started in informatics in the 80s.
Nowadays education is very important.
For example my oncle never studied in informatic , he started in the field in the 80s, and went from working as a tech on the road for various companies, and now hes in charged of the it departement of a big company and he knows almost everything in the field.
But back then and now its different of course
The problem with certificates in my opinion is that some people don't put them to practical work.
People with experience have learned by actually doing stuff whilst people who have certificates and no experience have probably just learned on paper.
It really depends more on the person rather than being a experience vs certificate thing.
Eitherways, ambition gets you there.
~CyberMask.
Great article. This really helped me gain a sense of direction for educating myself, thanks OTW
I've heard that CEH is a worthless certification and you should not waste time and money on it, by some certified persons. Is it true worldwide?
-The Joker
It is a VERY weak certification.
Hello all,
I am currently starting to learn all the things on nullbyte, even though that I am not directly working in the field of IT. What made me curious is the question of age. Is there an age, when you are too old to learn these skills?
~MS
I would say that you are never too old.
4 days ago i had an exam of security information, its just fun to see how that was more like insecurity of information(in college, thats why i hate school), my opinion is get the skills by yourself(internet,books masters etc), but dont waste your precious time and money in these hacking certification, hacking is a skill, you dont need paper to prove your skills(real companies). Instead take this time to learn the behind scheme, take a ccna course or learn a new language(chinese would be great but python is easier) but dont pay for these hacking certificates, thats why linux is open source...(my personal opinion, i tried once to take these boring courses, most of them are worthless)
Hacked by Mr_Nakup3nda
Hi OTW,
Thank you for great articles.
I would like to know your opinion about cybrary.it courses in general and their certifications in detail. How good or bad they are?
Thank you again.
Rinux
That's something even I'd like to know, what sir otw thinks of about their courses, and the whole website in general.
-The Joker
I'm a little confused.. should i just totally focus on Ruby language for example.. or would it be better if i expand my focus on ruby and Linux both at the same time?
It's all dependent on what your end goal is. Linux is a must, it's always good to know a language, especially if you have to work with PoC's or if you want to develop your own tools.
As far as which language to learn, I recommend Python for pentesting, lots of libraries and stuff written in Python. If pentesting doesn't work out, Python is always great for system administration. Sometimes you will need a compiled language like c++.
Information security is a broad field with many different specializations. The key really is to find something that clicks. If you're just starting out I'd recommend working with some languages, working with Linux, working with networks, do a bit of everything until something clicks into place. Once you have that epiphany keep working with it and master it, then if you want to move on to mastering something else.
Thank you for your help.. would it be a kind of distraction if i do a bit of everything?.. i've worked a little bit on Linux, java,PHP and ruby long time ago. and i actually enjoyed them all (except Java i found it hard).. i ended up quitting because i didn't know where to begin.
Doing a bit of everything is fine. Eventually you will need more than just a broad understanding and will need to specialize.
Hi There,
My query is too long so please beer with me.
My name is Mahesh-28 and I did my btech in 2015. I am wondering if there is any career in ethical hacking field. I am very interested for that. To inform you that currently I am working as a helpdesk executive in velocis company. I am really interested the way so that I can move myself towards this. I heard that there is not much scope in India for ethical hacking I do not want to put myself into the things which will not have scope in future. Is it possible to make career as programmer and hacker. Or do I have to make my career as programmer or developer would be more good than become hacker?
Is there anyway to become individual ethical hacker or cyber security expert? Is there any government sector vacancy for cyber security expert if yes what is the criteria for the same.
Suggest the way ahead please .
Also which company's hiring for ethical hackers.
What would be the salary criteria for the same..?
Is it possible to become programmer and hacker at the same time.?
Share Your Thoughts