A white hat hacker is also called an ethical hacker. Essentially, a white hat hacker tests an organizations IT systems to check for security threats and identify weaknesses. These penetration tests employ the same methods that an attacker (black hat hacker) would use to break into a network.
Background and Education
The most important skills to have for white hat hacking are problem solving, a sturdy technical understanding and communication skills. Not only do they need to keep calm under pressure but have the ability to enter into the mind of a black hat hacker and keep fixing leaks.
While there is no specific education criteria for careers like white hat hacking, a bachelor’s or master’s degree in information security, computer science or even mathematics can be a good base to build upon.
A military experience, specializing in computer forensics and intelligence, can also prove to be a useful skill set.
Certifications
There are many certifications in IT security training and white hat hacking that can help one make a career in this field.
The Certified Ethical Hacker (CEH) certification from the EC-Council is the top certification in white hat hacking and it is a vendor-neutral qualification.
The intermediate-level CEH program trains you for system hacking, enumeration, social engineering, SQL injection, trojans, worms, viruses and other forms of attack like denial of service (DoS). Students are also taught skills of cryptography, penetration testing, firewalls, honeypots and such.
The CEH recommends a five-day intensive training workshop for those with no experience. Candidates must possess basic Windows and Linux administration skills, be aware of TCP/IP and virtualization platforms.
The course will require at least two years of information security experience along with an application fee. There is also a self-study program which can be successfully completed with a single examination.
To become certified, white hat hackers will need to agree with the ethical code of the EC Council and stay away from any malpractices.
The SANS GIAC is another important certification. GIAC’s Security Administration certificates, starting with the GSEC, are another good place to start. The GIAC Penetration Tester (GPEN) and the GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) are well-respected certifications in the industry.
Mile2 is another avenue for those aspiring to become white hat hackers. Their Pen Testing Hacking series includes the introductory Certified Vulnerability Assessor (CVA), followed by the Certified Professional Ethical Hacker (CPEN), the Certified Penetration Testing Engineer (CPTE) and finally the advanced-level Certified Penetration Testing Consultant (CPTC).
