Matt Zbrog
What it means to be a hacker has changed a lot over the years In 1984’s Hackers: Heroes of the Computer Revolution, a hacker was generally just a member of the computer programming subculture, someone who knew how to navigate the new and complex landscape of computer technology.
By the 1990s, the term “hacker” had taken on a darker connotation, used by the mainstream to describe a new wave of cyber-criminals who used their advanced knowledge of hardware, software, and networks for financial gain (or sometimes for gleeful destruction).
Today, the hacker label is applied widely and can have several different meanings. Even people like Steve Jobs and Mark Zuckerberg are sometimes referred to as hackers for bringing an innovative and disruptive mindset to the tech world.
But modern hackers, in the purest sense, generally fall into two categories: the black hat hackers who use their skills for profit and malice, and the white hat hackers who work against them. What they have in common is a strong understanding of cybersecurity and a growing influence on modern society.
Cyberattacks are on the rise. Data breaches in 2021 are on pace for a record-setting year, according to Nasdaq, affecting an estimated 1,291 American businesses and 281.5 million people. President Biden has made cybersecurity a top priority, and both businesses and government organizations are scrambling to recruit whitehat hackers to bolster their cybersecurity assets.
According to the Bureau of Labor Statistics (BLS 2021), careers in cybersecurity are some of the fastest growing in the nation. Jobs for information security analysts—a common cybersecurity job title—are projected to increase 33 percent between 2020 and 2030, which is over four times the national average. The pay is far above average, too: the median salary for cybersecurity professionals is over $103,590 per year, and over 10 percent higher than the average for all computer-related occupations.
In the 21st century, where every company is a tech company, cybersecurity professionals and whitehat hackers can work practically anywhere—even coffee companies need strong cybersecurity measures.
Whitehat hackers can work for small, medium, or large businesses, where they’ll perform penetration testing and cybersecurity upgrades that help secure customer and organizational data. They can also work for government agencies, and participate in the defense of the nation’s cyber-infrastructure. Or they may work as whitehat hackers for hire, operating as consultants who test a client’s cybersecurity from outside, then help integrate changes from within.
Some typical tasks and responsibilities of whitehat hackers include:
Hackers, practically by definition, buck tradition. True to form, there are a huge number of different paths to a career in whitehat hacking, where code is (usually) law. Perhaps more than any other field, capability and experience matter more than bullet points on a resume.
Still, if you’re just getting started, there are some fundamental steps you can take to set yourself up for a successful career as a whitehat hacker. Check out the step-by-step guide below, and feel free to hack it along the way.
Practically every successful whitehat hacker has a streak of non-conformity within themselves, but most make the wise decision to graduate from high school. On top of the core curriculum, aspiring hackers should also pursue extracurricular learning in computer science-related fields, both in and outside the classroom: even if a high school’s computer science offerings are lacking, the internet’s aren’t and it’s never too soon to get started.
After graduating from high school, aspiring whitehat hackers will need to earn a bachelor’s degree in a field like computer science or cybersecurity. Entry requirements typically include a strong high school GPA (3.0 or greater); SAT and/or ACT scores; and an essay.
Notably, the aspiring hacker’s undergraduate experience extends beyond the classroom: two Penn State undergraduates were put on Major League Hacking’s Top 50 Hackers list in 2020; Mark Zuckerberg started (or stole?) Facebook from his dorm room in 2004.
The online bachelor of science in cybersecurity program at Southern New Hampshire University (SNHU) gives students the hands-on experiences they need to develop a security mindset. The program achieves this through two approaches: a systems thinking approach, which examines how complex components interact with one another; and an adversarial thinking approach, which explores hacker tradecraft and incident response tactics. Students may also choose to specialize in either data analytics or process management. The program consists of 120 credits.
The online bachelor of science in computer networks and cybersecurity program at University of Maryland Global Campus (UMGC) teaches students how to design, implement, administer, secure, and troubleshoot corporate networks. The curriculum includes classes such as ethical hacking; network security; digital forensics in the criminal justice system; and cloud technologies. A vertical pathway option allows students to use completed credits towards future graduate degrees in related fields at UMGC. The program also consists of 120 credits.
After graduating from university, aspiring whitehat hackers can begin gaining early work experience. You don’t need to obsess about getting a FAANG internship here—hackers by definition want to break the rules, and small businesses and startups may be better at allowing aspiring hackers the freedom they need to do so.
Early work experience can also help aspiring hackers widen their professional network and gain exposure to a wide range of ideas that may come into play later on.
While it’s not a requirement for employment, early-career hackers can earn professional certification as a Certified Ethical Hacker (CEH). It’s one of several non-academic certifications that can validate a whitehat hacker’s professional skill set, and it may be a valuable asset particularly when applying for jobs in government organizations. For those who have some computer science background but little in the way of cybersecurity experience, the EC-Council, which hosts the CEH program, also offers training courses.
To be eligible for the CEH, applicants must have two years of work experience in a field related to information security. Once deemed eligible, applicants must pass a four-hour, 125-question multiple-choice exam that covers nine domains: information security and ethical hacking; reconnaissance techniques; system hacking phases and attack techniques; network and perimeter hacking; web application hacking; wireless network hacking; mobile platform, IoT, and OT hacking; cloud computing; and cryptography.
Cybersecurity is a constantly evolving field, and whitehat hackers need to stay abreast of developments in an extremely dynamic landscape. One of the ways hackers do that is through professional certifications. While they aren’t a strict requirement, some employers do look for specific certifications that match the specific cybersecurity needs of an organization.
Each certification has its own eligibility requirements and area of focus, but some popular professional certifications for cybersecurity professionals include:
While it’s not a requirement to start work as a whitehat hacker, a master’s degree in cybersecurity or computer science can be an asset for those who aspire to leadership roles within cybersecurity. Typical entrance requirements include: a strong undergraduate GPA (3.0 or greater); relevant work experience; letters of recommendation; and a statement of purpose.
The online master of information and cybersecurity (MICS) program at UC Berkeley’s School of Information (I School) provides students with the cybersecurity skills they need to lead in both private sector companies and public sector organizations. The curriculum includes courses such as cryptography for network security; operating system security; privacy engineering; and government, national security, and the fifth domain. The program consists of 27 credits and can be completed in as little as 20 months.
The master of science in cybersecurity program at the University of Arizona teaches students how to prevent, monitor, and respond to data breaches and cyberattacks. Designed for working professionals, the interdisciplinary curriculum includes classes such as ethical hacking and social engineering; cyber warfare; fundamentals of cloud security; and systems engineering processes. Students will specialize in either information systems or physical systems. The program consists of 33 credits.
Hackers operate at the borders of what’s possible. To find out where the field of cybersecurity is today, and where it’s going, check out some of the resources below.
Matt Zbrog
Matt Zbrog is a writer and researcher from Southern California. Since 2018, he’s written extensively about the increasing digitization of investigations, the growing importance of forensic science, and emerging areas of investigative practice like open source intelligence (OSINT) and blockchain forensics. His writing and research are focused on learning from those who know the subject best, including leaders and subject matter specialists from the Association of Certified Fraud Examiners (ACFE) and the American Academy of Forensic Science (AAFS). As part of the Big Employers in Forensics series, Matt has conducted detailed interviews with forensic experts at the ATF, DEA, FBI, and NCIS.