One area in particular, "ethical hacking" or "penetration testing", is particularly in demand. These so-called "white hat" hackers get paid to hack into computer systems and find vulnerabilities that malicious "black hat" hackers might exploit. "The demand for experienced ethical hackers is extremely high right now," said Steve Graham, Senior Director of the International Council of E-Commerce Consultants (EC-Council). The demand is being fueled by an ongoing breach of sensitive information by malicious hackers, Graham said. He points to the study by the Privacy Rights Clearninghouse, which found that more than 500 million sensitive records had been breached worldwide since 2005. Penetration testing, or "pen" tests, has become an integral part of cyber security since, without them, finding flaws in a computer system is often very difficult. Pen tests involve an analysis of a system for any potential vulnerabilities that could result from poor or improper system configuration, hardware or software flaws, or operational weaknesses in process or technical countermeasures. "If you have sensitive data worth protecting and spend time to segregate, protect, insure and create defense layers to minimize risks, without third party pen tests, you still don't have that validation piece that is necessary,"said Hord Tipton, executive director of the International Information Systems Security Certification Consortium (ISC2).
Hackers Wanted. Ethics Required
As the uncertainty of computer security is exposed through ongoing security breaches in the public and private sectors, one thing is certain: the demand for professionals well versed in cyber-security is exploding. One area in particular, "ethical hacking" or "penetration testing", is particularly in demand. These so-called "white hat" hackers get paid to hack into computer systems and find vulnerabilities that malicious "black hat" hackers might exploit. "The demand for experienced ethical hackers is extremely high right now," said Steve Graham, Senior Director of the International Council of E-Commerce Consultants (EC-Council). The demand is being fueled by an ongoing breach of sensitive information by malicious hackers, Graham said. He points to the study by the Privacy Rights Clearninghouse, which found that more than 500 million sensitive records had been breached worldwide since 2005. Penetration testing, or "pen" tests, has become an integral part of cyber security since, without them, finding flaws in a computer system is often very difficult. Pen tests involve an analysis of a system for any potential vulnerabilities that could result from poor or improper system configuration, hardware or software flaws, or operational weaknesses in process or technical countermeasures. "If you have sensitive data worth protecting and spend time to segregate, protect, insure and create defense layers to minimize risks, without third party pen tests, you still don't have that validation piece that is necessary,"said Hord Tipton, executive director of the International Information Systems Security Certification Consortium (ISC2).
One area in particular, "ethical hacking" or "penetration testing", is particularly in demand. These so-called "white hat" hackers get paid to hack into computer systems and find vulnerabilities that malicious "black hat" hackers might exploit. "The demand for experienced ethical hackers is extremely high right now," said Steve Graham, Senior Director of the International Council of E-Commerce Consultants (EC-Council). The demand is being fueled by an ongoing breach of sensitive information by malicious hackers, Graham said. He points to the study by the Privacy Rights Clearninghouse, which found that more than 500 million sensitive records had been breached worldwide since 2005. Penetration testing, or "pen" tests, has become an integral part of cyber security since, without them, finding flaws in a computer system is often very difficult. Pen tests involve an analysis of a system for any potential vulnerabilities that could result from poor or improper system configuration, hardware or software flaws, or operational weaknesses in process or technical countermeasures. "If you have sensitive data worth protecting and spend time to segregate, protect, insure and create defense layers to minimize risks, without third party pen tests, you still don't have that validation piece that is necessary,"said Hord Tipton, executive director of the International Information Systems Security Certification Consortium (ISC2).