Role of an Ethical Hacker – What exactly does an Ethical Hacker do?

Role of an Ethical Hacker – What exactly does an Ethical Hacker do?

Jayanthi Manikandan

Published on August 8, 2013


As serious security professionals, we almost give “similar security talk” to other business teams in our organization regarding anti-virus definitions, VPNs, encryption, mobile security, social media security, hacking, and so on. But when these security measures are not taken seriously, they fall apart.

This is when vulnerabilities set in and malicious elements seize the opportunity to penetrate the system.
Now comes the “certified ethical hacker”, whose primary job is to attack his own organization’s system to weed out vulnerabilities before “real hackers” do. The adrenaline rush of being an ethical hacker is unparalleled. Though an ethical hacker's role is similar to that of a “penetration tester”, it involves broader duties. "The term ethical hacking is said to have been coined by IBM” (White hat (computer security).

[Get to know how much Ethical Hackers earn with this Salary Guide]

Definition of "Ethical Hacker"

“Ethical hackers” are also known as “white hat hackers” because they break into systems legally and ethically. This is the primary difference between “ethical hackers” and “real hackers” – the legality. According to the EC-Council, Ethical hacker is defined as “an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker.” (Ethical Hacking)

Where are they employed?

While the concept of “white hat hacking” is not entirely new, the profession of ethical hacking is growing by leaps and bounds since major corporations like Facebook and Apple, as well as law enforcement agencies are employing “white hat hackers” to seek vulnerabilities and seal them. Every organization has a bug bounty program that rewards those who can find security vulnerabilities.

Who should be an ethical hacker?

As with any profession, passion for the profession is one of the key aspects to success. This, combined with a good knowledge of networking and programming, will help a professional succeed in the ethical hacking field.

What do ethical hackers do?

Apart from the regular pen tester duties, ethical hackers are associated with other responsibilities. The main idea is to replicate a “real hacker” at work and instead of exploiting the vulnerabilities for malicious purposes, seek countermeasures to seal it. A real hacker might employ all or some of these strategies to penetrate a system:

- Scanning ports and seeking vulnerabilities: An ethical hacker uses port scanning tools like Nmap, Nessus to scan one’s own systems and find open ports. The vulnerabilities with each of the ports can be studied and remedial measures can be taken.
- A ethical hacker will examine patch installations and make sure that they cannot be exploited.
 -The ethical hacker can engage in social engineering concept like ‘Dumpster diving’. The essence of ‘dumpster diving’ is to rummage through the trash bins for passwords, charts, any sticky notes with crucial information that can be used to generate an attack. To thwart these types of attacks, organizations always insist on employees to shred unwanted paper work and dispose unwanted media appropriately.
- An ethical hacker can also employ other social engineering techniques like ‘shoulder surfing’ to gain access to crucial information or play the “kindness card” to trick employees to part with their passwords.
- An ethical hacker will see if he/she can evade IDS(Intrusion Detection systems), IPS (Intrusion Prevention systems), honeypots and firewalls.In addition to this, an ethical hacker can employ other strategies like sniffing networks, bypassing and cracking wireless encryption, and hijacking web servers and web applications. (How to Become an Ethical Hacker, 2012) They also have to deal with issues related to laptop theft and employee fraud.

Detecting how well the organization reacts to all of these tactics is proof of the strength of security policy and security infrastructure of the organization. An ethical hacker attacks the perimeter defenses as well as the social engineering aspects of an organization as a real hacker will do.

While some may argue that there is no such thing as a “good hacker” and all “white hat hackers” are actually bad hackers who have turned good, the profession is here to stay.


About the Author

Jayanthi Manikandan has a Master’s degree in Information Systems with a specialization in Information Security from Detroit, USA. She also holds a certificate from the National Security Agency. Additionally, she is also a Sun certified Java Programmer and a Sun certified web component developer.


... ...



Published on {{detail.created_at| date}} {{detail.duration}}

  • {{}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}



About the On-Demand Webinar

About the Webinar

Hosted By





About the E-book

View On-Demand Webinar

Register Now!

First Name*
Last Name*
Phone Number*

View On-Demand Webinar

Register Now!

Webinar Expired

Download the Ebook

{{ queryPhoneCode }}
Phone Number {{ detail.getCourseAgree?'*':'(optional)'}}

Show full article video

About the Author


About the Author