The term “ethical hacker” is becoming more widespread as organizations and individuals realize the value they bring to the cybersecurity community as a whole. While value is recognized across many organizations and industries, many people still know very little about what their time and work entail. When an ethical hacker is contracted to find vulnerabilities in an organization, often the only output a customer sees is the final report without knowing exactly what happened in the background to reach that outcome. This blog dives into what a day in the life of an ethical hacker looks like.
Understanding The Environment
No two organizations are alike. An organization’s technology, culture, and habits determine the different attack vectors available to a threat actor. An ethical hacker must act on each new simulation with a customized approach to investigate the customer’s unique environment. To do this, an ethical hacker will explore an environment to answer certain questions such as:
What is the security posture of the organization?
What are the policies of the organization?
What are some habits by the employees within the environment? (e.g. IT team uses Welcome1 for newly onboarded users)
What technology is used? (e.g. Applications, Operating Systems, Software etc.)
What software is being highly used by the organization?
Finding answers to these questions is helpful because it allows an ethical hacker to understand how the organization operates and where the security gaps or vulnerabilities are located. Ultimately, this helps an ethical hacker know which attacks to prioritize and conduct first.
Unsurprisingly, a large chunk of an ethical hacker’s time is spent searching for vulnerabilities within the environment. Where the vulnerabilities lie will depend on the scope and objectives of the engagement. Sometimes this is an easy task with a clear path to compromising the entire environment due to an organization’s poor security posture. Other times it’s a complicated task that requires collaboration with colleagues, online searching and even additional learning due to the organization’s strong security posture or lack of experience with the technology stack being used in the environment. The experience of an ethical hacker plays a massive role in the level of success they have in attaining the objectives of the engagement. The more experience an ethical hacker has, the better their time is spent on actions that will fulfill the objectives.
Bypassing Security Solutions
Each organization deploys different security solutions depending on its needs and budget. Security solutions can sometimes complicate matters for an ethical hacker and force them to spend time finding ways to bypass the solutions in place. For the most part, bypassing security solutions is a cat and mouse game between security vendors and hackers. When a security vendor pushes out updates for their solution, it impacts ethical hackers in two ways. First, it deprecates a technique or bypass that was successfully used in previous engagements. Next, it forces them to spend their precious time coming up with another technique that can bypass the solution. Therefore each engagement brings surprises that an ethical hacker must contend with depending on the security solutions.
Due to the broad spectrum of technologies in today’s world, there are cases where an ethical hacker will encounter unfamiliar technology stacks. An ethical hacker must be able to get past the discomfort of exploring new territory and quickly learn and adapt.
It’s always best to reduce cases where an ethical hacker runs into unfamiliar technologies; therefore, they must, at the very least, have a fundamental understanding of the most common technologies being used by organizations.
Technology can be hacked or abused in multiple ways. Due to the countless software platforms and technology integrations available, ethical hackers must constantly update their knowledge. They must learn the ins and outs of different software and the nuances of a business’s IT infrastructure and integrations. An ethical hacker will explore and learn by engaging in the work through peers or post-engagement lessons learned.
Off-the-job learning is just as important as on-the-job learning. Off-the-job learning involves taking courses and certifications to ensure the ethical hacker is up to date with the current techniques and tactics used. It also requires an ethical hacker to be involved, passively or actively, in the cyber security community.
Involvement In The Cybersecurity Community
New techniques, vulnerabilities, and exploits are often announced on social media platforms and then may reach news outlets many hours or days later. As an ethical hacker, time is crucial. If an ethical hacker can get their hands on a new exploit before the defensive side can react, that could be a game-changer. Therefore ethical hackers spend a significant amount of time on social media platforms to ensure knowledge is quickly learned from the cybersecurity community.