Table of contents
The activity of hackers is already a media brand. Harsh" techies "in hoods that "gnaw" enemy systems day and night, and sometimes even "smash" the sites of villains with a single command line label – such a stereotype is offered by mass culture, primarily cinema.
However, movies and reality are very different, and if you learn the basics of hacking "from the movies" – there is a great risk of "making" problems with the law and a bad reputation before you get at least some significant income.
This article will analyze the main mistakes of novice hackers, how to start a career as a pentester, and what skills are required for a specialist in penetration testing.
If we talk about "white" hacking or pentesting, then this is not a profession where you can "learn once" and just go up the career ladder. A pentester is a specialist who is constantly learning, because the mechanisms and tactics of protection are constantly being improved, and hacking them using outdated techniques is ineffective.
Thus, hacking is not only a profession, but also a certain lifestyle that requires more time and effort from a specialist than many other specialties. If you don't understand this at the start, there is a high risk that you simply won't be able to build a career in pentesting.
If we talk about basic skills that are not directly related to the profession, then the main one is the ability to search for information. New techniques and vulnerabilities appear quite often, and information about them is rarely found on the main page of a popular publication – It is very likely that you will have to look for it "in the depths of specialized forums" or in research group reports. In this regard, an equally important skill is knowledge of the English language, since it contains disproportionately more materials.
Here it is important to understand that the thesis of some EdTech companies that "you can become a hacker without programming skills" is not entirely correct, since not using skills and not having them at all are two big differences.
In addition, an additional source of knowledge can be various events and hackathons that are held by specialized organizations, including participation in CTF games of various levels.
If you can't find a job for a specialist without experience, you can look for a paid internship. You can search for them both through aggregators, such as HeadHunter,and on the websites of large IT companies, or vice versa, highly specialized organizations that analyze security.
You can also take part in Bug Bounty programs. However, it is important to keep in mind that payment for bugs and vulnerabilities found does not come once a month, like a salary, and it may well take two or three months from submitting a report to receiving payment. Baghunting can be combined with both your main job and hacking training.
Pentesters regularly interact with sensitive information and the "inner kitchen" of large companies, so the issue of reputation and its "whiteness" is extremely important for any specialist.
Therefore, when interviewing for the position of a pentester, you should not brag that you hacked the website of your educational institution or the page of your ex-girlfriend in social networks as a teenager. Such questionable achievements can be considered as a potential propensity to use skills and access systems outside of direct tasks.
The second common mistake is to neglect complex training in favor of narrow specialization. This approach is justified and logical in the case of mature specialists, but it is disastrous for the career of a novice hacker.
The third mistake is not paying attention to legal issues. There is no universal recipe here, you just need to always keep in mind that even if you have a contract verified by the legal service, there may be excesses.
Another mistake that can happen to a novice hacker is the use of data obtained in the course of work for other purposes. Ideally, the pentester should "forget" everything that it saw in the client's infrastructure immediately after writing the report. It is easy to succumb to temptation, but even if you can avoid problems with the law, reputation problems will definitely arise, and the career of a "white" hacker will be guaranteed to be ruined.
The specifics of the profession are such that a specialist must have sufficiently high moral qualities, and it is good to understand that a pentester is a person who helps improve security, and not just hacks websites.
Thus, the work of a pentester or white hacker is much more complex and demanding than EdTech companies say. At the same time, the salary of the average specialist does not differ much from the salary of the same level of IT specialist.
The hacker profession largely determines the lifestyle of a specialist, affects him not only during working hours, but also after it, forcing him to sit late in the evening for analyzing analytics and new techniques. But in return, you can get interesting tasks, drive and the very "romance" of the profession.
- Who do you want to become
- How to become a hacker
- How to make money for a novice hacker
- Mistakes made by novice hackers
- Results
The activity of hackers is already a media brand. Harsh" techies "in hoods that "gnaw" enemy systems day and night, and sometimes even "smash" the sites of villains with a single command line label – such a stereotype is offered by mass culture, primarily cinema.
However, movies and reality are very different, and if you learn the basics of hacking "from the movies" – there is a great risk of "making" problems with the law and a bad reputation before you get at least some significant income.
This article will analyze the main mistakes of novice hackers, how to start a career as a pentester, and what skills are required for a specialist in penetration testing.
Who do you want to become
Before we talk about how to become a hacker from scratch, it is important to understand what it is for. If hacking is seen as a relatively easy way to get rich quickly, then it is the same as learning to rob banks. That is, a direct path to criminal liability, regardless of what technical heights a specialist can achieve.If we talk about "white" hacking or pentesting, then this is not a profession where you can "learn once" and just go up the career ladder. A pentester is a specialist who is constantly learning, because the mechanisms and tactics of protection are constantly being improved, and hacking them using outdated techniques is ineffective.
Thus, hacking is not only a profession, but also a certain lifestyle that requires more time and effort from a specialist than many other specialties. If you don't understand this at the start, there is a high risk that you simply won't be able to build a career in pentesting.
How to become a hacker
The basics of hacking and starting skills in the profession can be obtained in three ways::- Learn independently, with the help of tutorials, guides, and open laboratories with tasks for pentesters.
- After completing the appropriate training program. This can be a full-fledged higher education at a university or a course of an EdTech company, or a specialized organization specializing in the training of pentesters.
- Combined approach. A combination of program-based training with independent development of certain specialized skills.
If we talk about basic skills that are not directly related to the profession, then the main one is the ability to search for information. New techniques and vulnerabilities appear quite often, and information about them is rarely found on the main page of a popular publication – It is very likely that you will have to look for it "in the depths of specialized forums" or in research group reports. In this regard, an equally important skill is knowledge of the English language, since it contains disproportionately more materials.
Here it is important to understand that the thesis of some EdTech companies that "you can become a hacker without programming skills" is not entirely correct, since not using skills and not having them at all are two big differences.
In addition, an additional source of knowledge can be various events and hackathons that are held by specialized organizations, including participation in CTF games of various levels.
How to make money for a novice hacker
At the end of 2022, there are about fifty active vacancies for pentesters on the HeadHunter website. However, most companies are looking for specialists with two years or more of professional experience.If you can't find a job for a specialist without experience, you can look for a paid internship. You can search for them both through aggregators, such as HeadHunter,and on the websites of large IT companies, or vice versa, highly specialized organizations that analyze security.
You can also take part in Bug Bounty programs. However, it is important to keep in mind that payment for bugs and vulnerabilities found does not come once a month, like a salary, and it may well take two or three months from submitting a report to receiving payment. Baghunting can be combined with both your main job and hacking training.
Mistakes made by novice hackers
It is important to understand that no level of technical skills, no number of vulnerabilities found, or other "cool hacker markers" will allow a specialist to find a job if they are not trustworthy.Pentesters regularly interact with sensitive information and the "inner kitchen" of large companies, so the issue of reputation and its "whiteness" is extremely important for any specialist.
Therefore, when interviewing for the position of a pentester, you should not brag that you hacked the website of your educational institution or the page of your ex-girlfriend in social networks as a teenager. Such questionable achievements can be considered as a potential propensity to use skills and access systems outside of direct tasks.
The second common mistake is to neglect complex training in favor of narrow specialization. This approach is justified and logical in the case of mature specialists, but it is disastrous for the career of a novice hacker.
The third mistake is not paying attention to legal issues. There is no universal recipe here, you just need to always keep in mind that even if you have a contract verified by the legal service, there may be excesses.
Another mistake that can happen to a novice hacker is the use of data obtained in the course of work for other purposes. Ideally, the pentester should "forget" everything that it saw in the client's infrastructure immediately after writing the report. It is easy to succumb to temptation, but even if you can avoid problems with the law, reputation problems will definitely arise, and the career of a "white" hacker will be guaranteed to be ruined.
Results
It is impossible to learn hacking once and become a ready-made specialist. The training of a pentester is continuous, the set of competencies can be quite different, depending on the specific specialization, but this does not exempt you from knowing the basics.The specifics of the profession are such that a specialist must have sufficiently high moral qualities, and it is good to understand that a pentester is a person who helps improve security, and not just hacks websites.
Thus, the work of a pentester or white hacker is much more complex and demanding than EdTech companies say. At the same time, the salary of the average specialist does not differ much from the salary of the same level of IT specialist.
The hacker profession largely determines the lifestyle of a specialist, affects him not only during working hours, but also after it, forcing him to sit late in the evening for analyzing analytics and new techniques. But in return, you can get interesting tasks, drive and the very "romance" of the profession.
