Ethical hackers are employed to protect networks and computers from attacks from unethical hackers who illegally penetrate computers to access private and sensitive information. Though they possess technical skills like those of an unethical hacker, an ethical hacker uses these skills for protection. Using advanced software, an ethical hacker attempts to penetrate his company's system in much the same way a hacker does. The goal is to uncover any weak areas in the system. Once a weakness is found, it is patched. As part of the security team, the ethical hacker also ensures that the system is firewalled, security protocols are in place and sensitive files are encrypted.
An ethical hacker conducts advanced penetration tests to identify vulnerabilities in computer systems, which could be penetrated by malicious intruders. This requires familiarity with the infrastructure of the company and its business operations. It also requires the ability to analyze risk assessment and put in place measures to control vulnerable areas. The ethical hacker must simulate breaches to network security and develop measures to lock down areas of risk. An ethical hacker must strive to ensure that any information that could damage the reputation or finances of an organization or its clients does not fall into the wrong hands.
An ethical hacker must have a bachelor's degree in information technology or an advanced diploma in network security. He needs extensive experience in the area of network security and a working knowledge of various operating systems. Areas of expertise include a sound working knowledge of Microsoft and Linux servers, Cisco network switches, virtualization, Citrix and Microsoft Exchange. A working knowledge of the latest penetration software is essential. The International Council of E-Commerce Consultants, or EC-Council, certifies professionals as certified ethical hackers and as certified network defense architects if they work for select agencies of the federal government.
Ethical hackers must search the software environment for vulnerabilities and -- upon finding one -- explore its potential as a risk. She must then fix it and remove the security risk. Daily tasks to check security include monitoring incoming and outgoing data, overseeing Microsoft Exchange activity and reverse engineering malware to determine its threat level. The ethical hacker also is responsible for the dissemination of relevant information to company directors and employees relating to security. This includes password policy and file encryption. Wireless networks require more advanced security protocols and stricter user controls, and the ethical hacker must conduct ongoing tests to mitigate solutions for possible vulnerabilities.
Ethical hackers can work for large government agencies, large corporations or small companies -- any entity that has a computer network and IT department. Universities, colleges and schools also may require an ethical hacker to do security risk assessment. All large networks have an IT security team, of which the ethical hacker is a member. Ethical hackers interact with other members of the IT department security team to provide ongoing improvements and adaptation to the changing world of computer security. Some companies may employ several network security engineers, one of which specializes in ethical hacking.