Learning ethical hacking involves studying the mindset, tools and techniques of hackers and penetration testers to learn how to identify, triage and correct vulnerabilities in software and computer networks. Studying ethical hacking can be useful to employees in a variety of job roles, including network defender, risk management, software developer, quality assurance tester, management and legal. Additionally, pursuing ethical hacking training and certifications can benefit those seeking a new role or wanting to demonstrate skills and value to their organization.
Understanding the Hacker Mindset
The most obvious benefit of learning ethical hacking is its potential to inform and improve how a corporate network is defended. The primary threat to organizational network security is a hacker: learning how hackers operate can help network defenders identify, triage and prioritize potential threats and learn how to best remediate them.
Network defenders operate at a severe disadvantage to hackers. A hacker only needs to identify and exploit a single vulnerability to gain a foothold in a network, while a defender theoretically needs to identify and correct all potential vulnerabilities in the network’s internal and perimeter security.
In practice, it is impossible to completely remove all risk from a network and a defender needs to be able to weigh the probability of exploitation and expected impact of each potential threat and assign limited resources to minimize the probability of a successful attack. In order to be successful at this, a defender needs to be able to think like a hacker. Training in ethical hacking can help a network defender develop this mindset.
Development and Quality Assurance
The roles of ethical hacker and quality assurance tester have a lot of overlap. In both cases, the role of the tester is to verify that software functions correctly both under normal and extreme conditions. With today’s rapid development (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/7Q9yzkx0n9g/