Skip to content

Trending tags

So you want to be an ethical hacker? 21 ways to get started

Melissa Michael

22.12.17 3 min. read

The cyber security job market is experiencing a major workforce shortage. Millions of positions will be unfilled in the next few years as companies try to shore up their defenses against threat actors in our connected world. If you’re technically inclined, and if you’re willing to work hard, there’s a place for you.

For the second episode of our new podcast, F-Secure principal security consultant Tom Van de Wiele sits down to talk about what it takes to break into this exciting and rewarding field as an ethical hacker or security consultant. What exactly is a hacker, anyway? What kind of background do you need to become one? How valuable are conferences and certifications? What kind of questions will you be asked in a job interview? Tom answers all these questions and more. Listen to episode #2 here.

Plus, here are Tom’s top 21 tips for getting started in infosec:

  1. Read books, magazines, articles, and blog posts. Don’t get hung up on one book, publication or author.
  2. Don’t get hung up on a certain technology or the users of that technology. It’s just bits and bytes. Technical religion will stifle your progress.
  3. Hone your communication and presentation skills. You’ll need not only technical chops, but also to be able to explain why certain things might be a problem and how to improve them. Proficiency in English in written and spoken form, on a technical and executive level is also important.
  4. Learn how to program in a few languages and learn them well.
  5. Learn about cryptography by doing.
  6. Play wargames and hack to learn, don’t just learn to hack. Cryptopals and OverTheWire are good ways to start.
  7. Read more.
  8. Learn how to take apart and reverse engineer software and hardware. Find your own vulnerabilities and understand how they work. Fuzzing is great but you need to understand what it is you are doing and understand whatever vulnerabilities you will come across.
  9. Contribute to an open source software project.
  10. Learn about operational security and privacy.
  11. Find likeminded people as part of research groups, hacker/maker spaces, social media and free or cheap meet-up possibilities.
  12. Learn about security management concepts and what processes make up a sound information security strategy.
  13. Learn TCP/IP on an expert level and learn how to do packet crafting.
  14. Know operating systems. Well.
  15. Refurbish an old laptop, run virtual images with different operating systems and test out attacks and defenses.
  16. Try out new code and tools and learn how to adapt them to your needs. Don’t just trust anything coming from the internet though.
  17. Did I say read?
  18. Install some games and try to cheat at them on your own machines and network. Can you hook up a bot or computer player to the game and make the computer play itself?
  19. Hackers write tools. Write your own tools and publish them. Try to scratch an itch for a particular subject. Not just for yourself, but for the whole community.
  20. Teach someone else. Explaining something to someone else when they need it not only helps you better understand, it also ensures we keep the community going by giving back.
  21. Always, always keep it legal.

Do you have questions for Tom? Check out his “Ask Me Anything” session on Reddit.

For free infosec training materials from F-Secure, check out our Cyber Security Base course. And while you’re at it, stop by our Career pages to see our openings.


Photo by Jefferson Santos on Unsplash

Melissa Michael

22.12.17 3 min. read



6 comments on So you want to be an ethical hacker? 21 ways to get started
  1. EwaLena Svanberg says:

    How much is THE cost of One year of F Secure. I am just using My IPad maybe One hour in THE afternoon. How much is THE cost for One year?

    Best regards

    EwaLena Svanberg

  2. Jason says:

    Thanks for asking. You can find out more about our SAFE solution for all devices here:

  3. Rule 21 should be emphasized a lot more. I did a virtual RAT(remote access trojans) attack from one image to the other at school and the people did not like how I was able to do it because apparently using RATs is illegal according to my professor… Even in reverse hacking and learning…

  4. Hi,
    Just getting into computer science, and I feel like I’m picking it up well. I’ve always been drawn to ethical hacking and pentesting. How much of the physical part of pentesting relies on solid acting skills? I ask because I’m a great actor and I’m wondering if I could essentially ‘audition’ for a job before I have much of a CS portfolio.

  5. Eric says:

    Thank you for this! You clearly emphasize the importance of reading on the subject, and I recognize the importance of not getting hung up on an author or book – but the trouble I’ve had is where to start. Ive gotten lost on jargon and acronyms frequently, which result in side research and getting sidetracked. Do you have any readingrecommendations To get started?

    Thanks again!

  6. Andrew says:

    Feel free to get lost on jargon and acronyms. That’s a significant part of the learning process. The deeper you can dive, the more interesting and arcane things you’re likely to discover.

Comments are closed.

Leave a comment

Oops! There was an error posting your comment. Please try again.

Thanks for participating! Your comment will appear once it's approved.

Posting comment...

Your email address will not be published. Required fields are marked *

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.