High School

Take as many computer science classes as possible—particularly in programming, database management, computer security, and software design. In addition to computer classes, join your school’s computer or technology club and ask your computer science teachers to assign you special projects to work on in the computer lab or at home. Other useful classes include English, speech, mathematics, science, psychology, business, and social studies.

Postsecondary Education

Many colleges and universities offer degrees in computer or information security. If your college doesn’t offer such a major, you can earn a bachelor’s degree in programming, database management, computer science, or networking and a minor in computer security, or earn a graduate degree in information security. Some employers prefer to hire those with a master’s of business administration in information systems. Many programs require the completion of at least one internship in computer security. Visit https://niccs.us-cert.gov/education/internship-opportunities for a list of internship programs. 

Other Education or Training

It’s extremely important for professional hackers to continue to learn throughout their careers because black hat hackers are constantly devising new ways to break into secure networks or create other types of computer and Internet chaos. Professional associations and government agencies often provide continuing education (CE) opportunities. For example, SANS Institute offers webcasts—such as Is Active Breach Detection the Next-Generation Security Technology?; Mobile Data Loss: Threats & Countermeasures; Expect the Unexpected, Preparing for the Inevitable Cyber Breach; and Open Season on Cyberthreats: Threat Hunting 101—as well as a variety of other professional development opportunities. Employees of the federal government can access the Federal Virtual Training Environment, a multimedia e-learning environment that offers video-recorded lectures, demos, and hands-on labs about ethical hacking skills, traffic analysis, risk management, malware analysis, network monitoring, and software assurance. Continuing education classes, webinars, seminars, and workshops are also provided by the Association for Computing Machinery, CERT Coordination Center, CompTIA, High Technology Crime Investigation Association, IEEE Computer Society, Information Systems Security Association, and (ISC)².

Certification

Some colleges and universities offer undergraduate and graduate certificates in Internet security, computer science, programming, database management, and related areas. For example, the University of Maryland offers the following graduate certificates in cybersecurity: Cybersecurity Management and Policy, Cybersecurity Technology, and Information Assurance. Contact schools in your area to learn about available programs.

The IEEE Computer Society offers certificates of achievement to those who complete the following security-related courses: Secure Software Coding, Foundations of Software Security, Secure Software Design, Managing Secure Software Development, and Cloud Computing In the Business Environment.

Earning an information security certification is important for career success. Those who are certified have more industry knowledge and better opportunities for promotion than those who are not, and may have higher salaries.

One popular certification is the certified ethical hacker credential, which is available from the EC-Council. To receive it, applicants must have two years of experience in the computer security industry and pass an examination. The EC-Council offers many other certifications, including certified network defender, certified threat intelligence analyst, security analyst, licensed penetration tester, incident handler, forensic investigator, encryption specialist, and network defense architect. Here are some other organizations and companies that provide popular certification programs:

• Cisco: certified network professional, certified security professional
• CompTIA: security+ and many more
• Global Information Assurance Certification: cyber defense, penetration testing, incident response and forensics, and many more
• ISACA: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), CSX Cybersecurity Practitioner Certification (CSX-P), and Certified Data Privacy Solutions Engineer (CDPSE)
• (ISC)²: CISSP Certified Information Systems Security Professional, SSCP Systems Security Certified Practitioner, CCSP Certified Cloud Security Professional, CAP Certified Authorization Professional, CSSLP Certified Secure Software Lifecycle Professional, HCISPP HealthCare Information Security and Privacy Practitioner, CISSP - ISSAP Information Systems Security Architecture Professional, CISSP - ISSEP Information Systems Security Engineering Professional, CISSP - ISSMP Information Systems Security Management Professional, and Associate of (ISC)²

Other Requirements

Many employers conduct a background check, which may include a drug test, for new hires. Some require hackers to be U.S. citizens.

Previous experience or knowledge of penetration testing, software development, web application security, firewalls, databases, mobile device security, vulnerability scanning, and related disciplines and practices is highly recommended.

To be a successful professional hacker, you should be inquisitive, curious, persistent, a good problem solver, attentive to detail, and willing to spend many hours at the computer. You’ll also need strong oral and written communication skills in order to effectively convey your findings to your employers. Good interpersonal skills come in handy because in addition to technical skills, you’ll need to be able to work well with others. You also need a thick skin. You might find a major vulnerability, but your employer might not take it as seriously as you do or brush it off as a problem that’s too costly or time-intensive to fix. Other important traits include strong ethics, good organizational skills, a competitive personality, and a willingness to continue to learn throughout your career.

Professional hackers need an understanding of a diverse range of technologies (such as databases, middleware, routers, firewalls, mobile devices, enterprise applications, and web application languages), skill using vulnerability management schools (e.g., vulnerability scanners, configuration monitoring, file integrity monitoring, etc.), as well as a broad understanding of the security field. Broad knowledge and communication skills are often listed as being important in surveys of security professionals.