Ethical Hacking or Penetration Testing had always been a career sought after by many. It is glamorous. It pays well. It also tickles the small little devil inside all of us. However, as everything else, Ethical Hacking as a career is also undergoing change. Those who can adapt shall flourish and others shall perish. So, here are the top trends to look out for.
1. Beyond Hacking. Learn how to build programs
Just testing is a small part of the game. You may consider how to help organization build strong application security programs and practices. This could be an opportunity to shift and grow from ethical hacking.
2. Knowing to break is not good enough. Learn Prevention.
Breaking looks awesome. It is sexy. But the glory is just for a short time. Preventive techniques (mostly) have a longer shelf life than a breaking technique. The future will have more opportunity for persons knowing both breaking and prevention. So you need to understand WAF, SIEM, Secure SDLC etc so that you can not only break but suggest/help in prevention.
3. Network Penetration Testing is dead.
Well, it is not completely dead but it is in dead bed. 10 years back there were tons of organizations spending 100K for conducting Network Penetration Testing and Ethical hacking. Today automated Vulnerability Assessment is good enough for the management to put the same money of Application Security Testing. Only handful of organizations will spend money to do a “Real Network Penetration Testing” today.
4. Web and Mobile Application Security Testing jobs are on the rise.
Well that’s not news. Everybody knows it. There are a couple of billion mobile and web apps and less that 10% are being tested. This is one of the fastest growing sector in the security market.
5. Learn to hack IOT
IOT hacking is on the rise. Most of the IOT companies are startups with little expertise in security unlike the major players who have stronger programs in place. Testing of IOT devices shall be an emerging need and a potential opportunity to develop your career.
6. Beware. Web and Mobile Testing is getting more and more automated
There are several players in the market who are automating web and mobile app security testing to a high degree. Prices are going down. Quality is going up. So, sometime soon (5 to 10 years) Application Security Testing will meet the similar (not same) fate as that of Network Penetration Testing. Application security Testing shall always have the logical element of testing which will remain tough and unsolvable using 100% automation (Turing Problem).
7. Gaining skills in deeper Business Logic Testing, Code Review, Architecture review is important
Since Application Security Testing is getting more and more automated, Ethical hackers should focus more learning the logical flaws, gain domain knowledge. For example automated testing will do a lousy job in detecting complex vulnerabilities which need great domain knowledge of Banking Applications. So there lies the future (even the present).
8. Running scripts/tools is not enough. Understanding the design, code and logic is critical for career growth.
Running tools can only take you to some distance. To move beyond and become more successful you need to understand the code, the design and the logic. Ethical Hacking is getting tougher and tougher. There was a time when knowing simple tricks were enough. Today the maturity of most products and organizations is getter better. So acquiring deeper understanding is key for future growth.
Comments