Threats to digital infrastructures now evolve as fast as our digital world does – so ethical hacking (AKA penetration testing) is an issue Military leavers are directly concerned with, because it’s vital to global cybersecurity for businesses, governments and militaries.
What is ethical hacking?
Ethical hacking involves deliberately (but legally) infiltrating computer systems, networks and apps to determine and mitigate potential vulnerabilities before criminals can exploit them.
This field offers exciting career prospects for Military leavers, who make ideal candidates with their defence experience, adaptability and problem solving capabilities. Planning your entry into the industry involves understanding the knowledge and qualifications required for diverse cybersecurity roles.
Types of ethical hacking
As a Military leaver you might begin as a novice, or your prior defence and systems experience could lend you to specialisations including:
- Network Security Testing: assessing network security by identifying open ports and vulnerabilities in related devices.
- Web Application Testing: evaluating web application resilience to vulnerabilities like SQL injection, cross-site scripting (XSS) and more.
- Wireless Network Testing: testing wireless network security (including WiFi) to eliminate unauthorised access points.
- Social Engineering Testing: a human-centric practice attempting to trick employees into revealing information or otherwise compromising security.
- Physical Security Testing: using techniques like access control bypassing, lock-picking and more to assess physical network security.
The nature of the cyber industry means your career will undoubtedly evolve.
Ethical hacking involves specific technical knowledge and problem solving capabilities – skillsets Military leavers innately possess – but a successful cybersecurity career requires filling significant skills and knowledge gaps:
- Keeping pace with AI and machine learning means constantly monitoring emerging threats, technologies and practices, and knowing which legal and ethical standards affect hacking.
- Creating effective, adaptive security scripts and strategies requires fluency in programming and scripting languages including Python, C, C++, Java, Bash and PowerShell.
- Developing familiarity with physical security like network scanners and digital tools like Metasploit and Burp Suite; and learning in-depth how wireless tech (WiFi, Bluetooth) works.
TechVets Members have stated repeatedly how crucial planning, autonomous study and hard work are essential to forging a post-Military cybersecurity career. Earning a recognised qualification significantly improves your employment prospects.
If you can, start researching career routes and their associated qualifications before leaving the Military. Widely recognised qualifications include:
- Certified Security Analyst (ECSA) builds on CEH, incorporating practical labs and exams.
- GIAC Penetration Tester (GPEN) from GIAC focuses on testing techniques including network and system reconnaissance, vulnerability assessment, and exploitation.
- Certified Penetration Tester (CPT) from Mile2 covers areas including networks, web applications, and wireless security.
- Certified Penetration Testing Consultant (CPTC): Offered by Mile2, the CPTC certification is aimed at professionals who want to become expert penetration testers. It includes a comprehensive exam and practical assessment.
- Offensive Security Certified Professional (OSCP) from Offensive Security is hands-on, culminating in a tough system exploitation exam.
- Certified Information Security Manager (CISM) from ISACA is geared toward information security management professionals.
- CPSA course leads to the CREST Practitioner Security Analyst (CPSA) examination, an entry-level qualification that tests a candidate’s knowledge in assessing operating systems and common network services at a basic level below that; of the main CRT and CCT qualifications.
- CRT the CREST registered penetration tester exam is a practical assessment where the candidate will be expected to find known vulnerabilities across common network, application and database technologies and a multiple choice section to assess the candidate’s technical knowledge.
- CSTM (Cyber Scheme) The course is designed to help each and every candidate to be a confident, skilled, well-rounded cybersecurity professional with proven and tested skills in the current threat theatre.
- Certified Web Application Security Tester (C-WAST) from EC-Council, is focused on web application security and testing methods.
- Certified Professional Ethical Hacker (CPEH) from Mile2 consolidates ethical hacking skills like social engineering, wireless network security and more.
- CompTIA Security+ isn’t an ethical hacking certification, but is often required for more advanced certifications as it covers foundational cybersecurity concepts.
Right now, there’s a huge demand for cybersecurity professionals to meet increasing cyber threats and attacks across government, finance, healthcare, technology and more.
The shortage of qualified cyber experts has created a big jobs market offering attractive salaries and benefits including diverse employment and travel opportunities, continual skills development and scope to evolve into consultant or management roles.
Cybersecurity evolves as fast as the technology it oversees. Once your career has begun, you’ll need to keep updating your knowledge and skills to stay sharp and relevant.
Build your reputation by talking to other Military leavers who are actively working in cybersecurity, attending industry events and becoming a member of cybersecurity communities. The TechVets Discord community is here to support you in finding, asking and doing all of these things.