Approximately 112,300 information security analysts are employed in the United States; professional hackers comprise a small percentage of this total. Major employers include companies (e.g., banks, financial firms, utilities, hospitals), colleges and universities, and government agencies that want to test their information security systems, and consulting firms that provide such services to these organizations. Some work as white hat hackers part-time, collecting bounties when they identify an issue, and work in other computer-related positions the rest of the time.
There are many ways to become a professional hacker. Some people first enter the IT industry as technical support specialists, gradually obtaining experience, education, and certifications that qualify them to work in network support or administration roles, and then as network engineers. With even more experience and specialized security certifications, an engineer can apply for information security positions or, in their free time, try to earn bounties offered by corporations for successfully identifying security issues.
Some aspiring white hat hackers receive IT training in the military or with intelligence agencies (such as the FBI or National Security Agency), eventually seeking out information security positions after they’re discharged. Military or intelligence service experience is appealing to potential employers who often require security clearances.
You can learn about job opportunities by visiting the Web sites of companies that employ professional hackers, using the resources of your college’s career services office, or by attending networking events held by professional associations. Another good resource is the National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/workforce-development/cybersecurity-careers). It provides information on cybersecurity jobs.
Most people don’t work as professional hackers their entire careers. Many use this position as a launching pad to move into positions as information security analysts, who look more at the big picture of how to protect an organization’s computer systems and networks from unauthorized intrusion by cyber attacks. Analysts with considerable experience and skill can advance to the position of information security manager and then to chief information security officer. Some become Internet security consultants or professors.
Visit the following Web sites for job listings:
Attend DefCon (https://www.defcon.org), the world’s longest-running and largest underground hacking conference, to network and learn about the field. The conference is held each summer in Las Vegas. Other noteworthy conferences include the High Technology Crime Investigation Association’s International Conference and Training Expo (https://www.htciaconference.org) and the Information Systems Security Association International Conference (https://www.issa.org/?page=Conference).
Visit https://www.computer.org/publications/tech-news/career-watch to check out Career Watch: Resources to Manage Your Career.