Ethical Hacking: Expectation Vs Reality

The movie scene-yes!

Your lead character is trying to steal secret military files from the government. Or he is about to infect one of the banks with a terrible TERRIBLE bug.

But then just at the damn moment of climax, he is busted!
The next day, he appears on what seems to be an investigation room. He is approached by a boring, middle-aged man who says, "My name is this and this. I'm the computer security expert of this facility."


Why are black hat hackers and white hat hackers so different? Why do the security experts always have to be a middle age man in tie and coat? Why does it seem like his job has bored him to death?

Are all ethical hackers just like him? Do they also get THE FUN out of their job like black hat hackers do? If you know some hacking, why don't you break the bank vaults open in daylight? Enjoy the rest of your life? How much do they even get paid?

For me, it feels like these ethical hackers are a bunch of cowards who are scared to actually do something despite having the knowledge. But is it true only because I feel like it?

It is difficult to separate fact from fiction. That's why I wrote this blog post. The expectations and realities of being an ethical hacker, before you ladies and gentlemen:

Who am I to even speak about it?

Who do you think wrote your textbook about Einstein's mass-energy relation? Was it Einstein himself? If not, why does the author have the right to write about it?

One million books are published each year in the US alone. Are they all brand new ideas?

No. Authors are also highly smart people who have this endless power to research. They study extensively on some particular topic and publish what they learnt. That is exactly what I'm doing here. I don't have a degree. But I've done a heck lot of research before I started writing. I guess that's what matters!

Why should you listen?

So that next time you think of an ethical hacker, you don't just imagine a middle aged man bored behind his ugly computer! Ethical hackers are people like you, and they have their own tastes. Not all scientists wear aprons!

So in the following writing I'm going to narrate what you expected correctly or incorrectly, what things you overestimated and underestimated. The points are jumbled, only to add some spice.

1) You think they're less smarter than the black hat hackers

Your favorite black hat hacker is a cheat who searches for faults in the system. After he finds one, he exploits it to his advantage. After he has taken the money he wants or service he desires, he's going to dump it. Or even worse: disrupt the whole system.

But the work now falls to the ethical hacker. He has to know everything that the thief hacker did and something more. Because you cannot solve a problem with the same intelligence that created it. Black hat hackers just find a buggy problem. But ethical hackers have to goddamn fix it!

A thief hat hacker is like a child who cannot close a jar lid after he opens it. Ethical hackers have to do the job. And they do it PERFECT.

2) You think that they don't like their job

Quote: The best coders are those who play around by themselves.

Here's an excerpt of an interview of an ethical hacker, Ben Miller. The complete interview, originally appeared in can be found here.

What drove you to choose your career path?

"I knew from a young age that I was interested in computers...Luckily, my father bought a family computer when I was in grade school. I learned neat tricks on Windows 3.1 and MSDOS like 'DELTREE' which deleted an entire file structure and how to change colours on the background...However, it wasn't until I saw the movie Sneakers that I realized just how much potential there was for my interest in computers....I had always been drawn to technology, but seeing the potential of it, maybe also the 'coolness' factor too, and how it could be used to do good in the world, that really excited me."
The complete interview, originally appeared in can be found here.

See? An ethical hacker is just like any kid interested in hacking. They just find a responsible way to perform their hobby. And actually get paid for it.

3) You think that an ethical hacker needs an education degree

You're busted.
In another one of such interviews, another ethical hacker Jamie Woodruff says this:
" My time at school was not successful. I got Cs, Ds, Es and Fs in everything except IT GCSE, and didn't really care at that time...I dropped out of Blackburn College later on and began working at an old people's home...After I decided to have another crack at formal education, I built a bot that sent application letters to every university in the country."

In a hackathon event, Jamie was singled out as the best performer and won a prize. Jamie now 'fixes stuffs' for a variety of business and government organizations.

Did he mention "I learnt all of my stuffs from my teacher" in any part of his interview? If you can save a bank or an office from online invasion, they won't ask for your certificates, trust me.

However, it is always good to have a degree. Otherwise, you have to do something very BIG every time you want a job.

4) You think that an ethical hacker secures a single organizations and he is bound to his 'job'

Glenn Grant, an ethical hacker, worked as a security analyst after graduating from Canberra University. He then joined a local tech startup. Then came the next big thing: he co-founded his own company, HACT.

See? You aren't bound to anything.

You offer to check the vulnerability of an organisation. Once the bug has been fixed or you've tracked an intruder, you can leave. You don't owe them anything. You start the same job somewhere else.

And if you actually like a suited-booted stable job, no problem. They need someone like that as well. You just have to be smart enough.

5)You think much of ethical hacking happens in front of the screen

This is a myth behind any kind of hacking shown in the pictures.

In the movies, hacking is shown as an intense activity in which the hacker types very fast on his keyboard. And worse- he doesn't even see what he's typing! Numerous pop-ups appear before him at such short time that nobody is able to read. But the hacker can! And within minutes of randomly typing jargon, he succeeds to break in.

It cannot get more dramatic than that.
 Almost all hacking happens inside the head of the real hacker. And the pop-ups don't appear so fast. And the intense background music certainly doesn't play in real hacking, of course. *giggles*

6) You see no reason why ethical hackers work for a low paying job when they can earn SOMETHING

Forget the salary for a moment. Lets talk about the importance of an ethical hacker. If you haven't known yet, let me introduce you to the Dark Web.

All of the millions of websites that you see-Youtube, Amazon, Instagram and search engine sites like Google are only a small fraction of the Internet out there. A vast body of the Internet is hidden from the public. Child trafficking, weapon deals, drug trafficking, cyber warfare: all the bad stuffs happen in the Dark Web.

You don't need an atom bomb or biological weapons today to win the war. Find a way to disrupt the system of a country and that country will starve to death before your eyes!

In such critical moment, ethical hackers come in to prevent anything that could harm a law abiding person or entity.

Imagine you're the CEO of a bank and you're getting threats of a big-ass digital robbery. And an ethical hacker solves the problem by securing your system flaws. How much will you pay him depends on how much you'd lose if he wasn't around, right?

Although the average salary of an ethical hacker is $95,000 per year in the US, I'm sure a lot more business happens inside closed walls to pursue an ethical hacker to secure the network. There is no clear line.

A black hat hacker is in constant fear of being caught. An ethical hacker isn't. You can remain an anonymous ethical hacker if you like. You do your job from anywhere(you'd need to have an advanced computer, however). Anyone would salivate on a job like that.

So there you are, my friend. It is as fun to be an ethical hacker as it is to be a black hat. You'll just won't need the mask.
Or you may bring one to the office if you like.

Samin Gurung is a young freak who thinks the kick and fun in learning is more important than the facts. He makes science tolerable in his blog Samin Blogs.