What skills does a ethical hacker need?

A ethical hacker needs 34 essential skills including building systems monitoring technology, ethical hacking principles, computer forensics, computer programming, ICT network security risks. Core competencies include Problem Solving, Creative Thinking, Digital Fluency.

Will AI replace ethical hacker jobs?

The AI disruption score for ethical hacker is 66/100 (high risk). Some tasks may be automated but the role will evolve rather than disappear entirely.

Infocomm TechnologyInformation and communications technology professionalsISCO 2529

ethical hacker

Ethical hackers perform security vulnerability assessments and penetration tests in accordance with industry-accepted methods and protocols. They analyse systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses.

Do You Have the Skills for This Role?

Core competency requirements inferred from the occupation's skill profile. Take the free assessment to see how you match.

Must-Have Skills (Advanced)

Problem SolvingAdvanced

Creative ThinkingAdvanced

Digital FluencyAdvanced

Supporting Skills

CommunicationIntermediate

Learning AgilityIntermediate

European Skills Framework

Skills and knowledge areas required for this occupation based on European classification.

Essential (34)

building systems monitoring technologybuilding systems monitoring technologyComputer-based control systems that monitor mechanical and electrical equipment in a building such as HVAC, security and lighting systems.ethical hacking principlesethical hacking principlesThe set of actions that are carried out to detect vulnerabilities within a computerised system in order to improve security within an organisation. They aim to identify and address data breaches and t...computer forensicscomputer forensicsThe process of examining and recovering digital data from sources for legal evidence and crime investigation.computer programmingcomputer programmingThe techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms (e.g. object oriented programming, functional programming) a...ICT network security risksICT network security risksThe security risk factors, such as hardware and software components, devices, interfaces and policies in ICT networks, risk assessment techniques that can be applied to assess the severity and the con...ICT security standardsICT security standardsBest practices and guidelines established for securing information and communication technology (ICT) systems and data. Standards as is the case of ISO 27000 series, provide a framework for implementi...software anomaliessoftware anomaliesThe deviations of what is standard and exceptional events during software system performance, identification of incidents that can alter the flow and the process of system execution.attack vectorsattack vectorsPaths or methods that threat actors use to exploit vulnerabilities in information networks or systems from a concrete organisation and impact its availability, integrity and confidentiality. Attack ve...cyber attack counter-measurescyber attack counter-measuresMethods, technologies and techniques used to defend (detect, monitor and recover) against cyber attacks. These cyber attacks include several attack vectors such as malware, denial of service (DoS) att...security engineeringsecurity engineeringInterdisciplinary field of study that focuses on the realisation of secure systems and the technology to protect individuals or information from malice, errors, or unauthorized access. It involves def...ICT system integrationICT system integrationThe principles of integrating ICT components and products from a number of sources to create an operational ICT system, techniques which ensure interoperability and interfaces between components and t...tools for ICT test automationtools for ICT test automationThe specialised software to execute or control tests and compare predicted testing outputs with actual testing results such as Selenium, QTP and LoadRunner.cyber securitycyber securityThe methods and best practices that protect ICT systems, networks, computers, devices, services, processes and people against unauthorised access, modification and/or denial of service of assets.web application security threatsweb application security threatsThe attacks, vectors, emergent threats on websites, web applications and web services, the rankings of their severity identified by dedicated communities such as OWASP.legal requirements of ICT productslegal requirements of ICT productsThe international regulations related to the development and use of ICT products.ethicsethicsThe philosophical study that deals with solving questions of human morality; it defines and systemises concepts such as right, wrong, and crime.ICT infrastructureICT infrastructureThe system, network, hardware and software applications and components, as well as devices and processes that are used in order to develop, test, deliver, monitor, control or support ICT services.penetration testing toolpenetration testing toolThe specialised ICT tools which test security weaknesses of the system for potentially unauthorised access to system information such as Metasploit, Burp suite and Webinspect.operating systemsoperating systemsThe features, restrictions, architectures and other characteristics of operating systems such Linux, Windows, MacOS, etc.execute social engineering testsexecute social engineering testsPerform simulated social engineering attacks to identify vulnerabilities in an organization's security posture. Social engineering tests may involve phishing emails, pretexting, or other forms of mani...manage system securitymanage system securityAnalyse the critical assets of a company and identify weaknesses and vulnerabilities that lead to intrusion or attack. Apply security detection techniques. Understand cyber attack techniques and imple...communicate with stakeholderscommunicate with stakeholdersFacilitate communication between organisations and interested third parties such as suppliers, distributors, shareholders and other stakeholders in order to inform them of the organisation and its obj...use scripting programminguse scripting programmingUtilise specialised ICT tools to create computer code that is interpreted by the corresponding run-time environments in order to extend applications and automate common computer operations. Use progra...implement ICT risk managementimplement ICT risk managementDevelop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company's risk strategy, procedures and policies. Analyse ...execute ICT auditsexecute ICT auditsOrganise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issu...execute software testsexecute software testsPerform tests to ensure that a software product will perform flawlessly under the specified customer requirements and identify software defects (bugs) and malfunctions, using specialised software tool...monitor system performancemonitor system performanceMeasure system reliability and performance before, during and after component integration and during system operation and maintenance. Select and use performance monitoring tools and techniques, such ...analyse the context of an organisationanalyse the context of an organisationStudy the external and internal environment of an organisation by identifying its strengths and weaknesses in order to provide a base for company strategies and further planning.engage with stakeholdersengage with stakeholdersUse a variety of processes that result in mutually negotiated agreements, shared understandings and consensus building. Build partnerships within the work context.develop code exploitsdevelop code exploitsCreate and test software exploits in a controlled environment to uncover and check system bugs or vulnerabilities.address problems criticallyaddress problems criticallyIdentify the strengths and weaknesses of various abstract, rational concepts, such as issues, opinions, and approaches related to a specific problematic situation in order to formulate solutions and a...identify ICT system weaknessesidentify ICT system weaknessesAnalyse the system and network architecture, hardware and software components and data in order to identify weaknesses and vulnerability to intrusions or attacks. Execute diagnostic operations on cybe...perform ICT security testingperform ICT security testingExecute types of security testing, such as network penetration testing, wireless testing, code reviews, wireless and/or firewall assessments in accordance with industry-accepted methods and protocols ...identify ICT security risksidentify ICT security risksApply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and eval...

Optional (38)

ICT safetyICT safetyPersonal protection, data protection, digital identity protection, security measures, safe and sustainable use.MaltegoMaltegoThe platform Maltego is a forensic application that uses data mining to deliver on overview of organisations' environment, testing security weaknesses of the system for potentially unauthorised access...Cain and Abel (penetration testing tool)Cain and Abel (penetration testing tool)The software tool Cain and Abel is a password recovery tool which tests the Microsoft Operating System for security weaknesses and potentially unauthorised access to system information. The tool decod...OWASP ZAPOWASP ZAPThe integrated testing tool OWASP Zed Attack Proxy (ZAP) is a specialised tool which tests web applications security weaknesses, replying on an automated scanner and a REST API.NessusNessusThe computer program Nessus is a specialised ICT tool which tests security weaknesses of the system for potentially unauthorised access to system information, developed by the software company Tenable...MetasploitMetasploitThe framework Metasploit is a penetration testing tool which tests security weaknesses of the system for potentially unauthorised access to system information. The tool is based on the concept of 'exp...internet governanceinternet governanceThe principles, regulations, norms and programs that shape the evolution and use of internet, such as internet domain names management, registries and registrars, according to ICANN/IANA regulations a...proxy serversproxy serversThe proxy tools which act as an intermediary for requests from users searching for resources e.g. files and web pages from other servers such as Burp, WebScarab, Charles or Fiddler.Aircrack (penetration testing tool)Aircrack (penetration testing tool)The computer program Aircrack is a cracking program which recovers 802.11 WEP and WPA-PSK keys by making several network attacks such as FMS, KoreK and PTW attacks.Backbox (penetration testing tool)Backbox (penetration testing tool)The software BackBox is a Linux distribution which tests security weaknesses of the system for potentially unauthorised access to system information by information gathering, forensic, wireless and Vo...Kali LinuxKali LinuxThe Kali Linux tool is a penetration testing tool which tests security weaknesses of the systems for potentially unauthorised access to system information by information gathering, vulnerability analy...Outsourcing modelOutsourcing modelThe outsourcing model consists of principles and fundamentals of service-oriented modelling for business and software systems that allow the design and specification of service-oriented business syste...hybrid modelhybrid modelThe hybrid model consists of principles and fundamentals of service-oriented modelling for business and software systems that allow the design and specification of service-oriented business systems wi...ICT security legislationICT security legislationThe set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intr...organisational resilienceorganisational resilienceThe strategies, methods and techniques that increase the organisation's capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by ...John The Ripper (penetration testing tool)John The Ripper (penetration testing tool)The tool John the Ripper is a password recovery tool which tests security weaknesses of the systems for potentially unauthorised access to system information. The key features of this tool are the str...service-oriented modellingservice-oriented modellingThe principles and fundamentals of service-oriented modelling for business and software systems that allow the design and specification of service-oriented business systems within a variety of archite...levels of software testinglevels of software testingThe levels of testing in the software development process, such as unit testing, integration testing, system testing and acceptance testing.BlackArchBlackArchThe BlackArch Linux distribution is a penetration testing tool which tests security weaknesses of the system for potentially unauthorised access to system information.WiresharkWiresharkThe Wireshark tool is a penetration testing tool which evaluates security weaknesses, analysing network protocols through deep protocol inspection, live capture, display filters, offline analysis, VoI...information confidentialityinformation confidentialityThe mechanisms and regulations which allow for selective access control and guarantee that only authorised parties (people, processes, systems and devices) have access to data, the way to comply with ...Parrot Security OSParrot Security OSThe operating system Parrot Security is a Linux distribution which performs penetration cloud testing, analysing security weaknesses for potentially unauthorised access.Open source modelOpen source modelThe open source model consists of principles and fundamentals of service-oriented modelling for business and software systems that allow the design and specification of service-oriented business syste...Samurai Web Testing FrameworkSamurai Web Testing FrameworkThe linux environment Samurai Web Testing Framework is a specialised penetration testing tool which tests security weaknesses of websites for potentially unauthorised access.ICT encryptionICT encryptionThe conversion of electronic data into a format which is readable only by authorized parties which use key encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL).WhiteHat SentinelWhiteHat SentinelThe computer program WhiteHat Sentinel is a specialised ICT tool which tests security weaknesses of the system for potentially unauthorised access to system information, developed by the software comp...NexposeNexposeThe computer program Nexpose is a specialised ICT tool which tests security weaknesses of the system for potentially unauthorised access to system information, developed by the software company Rapid7...Internet of ThingsInternet of ThingsThe general principles, categories, requirements, limitations and vulnerabilities of smart connected devices (most of them with intended internet connectivity).manage IT security compliancesmanage IT security compliancesGuide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.implement ICT security policiesimplement ICT security policiesImplement statements, assertions or rules that specify the appropriate use and protection of the ICT assets and systems from an organisation. These ICT security policies cover topics such as data clas...define security policiesdefine security policiesDesign and execute a written set of rules and policies that have the aim of securing an organisation concerning constraints on behaviour between stakeholders, protective mechanical constraints and dat...set up cybersecurity training programmesset up cybersecurity training programmesDesign, develop and deliver educational activities (such as lectures and cyber ranges) to cover needs and/or raise awareness on cybersecurity.remove computer virus or malware from a computerremove computer virus or malware from a computerCarry out actions to remove computer viruses or other types of malware from a computer.solve ICT system problemssolve ICT system problemsIdentify potential component malfunctions. Monitor, document and communicate about incidents. Deploy appropriate resources with minimal outage and deploy appropriate diagnostic tools.perform project managementperform project managementManage and plan various resources, such as human resources, budget, deadline, results, and quality necessary for a specific project, and monitor the project's progress in order to achieve a specific g...manage cloud data and storagemanage cloud data and storageCreate and manage cloud data retention. Identify and implement data protection, encryption, and capacity planning needs.implement a firewallimplement a firewallDownload, install and update a network security system designed to prevent unauthorized access to a private network.maintain ICT servermaintain ICT serverDiagnose and eliminate hardware faults via repair or replacement. Take preventive measures, review performance, update software, review accessibility.