Why You Shouldn't Be an Ethical Hacker

As a university lecturer in IT/cybersecurity, I would encourage those interested in cybersecurity/ethical hacking to initially focus on a good grounding in programming, networking, OS, architecture, etc as too many want to jump straight into learning to hack without the necessary foundational skill to even understand what they are hacking. Learn general IT BEFORE trying to specialize in cybersecurity. Certs (Cisco, etc) are the way to go for a solid foundation and springboard on which to build.

MarkDonegal

Always loved this field as a kid. Got older and realized it was nothing like the movies but the passion to learn was so big that I still took a chance to challenge myself. Recently obtaining my eJPT gave me a tad bit more confidence in pursuing this career (currently working as a sysadmin). Hopefully I can one day hold a OSCP certification.

someyounggamer

I appreciate that you made this video. I think it's important to understand how intensive this field can be and one truly does need to have that passion. I'm still on the fence, but partly because of the fear that I can't do it. I'm slowly training myself through your videos and other resources to build confidence, technical knowledge, and the passion. I'm getting there, but I know I'm not ready to take that leap just yet. Thank you.

Tixmeeoff

Thank you for this video. I'm relatively new to the space but something I quickly realized was studying the "boring" stuff is absolutely necessary. Right now I'm setting up freeipa and keycloak in a homlab so I can better understand how to configure the service for our work infrastructure. It has hugely beneficial working through the headaches and getting a better understanding of identity management. It's not sexy but it helps with understanding how ldap actually works.

CTWilliams

I've been security-adjacent for a long time now, and what you said rings true to me. One thing that crossed my mind with regards to the report writing, is how to bridge the gap when someone is technically proficient (maybe even exceptional), and can communicate with tech folks, but maybe aren't strong on business communication. It strikes me that there's room for a role that can act as the translator; someone who can understand the gist of the technical report, and turn it into a more business-friendly one.

MatthewMiddletonTV

Thanks for this Video Keith.

This cuts across almost all fields, when you know want to be top in your field you need to be able to accept doing all the extra reading, continuous learning and growing as part of life. If you want money, you should equally accept the stress that comes with it.

Keep up the great job. Love from 🇳🇬

Patrickonsocial

I agree, most people like the idea of being a 'hacker', thinking it's a super cool thing to do and tell people that they do. However, the reality of it as you need to constantly study and work awful hours.

UnixGuy

Definitely a great and sobering video. Good to have these azimuth checks to make sure all the motivations are there but also that we're being real with ourselves and understanding that it's still a job and if we're not all in than it'll feel more like a burden than something fun. Thanks for putting this together.

StudioSec

This is something I thought I was working towards for years. I was interested in cyber/IT security but thought I was just working towards being a pen tester. On that path I found that I really have a passion for vulnerability management on an enterprise scale. I still build my pen test skills as a hobby, but don't think I would take a pen testing job if it were offered to me now.

jeg

I really appreciate this perspective. I’ve been looking in to many different fields of IT work and I initially started down a path of becoming a Java developer. But when I looked at the cons I was heavily discouraged and felt it wasn’t for me. I also felt the same about many of the defense based cyber security roles and was ready to give it up. But this was the first time that I heard the cons of a field and wasn’t discouraged but instead felt that the reward was worth the hours I would have to put into to become efficient as an ethical hacker, even though it will require some skills in the fields I was initially discouraged from. That let me know that there is an underlying passion for this kind of work and I’m still very excited to begin this journey and now I have a better understanding of what it is I’m getting into. Thank you so much! ❤️

GAGE_tx

Yeah I quickly realized that after I did 1 pentest, while it is fun I couldn’t see myself being able to keep up with it and found it would require intense amount of research outside of work. Switched to Infrastructure Security Engineering and Architecture, it’s a bit more relaxed and I like it, it’s basically being a solutions architect for security related things.

HowToCyber

I'm studying ethical hacking both for fun and to improve my understanding of red team methodology, eventually I plan on getting a job in cloud security to help protect critical infrastructures specifically hospitals if I can.

skydude

Great video, Heath! I'm glad to say that I fit your criteria of being passionate about pen testing and ethical hacking. This video is much needed for those that are wanting to do this solely for the money and haven't given it much more thought than that. Looking forward to more videos!

JoeC_aka_PwnerJoe

I agree...partially. I think most of these could be learnt as long as you are curious and willing to develop the habit of learning. A change of mindset could go along way in achieving all of this.

jozliner

Thanks, Heath for that PSA! You are 100% correct! Many things are forever changing and you have to keep up with the latest of everything that relates to the "ethical hacking wheel-house".

juliusrowe

In school for cyber right now. Been in IT for over 5 years with an msp and also worked as the sole IT guy for a state facility. I have done all kinds of stuff in both. Currently I am on the security team with the security analyst title. I do way more than typical analysts do though. I love the security side of things but where I am not is actually kinda boring. I love to learn and read all the time. I find that part of things easy. I also find writing to be very easy for me, likely due to 20 years military experience having to write tons of stuff. I think pen testing sounds fun and challenging which is what I need. Money is nice and all but it is not everything. I could make more than I do now, but love where I am. I figure the money will come if I am good enough. Pen testing is my goal. I watched your other video about the new hires. I already surpass most of those people in qualifications and experience so that side of things should be pretty easy. Love all your videos and advice.

Pilph

Thanks TCM! I always appreciate your completely original talent for capturing the needs of the security community.

jakesatcher

I already know I’m gonna love Pentesting. Just playing in the lab, I get really excited and happy when I accomplish something.

edgerunner

I love videos like this. Thanks for helping me (as a college student trying to break into IT) to choose the IT field to work in👍

blackswan

I have had a lot of chaos in my life over the past month with suddenly moving and so it might have changed because i haven't been able to spend any time in this past month on tcm academy, but you should add a report write up course or info for better reports such as bug bounty vs pentest or breach reporting. i am still subscribed to your courses and you are to this day the only course i feel is worth the money and that you get more than you spend thus i am probably going to stay subscribed even if i get out of IT and get a job in cybersecurity for the foreseeable future. thanks for all you do.

steveg