This document provides an overview of ethical hacking vs penetration testing. It discusses how they are similar but also different, with ethical hacking focusing more on technology exploits and penetration testing covering a broader range of areas. It also covers cybersecurity concepts, the impact of COVID-19 on cyber attacks, how to get involved in the field through learning programs and certifications, and why cybersecurity jobs are in high demand.
Ethical Hacking vs Penetration Testing: Key Differences and Impact on Cybersecurity
1.
2. Agenda
Differences and Similarities
Ethical Hacking
Penetration Testing
Types & Stages of Penetration
Testing
Cybersecurity
Impact of COVID-19 on
Cybersecurity
How to get involved
Why this is a big deal
Things to watch out for…
Qs & As
3. • In a holistic approach the two (EH vs PT) can be one and the same
but there are some differences.
• However, ethical hacking and penetration testing (pentesting) is
only a subset of cybersecurity.
Quick Differences or similarities
4. • Hacking with ethics – IOW, to act as an attacker to help a client
understand weaknesses before discovered by a bad actor.
• Ethical hackers generally conform to a legal code of ethics in order
to perform activities in a trusted manner.
• Quite often, ethical hacking is more focused on technology exploits
rather than the true nature of a bad actor.
• Could be viewed as unrealistic (timeline constraints, technology
constraints, mirrored environments, cloud environments, etc…)
when compared to an actual bad actor.
Ethical Hacking
5. • Not the same as ethical hacking, but similar, as penetration testing
could fall under similar activities as hacking.
• However, penetration testing can cover more than just technology
and can include physical, humans, etc…
• Different categories (Black, grey, white)
• Can be internal and external
Penetration Testing
6. • Cyber security standards enable organizations to practice safe
security techniques to minimize the number of successful cyber
security attacks
• Cyber security refers to the technologies and processes designed
to protect computers, networks and data from unauthorized
access, vulnerabilities and attacks delivered via Internet by cyber
criminals
• Cyber security protects the data and integrity of computing assets
belonging to or connecting to an organization's network. Its
purpose is to defend those assets against all threat actors
throughout the entire life cycle of a cyber attack
What is Cyber Security?
7. • Impact on digital working and cybersecurity.
Includes:
350 cyberattacks in April 2020 in Switzerland
https://www.swissinfo.ch/eng/jump-in-cyber-attacks-during-covid-
19-confinement/45818794
47% of individuals fall for phishing scams while working at home
https://www.tessian.com/blog/why-we-click-on-phishing-scams/
Cyberattacks on video conferencing services
https://www.bleepingcomputer.com/tag/credential-stuffing/
Impact of COVID-19 on Cybersecurity
8. Learn:
• Concepts of network engineering (TCP/IP, OSI model, etc… doesn’t change
regardless of the vendor). Get a starter cert such as a CCNA.
• Windows OS
• Various regulations, this provides you a potential client base that can hire you.
• Attain certifications as an auditor (ISO27001, ISO22301), your reports become
irrefutable when you can quote regulation.
• Understand basic concepts of cybersecurity law as it relates to data privacy
(GDPR) Cybersecurity (pentesting) can work closely with privacy.
• Attend a course related to penetration testing.
• Make connections…but be careful of what connections you make.
• Learn about Kali Linux !
• Install a VM and test your skills.
How to get involved
9. • There is currently no regulatory environment (in the USA) that
doesn’t require penetration testing of some sort and all require
adequate cybersecurity
• Pentesters come with a unique skill and mind set….cybersecurity
does not.
• Vulnerabilities are being discovered and exploited faster than
people can be trained or vulnerabilities remediated. This requires a
cybersecurity work force that is required to constantly think outside
the box.
• As of Feb, 2021 – 314K unfilled cybersecurity jobs in USA and 3.5M
globally. In comparison, there were only 1M unfilled in 2014.
Why this is a big deal?