Mom here. My sons a Junior in HS and wants to be an ETHICAL HACKER??

Mom2G

I have been trying to research this and it's so very confusing. He's entering his junior year in high school and we're starting to think about what he's going to do after he graduates. He has been saying for a few years he wants to be an ethical hacker. I asked him when he meant by that and he said he'd like to find security holes for companies/websites and then explain to the company how to fix it?
As I'm reading it seems like there in many ways to go about this.

1) anything he can do now to prepare as a 16 year old?
2) We live in NY. Are there any schools you would recommend?
3) I've seen people recommend a bachelors degree. Which one exactly?
I have NO idea where to have him start.

Thank you so much for your help!

TeKniques

This would be my advice -

1 - Yes, start learning programming. I would start with Python and then move into some object oriented languages like C++ or Java
2 - No idea
3 - Computer Science - moving into exploit development some coding will be very beneficial and I see Computer Science being the best major to help get there.

Go to a job board (Monster, Dice, etc.) and search for ethical hacker (pentesting) careers. You will see what is generally required knowledge and come up with a plan.

Good luck.

Mom2G

Is ETHICAL HACKER the correct name or is it called something else? Thank you!

EANx

Mom2G wrote: »

1) anything he can do now to prepare as a 16 year old?
2) We live in NY. Are there any schools you would recommend?
3) I've seen people recommend a bachelors degree. Which one exactly?

There are several different areas of "ethical hacking" but it sounds like he wants to be a penetration tester. Someone who uses tools and methods to find holes in corporate networks (with permission), then writes reports detailing how those holes were exploited so the organization in question knows what to fix.

1) An understanding of Python or PowerShell would be useful.
2) Local schools will largely be useless, I'd suggest online training for Python and PowerShell. For penetration-specific training, I'd suggest looking at courses from eLearnSecurity (PTS and PTP) as well as well as Offensive Security's OSCP.
3) The world of IT has far more in common with trade schools than it does with universities, people get certified in technologies rather than get a degree that lasts them a career. If he wants to become a full-blown programmer then a computer science degree might be in the cards but SANS is the only organization I'm aware of that has a degree in anything approaching what your son wants to do.

stryder144

Check to see if there is a CyberPatriot group near where you live. I would highly recommend that he start learning Linux. Have him sign up for the Linux Foundation Certified System Administrator (LFCS) certification. He will need a good, solid command-line understanding of Linux if he wants to be successful in ethical hacking (also called red teaming). I would also recommend the CompTIA Security+ certification in order to give him a foundation in IT security to build off of. You can also check out Saylor Foundation. They have some computer science and IT courses that are free to take and have a nominal fee associated with the optional final.

As for resources to use, I would get a Get Certified, Get Ahead subscription for your son to prepare for the Security+ exam. Get him the Darril Gibson book that corresponds to that site. Have him pick up the following books:

1. Information Security: The Complete Reference - Great overview and a lot of indepth information.
2. Python 3 the Hard Way - Nearly everyone says that you need to know at least one programming language, with Python being the most popular.
3. A Practical Guide to Linux Commands, Editors, and Shell Programming - Linux is very, very popular in ethical hacking, with the command line being essential to understand.
4. Linux Command Line and Shell Scripting Bible - Another great Linux book to read.
5. The Network Security Test Lab - Because every boy needs a safe place to learn how to hack!

These are just a few resources that I would recommend. There are many, many more out there. These should lay a solid foundation. Once he is ready to go to college, a degree in either math or computer science would be recommended.

TeKniques

Mom2G wrote: »

Is ETHICAL HACKER the correct name or is it called something else? Thank you!

I'd look for "penetration tester"

Mom2G

EANx wrote: »

There are several different areas of "ethical hacking" but it sounds like he wants to be a penetration tester. Someone who uses tools and methods to find holes in corporate networks (with permission), then writes reports detailing how those holes were exploited so the organization in question knows what to fix.

Thats exactly what he tells me. Yes!

TechGromit

So he wants to be a Penetration tester. While there are a number of training courses available to teach him just that, I would be
cautious of getting him the resources to practice pen testing without his understanding the implications of using the knowledge. Pen Testing is performed in very controlled conditions. Where as the company that owns the network your attempting to "hack" gives you iron clad written permission to do so. Using pen testing knowledge against an organization without permission, even if it's just for the purposes of "learning" is the quickest way to federal prison. There's a number of training online programs available that teach pen testing, but he should concentrate on courses that offer certifications when he completes them.

SoCalGuy858

stryder144 wrote: »

Check to see if there is a CyberPatriot group near where you live.

This is a hidden gem for youth that are interested in getting into cybersecurity. I'm the assistant coach of a team here in North Carolina as part of my role as the Deputy Commander of a local Civil Air Patrol unit, so I can't speak for school-based teams, but... check to see if your son's school as a team you may be unaware of. If it doesn't, there's nothing from stopping him from gathering additional interested students and a coach and registering a team.

The nice thing is that team coaches need not have a cyber background of any sort. Their primary purpose is to oversee the program administratively and support the students; however, having a cyber background certainly benefits the students!

I've been participating with CyberPatriot for a few years now, and can certainly say it's a great way to "actively" jump into cyber stuff! It's not about studying and taking tests, but actually /DOING/ in live competitions against peer competitors.

Feel free to contact me if you have any questions!

TheFORCE

How good is he with math? Cyber security degrees and computer science degrees involve a lot of math.
I'd start him off with Python, SQL, and CCNA.

Do a search for "cyber security degrees in New York or computer science degrees in New York " I'm sure you will find plenty of hits.

As others mentioned, be careful and always check what he is doing. He can get in trouble if he does something wrong.

Mom2G

He did not do well in his last math class. He usually just flies through everything but the last one in 10th grade he just failed.

Our school does does not have a cyberpatriot group. They have a robotics group which HS a part of and a computer club where kids just play video games. He doesn't like that group so much.

There is a local civil air patrol. Would that help him in any way?

He has Tourette's syndrome, ADHD and his doctors have suggested Aspbergers but it doesn't matter. He's on meds and is doing well but had trouble socializing and making friends. He really enjoys talking to people online though. He basically plays games with the same 2. He's excited to get a job. I'm hoping he can start in Bestbuy abut and evenyually while in school get into the Geek squad or something.


i can't even begin to thank you all for being so helpful!!

JoJoCal19

TechGromit wrote: »

So he wants to be a Penetration tester. While there are a number of training courses available to teach him just that, I would be
cautious of getting him the resources to practice pen testing without his understanding the implications of using the knowledge. Pen Testing is performed in very controlled conditions. Where as the company that owns the network your attempting to "hack" gives you iron clad written permission to do so. Using pen testing knowledge against an organization without permission, even if it's just for the purposes of "learning" is the quickest way to federal prison. There's a number of training online programs available that teach pen testing, but he should concentrate on courses that offer certifications when he completes them.

I'm going to emphasize this. At your sons age, he is going to learn stuff that can get him in trouble real quick. At that age learning about computers and hacking, it is going to be HIGHLY tempting to try out the things he will be learning, and to push the limits. I recommend either A) getting the equipment/software to let him set up a hacking lab, and/or sign him up for eLearnSecurity's Penetration Testing Student course. If you have the means, doing both at that age would give him a tremendous leg up in breaking into security after high school.

dmoore44

stryder144 wrote: »

Check to see if there is a CyberPatriot group near where you live. I would highly recommend that he start learning Linux.

This is solid advice, and I would expand on it a bit. Check meetup.com for any hacking/Cyber Security/Information Security meetups and start attending. Also, it might be worth it speak with you son's school administrators and faculty about picoCTF - if you can get the school to participate, you'd open up a whole new avenue of learning for everyone, and if your son is a major driver in the initiative, it will look good on college applications.

As far as what to do after school, there are tons of hacking related competitions that schools compete in - so make sure to pursue the schools that field teams. The schools that participate the most are going to be the ones that have stellar CompSci programs... I know that NYU, RPI, and Columbia all have sterling reputations in the field and provide excellent education and networking opportunities and will set him up well in the long run.

stryder144

I would also add that your local law enforcement agency may have programs as well. I've heard chatter that there might be some Police Explorer programs that have added cyber to their curriculum. Worth a look and might give him some additional guidance from the "stay out of trouble" perspective.

TechGromit

JoJoCal19 wrote: »

.... at that age would give him a tremendous leg up in breaking into security after high school.

Or breaking into federal prison, depending on the direction he takes.

DatabaseHead

+1 on scripting and development.

PS you all are going to scare the lady off. She is going to guide him into accounting or finance. PUKE!

stryder144

Agreed, DatabaseHead. With an obviously involved parent, the opportunities for getting into trouble are reduced. Also, if he gets involved in a CyberPatriot program he will receive mentoring that will hopefully divert him from the rather dark, seedy side of hacking.

@Mom2G...keep being involved and keep asking questions. The more you understand, the less likely it will be for your son to go the wrong direction.

[Deleted User]

I think Mom2G is looking for less technical jargon and looking for more solid advice.

@Mom2G

If you son is really interested in being an ethical hacker, the correct term would be penetration tester.

That said, there are a few books maybe you can purchase for him as a gift for Christmas to see if he is interested in this line of work:

Book1: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=sr_1_2?ie=UTF8&qid=1503877120&sr=8-2&keywords=penetration+testing

Book2: https://www.amazon.com/Penetration-Testing-Essentials-Oriyano/dp/1119235308/ref=sr_1_5?ie=UTF8&qid=1503877120&sr=8-5&keywords=penetration+testing

With these 2 books as a starting point, let him read over them to see if this sparks his interest. This could be a fad that kids like 1 day and hate the next.

NetworkingStudent

Mom2G wrote: »

I have been trying to research this and it's so very confusing. He's entering his junior year in high school and we're starting to think about what he's going to do after he graduates. He has been saying for a few years he wants to be an ethical hacker. I asked him when he meant by that and he said he'd like to find security holes for companies/websites and then explain to the company how to fix it?
As I'm reading it seems like there in many ways to go about this.

1) anything he can do now to prepare as a 16 year old?
2) We live in NY. Are there any schools you would recommend?
3) I've seen people recommend a bachelors degree. Which one exactly?
I have NO idea where to have him start.

Thank you so much for your help!

1)
I would see if he can take any advance classes while he's still in high school. Hopefully the advance classes will help him earn college credit. Ask his high school
Study lots of math, and work on Communication skills.

It and Security professionals need to have well rounded communication and customer service skills.

-I think he needs to learns the basics of computers, what is an operating system??? what is Networking?? What is a server ect.....?

I think he should go to IT Pro TVhttps://www.itpro.tv have him sign up for a free membership. Take the course IT fundamentals, then the A+ course, and the the network+, or CCNA. If he likes the course, then maybe he can become a paid member.

Another option besides IT pro tv is professor messer:
Here is his website:
Professor Messer IT Certification Training Courses


2) Nope....My advice is to get make sure the college is REGIONALLY ACCREDITED!! Please don't have him go to a for profit school. Technical or community college should be ok, but you want to see where the credits will transfer to.

3) Not sure. One rule no for profit colleges!

---

Beyond all of this I would reach out to the ISSA:

Information Systems Security Association, Inc.

I placed their contact info below, I would call them. Maybe you and your son can attend a chapter meeting in NY, and seek more advice and guidance for him.


https://www.issa.org/?ContactISSA

ITSpectre

Mom2G wrote: »

I have been trying to research this and it's so very confusing. He's entering his junior year in high school and we're starting to think about what he's going to do after he graduates. He has been saying for a few years he wants to be an ethical hacker. I asked him when he meant by that and he said he'd like to find security holes for companies/websites and then explain to the company how to fix it?
As I'm reading it seems like there in many ways to go about this.

1) anything he can do now to prepare as a 16 year old?
2) We live in NY. Are there any schools you would recommend?
3) I've seen people recommend a bachelors degree. Which one exactly?
I have NO idea where to have him start.

Thank you so much for your help!

I would start by letting him go on cybrary.it and look at the free penetration courses they have there.... you can also let him watch penetration testing videos on youtube as well. See if that sparks his interest. I would by him a book or two and let him read it. Also codeacademy is a very good place to learn coding for the first time.
Additionally look at job descriptions on Dice.com, indeed.com, monster.com and plan from there... have him study C++, HTML, Java, or Python. And he can also learn about Network Security and another thing he can prepare for is certifications.... Have him read over the Security + book and have him watch professer messer on youtube or his website... That will give him a foundation to go into security and Hacking. If he likes that then he can go into penetration testing.

GabusDeux

Hello, I am Mom2G's son. I already know a little bit of this path. I have been doing things involved in learning online for about 2 years now so i asure you its not a phase. I am already learning python and will be moving to C soon. I also already know what an operating system is, what dual bootnig is etc.

GabusDeux

booting*

ITSpectre

Greetings!!!!

I would start with the Security+ from CompTia.... codeacademy to learn Python, and linuxacademy to learn Linux. check out cybrary.it, pluralsight, and udemy too. I would also download Kali Linux and run it on a VM and play around with it.

GabusDeux

I completely forgot codeacademy had python, thanks for reminding me!

NOC-Ninja

IMO


Start with learning systems or networking first. This would be CCNA and MCSE.
School? I dont believe any school will teach you pen test. you can probably find a mentor to help him. this site will help:
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
bachelors degree wont help him pentest. True learning in IT is all about self - learning. Watching videos, reading books, building lab, doing it yourself.


I recommend learning networking and systems first.
How is he going to hack if he doesnt know the system or the network?


Ive met different types of pen testers. The strongest are the ones who understand the network and the systems.

ITSpectre

NOC-Ninja wrote: »

I recommend learning networking and systems first.
How is he going to hack if he doesnt know the system or the network?

This is correct because you need to know about systems in order to hack them.... start as a sysadmin and go from there.

jibtech

GabusDeux wrote: »

Hello, I am Mom2G's son. I already know a little bit of this path. I have been doing things involved in learning online for about 2 years now so i asure you its not a phase. I am already learning python and will be moving to C soon. I also already know what an operating system is, what dual bootnig is etc.

Knowing what they are is only the beginning. The next step is knowing how they work, followed by how the stop working. A significant portion of pen testing is about knowing systems well enough to know when, where and how they fail.

There is a lot of very good advice from some very competent people in this thread. Heeding that advice will save you years of frustration.

jstock

Hey Mom2G,

There are a few great schools in New York when it comes to Computer Security. For example there is my alma mater, Rochester Institute of Technology (RIT), as well as Utica College. These schools offer partnerships with Community Colleges to help reduce costs of education. Part of me wishes that I did my first two years at a community college to save on loans, but nothing beats the college experience. RIT is a very well respected school for security and has one of the best CCDC teams in the country. Standings. Several friends of mine participated on the team and are now security engineers, reverse engineers, penetration testers, etc. at some of the biggest companies (Facebook, Google, Amazon, Raytheon, Rapid7).

There is a lot of debate whether university education is better than certification training. I am a strong advocate for formal education at a large, well-known university. The network that you are a part of is invaluable and personally has paid off ten-fold.

For now, take the time to really evaluate the potential schools and learn some programming and network fundamentals. Also, here are relevant majors at the above mentioned colleges:
https://www.rit.edu/gccis/computingsecurity/academics/bs/overview
http://programs.online.utica.edu/programs/online-cyber-security-degree

jt2929

jstock wrote: »

Hey Mom2G,

There are a few great schools in New York when it comes to Computer Security. For example there is my alma mater, Rochester Institute of Technology (RIT), as well as Utica College. These schools offer partnerships with Community Colleges to help reduce costs of education. Part of me wishes that I did my first two years at a community college to save on loans, but nothing beats the college experience. RIT is a very well respected school for security and has one of the best CCDC teams in the country. Standings. Several friends of mine participated on the team and are now security engineers, reverse engineers, penetration testers, etc. at some of the biggest companies (Facebook, Google, Amazon, Raytheon, Rapid7).

There is a lot of debate whether university education is better than certification training. I am a strong advocate for formal education at a large, well-known university. The network that you are a part of is invaluable and personally has paid off ten-fold.

For now, take the time to really evaluate the potential schools and learn some programming and network fundamentals. Also, here are relevant majors at the above mentioned colleges:
https://www.rit.edu/gccis/computingsecurity/academics/bs/overview
http://programs.online.utica.edu/programs/online-cyber-security-degree

I'll second Utica College, as I'm an alum. Great school with top notch instructors. Can be 100% online or brick & mortar.

DatabaseHead

Stick to Python and C like you are doing. It's your path and it sounds like a darn good one.

Stay diligent and continue on. Ignore all the cert talk, that will come with time and believe me less is more......

beads

Learn the basics of administration, databases and of course, real development (programming). By the time your son learns what IT is from the inside out he may or may not want to emulate Mr. Robot and choose a more refined if not rewarding skill set to pursue. At 16ish there is plenty of time to explore and IT in general is a HUGE and interesting world unto itself.

Don't limit yourself to just one road. Its a long journey. Enjoy the ride.

- b/eads