Part of being a Cisco Champion involves outreach, being parts of the community to help and inspire others find their passions in the technical world. It was in one of these outreach groups I came across a simple question:
“What’s the difference between Cyber Security and Ethical Hacking?”
The simple truth is, Ethical Hacking is a part of Cyber Security.
As a Cyber Analyst, it is my job to find the best solution for my client, in some situations that is reviewing policies and procedures. In others, it’s breaking in physically or convincing people to give you access. Whereas other times its completely remote and just investigating the external defences.
The ultimate goal of Ethical Hacking is to highlight the vulnerabilities real-life hackers can exploit, before it’s a malicious actor. Yes, it's fun. Yes, it can be "hacking" software, deploying Phishing campaigns, and even physically gaining access to a building.
Cyber Security isn’t one set thing, it’s a rainbow of skillsets, tools, and passions – often combined, to make the most effective secure environment. Consider the IT help desk, validating your identity before resetting a password. Think of the software installed on your devices monitoring for suspicious code or websites. Did you know, companies hold something called a risk register, where they record all the notable risks to the organisation and how they address these.
Cyber Security is the umbrella that covers the blue or defensive, the red or offensive - packaged together to create a holistic solution to keep you and your sensitive information safe.
There is no environment 100% secure, and absolutely no way we can remove all risk. The goal of Cyber Security, and a part of this is the Ethical Hackers, is the lower the risk to acceptable levels, and implement controls to mitigate impact.
Interested in understanding more terms? Check out Ideas for Testing.