Let's cut straight to it. Ethical hacking is legal, structured, and one of the most in-demand technical careers in the world right now. The BLS projects 32% growth for information security roles through 2032. Median salaries sit above $120,000 across all experience levels. And the number of people who can actually do the work is still well short of the number of jobs that need filling.
If you want in, here is the real picture. Not the glossy version.
What actually is Ethical Hacking?
Ethical hacking is the practice of testing systems, networks, and applications for security vulnerabilities with explicit permission from the owner. The goal is to find what a real attacker would find before a real attacker does. You document what you discover, rate the risk, and hand over findings that the organisation can actually act on.
It is not a single job. It is a discipline that covers penetration testing (scoped technical assessments), red teaming (adversary simulation), bug bounty hunting (independent vulnerability research on public programmes), and vulnerability assessment (systematic security scanning and analysis). Each has a different focus and a different hiring pipeline.
What they all share: you need to think like someone trying to break in. That mindset is not innate. It develops through deliberate practice in environments where you are actively attacking things legally.
What Are The Skills That Actually Matter?
There is a standard list of "ethical hacking skills" that appears on every career guide. Networking, Linux, Python, web security. All true. None of it very useful without the context of how these things connect.
Here is the connection: every engagement follows a lifecycle. Reconnaissance (what can I find out about the target from the outside?). Enumeration (what is actually running, and what versions?). Vulnerability identification (what weaknesses do those services have?). Exploitation (can I actually get in?). Post-exploitation (what can I do from here?). Reporting (what did I find, and what should they fix?).
Every skill you build maps to one of these phases. Nmap is reconnaissance and enumeration. Burp Suite is vulnerability identification and exploitation for web targets. Metasploit is exploitation and post-exploitation. BloodHound is post-exploitation in Active Directory environments. Python and Bash are the glue that connects all of it when you need to automate, customise, or script something the tools do not cover out of the box.
Build skills with the lifecycle in mind and you will never lose track of why you are learning something.
Which Certifications Are Worth Caring About?
The certification landscape for ethical hacking has more noise than signal. Here is a honest breakdown.
PT1 (TryHackMe Junior Penetration Tester) is the right first practical credential for most people. A 48-hour engagement across web, network, and Active Directory targets with a graded professional report. No multiple choice. No theory questions. Actual hacking, documented professionally. It is the credential that answers "can you do this?" rather than "do you know about this?" The revamped Jr Penetration Tester path is the canonical study route: 89 rooms across 17 modules, a full nine-room Active Directory module, and three capstone challenges that mirror the exam format. Premium subscribers receive a 15% discount. Explore PT1
OSCP (Offensive Security Certified Professional) is the gold standard and the target most serious practitioners work toward. A 24-hour practical exam, a professional report, a reputation the industry respects. It appears in the majority of penetration testing and red team job postings. It is not a starting point. Prepare for it after PT1, with consistent unguided lab work behind you.
CEH (Certified Ethical Hacker) from EC-Council is widely recognised and frequently listed in job postings, particularly in government, defence, and corporate compliance contexts. It is a multiple-choice theory exam rather than a practical one. It does not prove you can hack. It proves you know the vocabulary. Useful as an HR filter in regulated environments. Less useful as a signal of actual offensive capability.
The honest sequence for most people: PT1 first. OSCP when you are ready. CEH if the specific roles you are targeting require it.
Which Career Paths Open Up?
Ethical hacking is not one career destination. It is a foundation that leads to several different places.
Penetration tester is the most common landing point. You conduct structured technical assessments for clients, document findings, and produce professional reports. Entry-level roles start around $65,000 to $85,000 in the US and climb fast with experience and certifications.
Red team operator is where penetration testing experience leads for those who want to go deeper. Adversary simulation, C2 infrastructure, OPSEC, and realistic attack campaigns that test whether organisations can detect and respond to a determined attacker. Salaries at mid-level and above are strong.
Bug bounty hunter offers independence and potentially significant income for people who build deep specialist skills. Top bug bounty hunters earn well into six figures annually through disclosed vulnerability reports on public programmes. The income is variable and the work is unstructured, but for the right person with the right skills it is genuinely lucrative.
Application security engineer is the role where ethical hacking skills combine with development background to protect software at the source. Strong demand, strong salaries, and a skill set that is in short supply.
Your First Steps
Stop reading guides and start doing labs.
Every hour spent reading about SQL injection is worth less than fifteen minutes of exploiting one in a live environment. The skill is not in the knowledge. It is in the repetition until the technique becomes instinct.
TryHackMe's free account gives you immediate access to hundreds of hands-on rooms. The Cyber Security 101 path covers the foundations. The Jr Penetration Tester path builds the offensive skill set across web, network, and Active Directory. Work through the guided rooms. Document everything as a writeup. Then start the unguided practice that turns knowledge into genuine capability.
Your public TryHackMe profile is your first portfolio. Every room completed, every path finished, every point earned is visible evidence of consistent effort. That profile, combined with documented writeups and PT1, is what gets you through a technical screen before you have a job title to point to.
The first step is the same for everyone: open a free account and complete one room. Right now. Today.
Nick O'Grady