So You Wanna Be an Ethical Hacker? Start Here.
“Why hack the planet when you can ethically test it first?” — A Thabo-ism
If you’d told me a year ago that I’d be knee-deep in port scanning, DNS recon, and penetration testing frameworks like MITRE ATT&CK, I probably would’ve nodded politely… and kept scrolling TikTok. But here we are.
Ethical Hacking isn’t just about hoodies and green terminal screens. It’s about thinking like an attacker to protect systems — legally, of course. With digital crime soaring and businesses scrambling to secure their data, ethical hacking is no longer a niche. It’s a critical skill, especially for developers like us who live in the stack.
Here’s how I got started and what you should know if you’re even remotely curious.
What Is Ethical Hacking Really?
In simple terms? It’s hacking… with permission.
Companies hire ethical hackers (aka white hats) to simulate real attacks on their systems. The goal? Find vulnerabilities before the bad guys do.
You’ll learn things like:
- Footprinting & Reconnaissance – Gathering public info to understand the target.
- Scanning & Enumeration – Identifying open ports, services, and user accounts.
- Gaining Access – Exploiting weak points.
- Maintaining Access – Staying undetected (as an attacker would).
- Clearing Tracks – Understanding attacker behavior and covering traces.
These aren’t just cool movie scenes — they’re actual phases in a real-life engagement.
You’ll run into names like:
Tools of the Trade
- Nmap – Your best friend for port scanning.
- Wireshark – A deep dive into network traffic.
- Burp Suite – For web app pentests.
- Kali Linux – Basically the Swiss army knife for hackers.
- Metasploit – A framework for exploiting known vulnerabilities.
If all of this sounds overwhelming, good. That means you’re taking it seriously. But once you start, the fog lifts fast.
How I’m Learning (and How You Can Too)
I’m currently enrolled at CUT(Central University of Technology, Free State) for an Ethical Hacking course with the CEHv12 (Certified Ethical Hacker) track — and trust me, it’s a beast. But a beautiful one. Here’s my routine:
- Flashcards & Mind Maps: I create visual study aids to remember everything from DNS zone transfers to vulnerability types.
- Practice Labs: Theory is cute, but hands-on practice is where the magic happens.
- YouTube: Surprisingly good walkthroughs from certified professionals.
- Simulation Tools: Platforms like TryHackMe and Hack The Box let you simulate attacks in safe environments.
Why Developers Should Care
Even if you’re not switching careers to cybersecurity, knowing how attackers think makes you a better developer. You’ll:
- Write more secure code.
- Validate inputs like your life depends on it.
- Spot suspicious behavior in your apps.
- Respect logs and error messages more than ever.
Cybersecurity isn’t a department — it’s a mindset. And if you’ve ever deployed anything to the internet, congratulations: you’re already part of the battlefield.
Final Thoughts (aka Thabo-ism No. 2)
“Just because you built the house doesn’t mean you know how a thief would break in.”
If you’re even mildly curious about ethical hacking, lean into it. Start small. Install Kali Linux in a VM. Run a simple Nmap scan on your local network. Read up on the OWASP Top 10. Before you know it, you’ll be the friend everyone calls when their Instagram gets hacked.
And if all else fails? At least you’ll understand how not to get pwned.