How To Be An Ethical Hacker in 2026
This is inspired by the yearly posts Heath Adams used to do back when he was with TCM Security. My aim is to provide a beginner's guide to learning ethical hacking.
This blog was NOT written by AI. I firmly believe writing should be done by humans :)
A quick warning: Only hack things you own or have explicit, written permission to hack. Doing this against public targets without permission will land you in jail, not a junior pentester role.
(This is not a marketing post, but I am the owner of Hack Smarter)
You Need A Strong Foundation
The most common question I get is - "Tyler, I am brand new. How can I become an ethical hacker?"
You cannot become a (good) ethical hacker without having a solid foundation in general IT. Diving straight into hacking - without understanding networking, software, operating systems, web - will lead to frustration and confusion.
I strongly recommend you begin by studying the CompTIA "trifecta"
A+: Covers foundational hardware, software, and troubleshooting skills.
Network+: Covers foundations of networking for both wired and wireless networks.
Security+: Covers foundations of cybersecurity (risk management, threat mitigation, securing networks).
Whether you actually take the certifications isn't relevant; but you should study for them AS IF you are going to take the exam. These 3 certifications provide a solid foundation, and the training is free.
Consider going through Professor Messer's FREE video series covering each of these certifications - https://www.professormesser.com/
-
Building Real Skills
Installing Kali Linux
One of the best ways to build real skills is by using hacking platforms like Hack Smarter and Hack The Box. These platforms provide vulnerable servers within a private network you connect to, and then you can legally hack into them.
You do not want to do this on your base operating system - instead, you will connect from a Virtual Machine. The most widely known Linux distribution for hacking is Kali Linux.
I am not going to cover how to install Kali Linux as a virtual machine - instead, please check out this guide: Kali inside VirtualBox
There is nothing "magical" about Kali Linux. You can install all the same tools on any Linux distribution; Kali is just convenient because most of the tools are already installed for you.
Exploring Training Platforms
There are many training platforms you can use to learn ethical hacking.
Obviously I am biased and think Hack Smarter is an excellent choice. The platform is affordable, the courses are all video-based with hands-on labs, and we release new challenge labs every week. We also have the best infosec community (completely free).
A second great option is Hack The Box. I had AI make a table comparing Hack Smarter and Hack The Box... if you can afford it, I suggest using both!
Feature | Hack Smarter | Hack The Box (HTB) |
Learning Approach | Guided & Methodical: Focuses on guided labs and "Hack With Me" sessions, teaching you the underlying methodology and how to think through a pentest step-by-step. | Self-Driven & Gamified: Excellent for independent problem-solving, offering a massive, world-class library of standalone machines and structured Academy paths. |
Community & Support | Mentorship-First: Shines in direct support, offering weekly goal meetings, resume reviews, peer-led study groups, and accessible career coaching to guide your journey. | Massive Peer Network: Features a huge global user base, active forums, and competitive leaderboards, which is fantastic for connecting with other hackers worldwide. |
Pricing & Value | All-Inclusive Access: Designed to be highly affordable with a simplified, all-in-one subscription to break down barriers to entry for newcomers. | Tiered Offerings: Provides distinct subscription paths for its gamified Labs and its Academy, allowing users to select and pay for the specific type of content they want. |
-
Becoming Job Ready
Certifications
Once you are comfortable solving Easy and Medium difficulty labs, I recommend earning a certification. Unlike the Comptia certs - these are all hands-on. Either you can hack... or you cannot.
I recommend exploring three certifications: OSCP, PNPT, and CPTS.
| OSCP (OffSec Certified Professional) | PNPT (Practical Network Penetration Tester) | CPTS (Certified Penetration Testing Specialist) | |
|---|---|---|---|
| Issuer | OffSec | TCM Security | Hack The Box |
| Exam Format | The 48-Hour Sprint: 24 hours of strictly proctored practical hacking, followed immediately by 24 hours to write and submit a detailed report. | The Full Engagement: 5 days to conduct an unproctored pentest (OSINT, external, AD internal), 2 days for reporting, plus a 15-minute live debrief. | The Deep Dive: 10 days total to hack an unproctored enterprise network environment and submit a commercial-grade report. |
I recommend doing the training for both the PNPT and the CPTS but you do not necessarily need the certifications (the training is top tier). Instead, focus on earning the OSCP because it is still the "gold standard" in the eyes of HR.
If you want to get a feel for what the OSCP is like, we actually have a learning path for it on Hack Smarter.
Security Research
A few years ago, the OSCP was enough to begin a career as a junior penetration tester - but this has changed. Many people have the OSCP and they are applying for the same jobs you are.
The best way to stand out from the crowd is to do real security research. If you have the skill to acquire the OSCP and solve machines on Hack Smarter - you will be able to identify vulnerabilities in open-source software to discover your first CVE (Common Vulnerabilities and Exposures).
I have released multiple videos and workshops on the CVE hunting process. Below is a free workshop I did for Simply Cyber.
https://www.youtube.com/watch?v=EYnf7h6Q1tg
Developing Soft Skills
If you have the OSCP + CVEs but you suck at communicating, you will not be a good ethical hacker. The concept of the lone hacker who sits behind a keyboard all day makes for a unique Hollywood persona but it does not lead to an actual job.
As a penetration tester, you will be spending much of your time communicating to clients via writing (e.g., reports, emails, blogs), and speaking (debriefs, meetings). Many of us in the tech world are neurodivergent, and communication can be a massive struggle.
There is no shortcut. The only way to get better at communication is to communicate. I personally think live streaming is highly effective at learning to communicate with both technical and non-technical audiences. It is terrifying, but if you do it consistently, you will notice significant growth in your communication skills.
Here's a video that breaks this down in greater detail:
-
Join a Community
Trying to do all of this in isolation will lead to discouragement and burnout. You need to find a community of people for mutual encouragement. The Hack Smarter Discord is designed for this exact purpose - we have weekly goal meetings... workshops... an active CTF team... and much more (all for free).