How to Become an Ethical Hacker in India: 2026 Roadmap

Ethical hacking in India in 2026 is a real career with real salaries, not a movie trope. The path is well-defined now: foundations, lab practice, one cert, one portfolio. Twelve months end-to-end if you are deliberate.

Build the foundation

• Networking — TCP/IP, DNS, HTTP, common ports. Skim the CCNA syllabus.
• Linux — comfort with the shell, services, permissions, basic scripting.
• One scripting language — Python or Bash.
• Web basics — how HTTP, cookies, sessions, and browsers actually work.

Learn how to break things — legally

TryHackMe and HackTheBox have free tiers that walk you from beginner to intermediate. Spend three months working through their learning paths. The “learning by attacking” model sticks far better than reading textbook chapters on OWASP categories.

Pick one certification

Two paths in 2026: CEH (broad, theory-heavy, recognised by Indian HR teams) or OSCP (technical, hands-on, the gold standard for offensive security roles). Freshers usually start with CEH or the cheaper CompTIA Security+. OSCP is worth it when you have a year of practical experience.

Build a portfolio

Write up five HTB or THM machines you have rooted, in proper report format — recon, vulnerability, exploit, post-exploitation, remediation. A Notion page or GitHub repo of clean writeups beats a blank resume that lists a cert.

Where to apply

Indian options in 2026: SISA, Lucideus, NetSPI, KPMG, EY, Microsoft, and the in-house security teams at every BFSI and SaaS company. Entry roles are Security Analyst (SOC), Junior VAPT, or App Security. Starting salaries cluster ₹4L-₹9L; with two years and OSCP, ₹15L+ is realistic.