Ethical hacking is the practice of finding and validating security weaknesses in systems with explicit authorization and a defined scope. It matters because the same classes of flaws are exploited in the wild, and disciplined testing helps organizations prioritize fixes before incidents occur. A useful mental model is to treat every action as evidence-driven: if you can’t justify it via scope, logging, and an auditable trail of what you touched and why, it doesn’t belong in the engagement.