How White Hat Hackers Are Shaking Up Cyber Security
January 6, 2017
Hacking is not outright unethical -- in the right context, it can actually prove quite useful for corporations and government entities in need of enhanced security protocol. Organizations would much rather have security problems uncovered by hackers they've hired themselves than leave those vulnerabilities open for exploitation by unethical hackers. Hence, the popularity of white hat hacking, in which hacking skills are used to detect security issues in advance.
Increased Security Breaches: Why White Hat Hackers are So Important
White hat hackers are becoming increasingly prevalent due to the need for better defense against sophisticated black hat (malicious) hackers. Even seemingly minor hacks can prove incredibly costly, both for impacted organizations and the population at large. According to CNN, the Ponemon Institute of Cyber Crime estimates that hacking costs the average firm a whopping $15.4 million per year. Furthermore, a 2014 report funded by McAfee and published by the Center for Strategic and International Studies found that hackers cost the global economy over $445 billion each year. It makes sense, then, for companies to either employ in-house white hat hackers or to pay the public to point out potential security issues.
Ethical Hacking: Salary and Benefits
Given the high demand for ethical hackers, it is increasingly common for major corporations and government agencies to keep their employed hackers in-house, where these skilled employees earn a very comfortable living, complete with healthcare and retirement benefits. The Bureau of Labor Statistics has not yet compiled salary information specifically for white hat hackers, but according to Indeed, the average certified ethical hacker earns an impressive $104,000 per year. This is a significant increase over the annual $90,120 salary for information security analysts (a similar job title with significant overlap in job duties) reported by the BLS.
Although many of today's hackers are employed in-house, some prefer to work as consultants or on a freelance basis. These ethical hackers enjoy greater control over their schedules, and in some cases, the ability to command a far higher salary. There is greater risk involved in this career path, however, especially for those who seek earnings through public reward programs.
White Hat Hacker Reward Programs
Some corporations, in addition to hiring hackers in-house, offer extensive reward programs for outside hackers who successfully identify security issues -- and more importantly, notify the appropriate parties of these problems. Notable examples include Google and Apple, both of which have offered significant monetary awards to successful white hat hackers. These programs are often referred to as bug bounties, and for those with a little technical skill and a lot of persistence, they can lead to tens, even hundreds of thousands in income.
Google's Vulnerability Reward Program is one of the most notable examples of a bug bounty, and sometimes, its rewards reach well over five figures. For example, in late 2014, Google awarded a team of Polish security researchers $50,000 after they uncovered security issues with the App Engine. After a long wait, Apple released a similar bug bounty program in 2016, but restricted it to an invite-only basis.
Training and Education For White Hat Hackers
White hat hackers are often thought of as self-taught individuals who spend all of their spare time tinkering with security systems. While this is true in some cases, ethical hackers increasingly prefer to seek out training from accredited academic programs, as the right credentials can significantly expand their earning potential. The Bachelor of Science in Cyber Defense is a popular option, as it provides not only a broad base of information security knowledge, but also specific training in perimeter network security and internet work operations. With this degree, students can pursue white hat hacking jobs or set their sights on a more traditional path, such as information security or network administration.
The sophistication of today's black hat hackers is startling, but with the help of white hat experts, corporations and government agencies are beginning to catch up. If you are interested in using your technical prowess to earn a comfortable living -- and more importantly, to perform public works and improve the global economy -- white hat hacking may be a viable career path.