An Ashling Team “What Is” Feature: White Hat Hackers Unveiled
A White Hat Hacker, also known as an ethical hacker or penetration tester, legally breaks (hacks) into systems and networks to test and evaluate their security.
So how does a ‘white hat’ come into play? Well, it’s believed that the term originated from Western films where the ‘good’ cowboys wore white hats; bad cowboys, black hats (black hat hackers are criminals).
About: Ethical hacking may sound counterintuitive, but hackers who don white hats— so to speak— use their powers for ‘good.’ Organizations often commission white hat hackers— offering bounties— to identify, exploit (in part) and report vulnerabilities. In fact, Facebook just announced an increase in ‘bug bounties’ for hackers who find and report ways to access accounts. The objective is to find and address problems before they become a security risk. And who better to test the hackability of a system, then a hacker?
Education & Springboard Area(s) of Expertise: Currently, education requirements aren’t standardized for white hat hackers. As such, employers set their own requirements, which often include a bachelor's or master's degree in information security, computer science, or digital forensics. However, experience is heavily weighted.
That said, problem solving, and strong technical, organizational and communication skills are also essential to white hat hacking. Strategic thinking and the ability to channel the malicious intentions of a black hat hacker are integral, too. In fact, some notable white hat hackers are former black hats.
Having dabbled-in physical penetration testing is also an asset since full, comprehensive penetration testing involves circumnavigating the physical security of a company’s building and data center.
Those who are well-positioned for white hat hacking have experience with incident response, detection analysis, entry-level pen testing and security operations.
And professionals with a military background, particularly in intelligence, often standout to hiring companies, especially if the employer prefers individuals with security clearances.
Popular Certifications: CEH, Security+, GPEN, GXPN. And, CISSP, CISM and Security+, which cover physical security in addition to cybersecurity.
www.mile2.com offers a penetration testing hacking series that includes CVA, CPEN, CPTE, and CPTC certification. Qualifying U.S. veterans can apply their GI Bill benefits to certifications and training through mile2.
Most Sought-After Skills: Coding and programming; a background in network security; experience with digital forensics programs, penetration testing, vulnerability analysis, and vulnerability scan tools; and the ability to learn new technologies quickly and think quickly in-the-moment.
LATERAL Growth Opportunities: Network Security Engineer, Network Security Operations Engineer
VERTICAL Growth Opportunities: Senior Engineer, Senior Network Security Engineer, Network Security Manager, Penetration Testing Manager
Ashling Team (AT) Insight: Ashling Team senior recruiter Olivia Byrne recommends if you’re interested in consulting as a white hat hacker or being employed as an in-house white hat/pen tester, to pursue CEH or GPEN certification.
“Experience with firewalls, honeypot, and SQL coding will create a more comprehensive, attractive resume, too,” continues Byrne. “And pending the specific opportunity you’re seeking, physical penetration testing (bypassing a building’s security barriers) would also be valuable."
“Of course, immersing yourself in the industry through research and by reaching-out to colleagues here in the Ashling Community, will expound your expertise and, subsequently, broaden your opportunities,” she adds.
Interested in finding and/or pursuing a job as a white hat hacker? Then DM Byrne through the community, or at firstname.lastname@example.org. And to peruse a variety of career opportunities at various levels in a myriad of fields, peruse Ashling's Jobs page here in the community.