Hacker Nation: Hacking Is Now a Legit Career Choice

Updated on July 12th, 2016

Hacking isn’t what it used to be.

Many people associate hacking with an awkward teen, sitting in his room attempting to break into a government website just to see if he can. If your perception of hacking is a bit more sophisticated, you might imagine a black hat hacker distributing malicious code, or even a cyber terrorist, motivated by political or religious beliefs.

What you likely don’t envision are ethical hackers – the white hat hackers who are now routinely being hired by large companies to help protect them against potential threats, bugs or attacks.

Turns out, hacking is now big business. Increasingly, companies are willing to pay big bucks to hire computer security specialists to test and monitor systems and networks.

These “security specialists” may not always be the most savoury of characters: KPMG has reported that just over half of UK-based companies would resort to hiring someone with a criminal record in order to stay ahead of cybercriminals. This is a testament to the very real threat these companies perceive when it comes to hacking.

How serious is the hacking problem?

Recent research from WhiteHat Security reveals some pretty terrifying statistics about how vulnerable the average website is, and with what they actually need to be concerned. From the WhiteHat Security analysis of 30,000 websites they found that:

  • 86% of all websites had at least one vulnerability.
  • It takes an average of 163 days to repair a vulnerability from the day it’s originally reported.
  • Retail sites may be at the highest risk, with 55% falling into the category of, “always vulnerable”; meaning they are vulnerable every single day of the year.

Add to this alarming stat to the fact that an estimated 30,000 websites are hacked each day, and it’s no wonder businesses are willing to pay top-dollar to beef up their security.

But it’s not only private companies who are recognizing the risk posed by hackers. A 2015 worldwide threat assessment released by the US Senate Armed Services Committee mentions cyber threats even before organized crime or weapons of mass destruction. The report underlines the ongoing threat posed by hackers, and notes that “the cyber threat cannot be eliminated; rather, cyber risk must be managed.”

If even the government can’t eliminate the risk of cyber attack, the prospects of safety for private companies are even more grim. Some experts are predicting that cybercrime will cost businesses over $2 trillion by 2019, making it clear that businesses will need to find better ways to manage this risk.

Bug bounty programs crop up to attract hackers

Companies like Google are getting creative when it comes to dealing with would-be hackers. Instead of making threats or taking legal action against those who infiltrate their systems, they are looking at these situations as opportunities to strengthen their security.

In an interview with CNBC, Google Apps’ Director of Security, Eran Feigenbaum, stressed the significant benefits of working alongside hackers: “You get a whole new set of eyes. Even with 450 security professionals looking and working on a regular basis to make sure our software’s secure by working with the security community you get a whole extra bench, thinking of things that you may not have thought of.”

This type of protection doesn’t come cheap. Besides hiring an entire team of white hat hackers, last year Google allotted $1.5 million in their budget to award to those hackers who could find previously-undetected vulnerabilities.

Google isn’t the only company implementing these so-called “bug bounty” programs. Companies like Facebook, Samsung and AT&T all offer cash rewards to those hackers who detect and report vulnerabilities. Other companies opt out of awarding cash prizes, instead attempting to lure in small-timers with the promise of company swag or induction into a “hall of fame.”

Other companies have emerged as well, touting themselves as “exploit acquisition platforms.”  Security firm Zerodium, for example, allotted $3 million last year (in the form of 3, $1 million rewards) for anyone able to detect iOS 9 exploits or jailbreaks. And HackerOne, a “vulnerability coordination and bug bounty platform” recently announced on Twitter that they have awarded $6 million to to almost 2,300 hackers.

As one Twitter commenter remarked, “Glad to see that bug bountying is now a viable career option for some people.”

Want to become a hacker? There’s a class for that

Worried you’ve missed the boat when it comes to a career in hacking? Don’t worry…it’s not too late.

There are a few ways would-be hackers can become legitimate white hat hackers or “penetration testers,” as they’re sometimes called.

As in many fields, a college degree and related experience in IT will probably be required. But that’s just the start. Official certification in hacking – as unlikely as that sounds – is usually a requirement for anyone looking to get their foot in the door.

Perhaps the most well-known certification is the one offered by the EC-Council, a company which provides a variety of IT security courses. Their 5-day certification in ethical hacking prepares IT professionals to become expert hackers, teaching everything from the ethics of hacking, types of attacks, performing vulnerability assessments, and more. Upon completion of the course, candidates can then take the Licensed Penetration Tester exam to demonstrate mastery in their field.

According to Eric Geier of PC World, the annual salary for an ethical hacker starts at around $50,000, going up to as high as $120,000 or more for consulting. The average salary for IT professionals in the U.S. running somewhere around $80,000/year, it seems ethical hacking may actually be a financially-feasible career choice.

Conclusion

Hackers pose a very real threat to businesses and governments. But, when this specialized knowledge and skill-set can be harnessed and used to identify vulnerabilities, everyone wins.

Businesses should continue to employ security software, while realizing this only protects against simple threats. Combining these systems with knowledgable, experienced people – even, or especially hackers – will provide the best protection overall.

John Rampton

John Rampton

John Rampton is an entrepreneur and connector. When he was 23 years old while attending the University of Utah he was hurt in a construction accident. His leg was snapped in half. He was told by 13 doctors he would never walk again. Over the next 12 months he had several surgeries, stem cell injections and learned how to walk again. During this time he studied and mastered how to make money work for you, not against you. He has since taught thousands through books, courses and written over 5000 articles online about finance, entrepreneurship and productivity. He has been recognized as the Top Online Influencers in the World by Entrepreneur Magazine, Finance Expert by Time and Annuity Expert by Nasdaq. He is the Founder and CEO of Due.

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More