The white hat hacker is the hero of the cyber security world. The white hats (aka ‘ethical hackers’) are the professionals who use their infiltration skills to uncover security failings and help safeguard organizations’ systems from the bad guys.
But what exactly do white hat hackers do? What skills, experience and certifications do you need to land an ethical hacking job? What demand is there for white hats - and what salary level can you expect?
Read on to get the full lowdown on white hat hacking, where it sits in the hacking landscape, and the skills and qualifications to focus on as you start out on your ethical hacking career path.
What Is a White Hat Hacker?
Hackers are popularly categorized similarly to the tropes in old-school Westerns. The white hat is instantly-recognizable as the straight-up good guy; the sheriff or marshal committed to keeping the town safe, thwarting any bandits, and someone who always sticks to the letter of the law.
Translating this to cyber security, a white hat hacker (aka ethical hacker) is an information security professional who actually has a similar skillset to the bad guys (the black hat hackers). However, those skills are used for purely legitimate purposes; i.e., to proactively seek out system vulnerabilities and close any security gaps before the black hat hackers can exploit them.
You always expect the classic white hat sheriff to keep on the right side of the rules. In the same way, one of the watchwords of white hat hacking is authorization. As an ethical hacker, your actions should always be agreed in advance with the owners of the target system. Care needs to be taken to stick to the terms of that authorization.
What Makes White Hats Different?
To understand this, it’s worth clarifying what we actually mean by a hacker and hacking.
In its broad technical sense, hacking refers to solving a problem, often through improvisation, or by using non-standard techniques.
In the cyber sphere, hacking refers to gaining access to a device, system, or network, in a way that the creator of that entity did not intend. Examples include overriding a security measure, exploiting a software vulnerability, or hoodwinking a systems user into granting you access.
In itself, hacking is morally neutral. The way that hackers are characterized depends on the intent behind the hack, and the circumstances under which the hacking activity takes place.
Bearing all of this in mind, two important elements set white hat hackers apart from other types of hackers:
To ensure you stay on the right side of the law, it’s worth taking a look at our guide, Is Hacking Illegal?
White Hat Hackers versus Black, Grey, and Red Hat Hackers
White hats and black hats sit at opposite ends of the hacking spectrum. Between them, there are some more ambiguous operating modes, where the intentions of the hacker can be more complicated, and there’s often a greater willingness to stray from the letter of the law.
To help you further understand further what sets white hat hackers apart, here’s a side-by-side comparison with these other hacking personas.
The Parameters of the White Hat Hacking Process
As we’ve seen, authorization is one of the defining features of the ethical hacking operating model. If you’re involved in white hat hacking, it’s important to follow these protocols:
- Obtain approval. Get authorization from the system owner before commencing any hacking activity. Bear in mind that if the target organization uses a shared cloud environment, authorization may also need to be obtained from any relevant service providers.
- Define the scope. As part of the agreement, determine the scope of the evaluation, the activities you will be undertaking, techniques to be used, timings for your activity, and the assets and network areas you will be attempting to access.
- Notification procedures. There should be a defined procedure for communicating your hacking findings to the target organization.
- Information sensitivity. A non-disclosure agreement is usually included as part of the agreement. Avoid straying into accidental breach of this, e.g. by going into the specifics of your activity on hacking forums, or on your resume.
White Hat Hacking as a Career
Any responsible organization will seek to put a system of information security controls in place. But how do you know if those security controls will work in real-life situations?
This gets to the heart of why ethical hacking skills are valued by all kinds of businesses, governmental departments, and other organizations. The threat landscape is shifting all the time. Organizations need skilled professionals to continually probe for weaknesses, to test, and identify those areas that need to be optimized to bolster the organization’s security stance.
Here’s a closer look at the employment and career options that exist in the sphere of white hat hacking…
How Organizations Engage White Hat Hackers
You’ll find that companies hire hackers in a number of different ways:
- Dedicated in-house hacking roles. Some large organizations directly employ individuals in dedicated white hat hacking roles. They then work alongside other IT and cyber professionals and are solely responsible for probing and testing the organization’s security. Common job titles for these roles include Penetration Tester, Vulnerability Tester and Security Tester.
- Freelance and consulting roles. A fresh pair of eyes can often be just what’s needed to provide independent assurance of an organization’s existing controls. Organizations often draft in consultants or freelancers to engage in hacking under agreed parameters.
- Bug bounty schemes. This is where organizations (e.g. Apple, Paypal, Goldman Sachs) put out an open invitation to independent ethical hackers to hunt out bugs in their systems. To find out more about bug bounty hunting, the Hackerone platform is worth a look.
Job Prospects and Demand
Even though the jobs may involve very large elements of white hat (aka ethical) hacking, it is actually pretty rare for employers to use this terminology in their job descriptions. As such, a search for current ethical hacker jobs on Indeed USA brings up just 440 open positions…
However, don’t be misled by this! If you are looking to put your hacking skills to work in the white hat arena, the demand is most definitely out there. It’s just that you need to hone your searches to use the job description terminology preferred by employers.
Penetration tester is probably the best example of this. In the enterprise sphere especially, the terms penetration tester and ethical hacker tend to be regarded as pretty much the same thing.
According to a recent analysis carried out by StationX, the phrase, “junior penetration tester” on Linkedin brought up 29,453 positions in the United States, 2,717 in the United Kingdom and 868 in Canada.
“While ZipRecruiter is seeing annual salaries as high as $173,000 and as low as $63,000, the majority of Penetration Tester salaries currently range between $97,500 (25th percentile) to $135,000 (75th percentile) with top earners (90th percentile) making $156,000 annually across the United States.”
Also, as we touched on earlier, there is a wide range of roles where the job title does not necessarily refer to white hat hacking / penetration testing, but where there is a significant element of this type of work involved. Here’s one fairly typical example…
Depending on the specific requirements of the employer, cyber jobs that require white hat hacking skills can include the following:
- Pentester/Penetration Tester
- Ethical Hacker
- White Hat Hacker
- Red Teamer
- Vulnerability Tester
- Security Tester
- Vulnerability Assessor/Vulnerability Assessment Professional
- Application/Network Security Consultant
Becoming a White Hat Hacker
For real-life tips on landing a role, our Newbie’s Guide to Finding a Cyber Security Job is definitely worth a look. Specifically to boost your hacking employability, here’s a closer look at the areas of knowledge required, the activities involved, and the certifications to focus on to build and verify your expertise.
White Hat Hacking Essential Knowledge Areas
These are the areas to focus on…
For ethical hacking, you’ll need a good working knowledge of IT infrastructure and basic networking concepts (i.e. connections, topologies and architecture). You’ll also need to know your way around network implementations and security. Studying for CompTIA Network+ or CCNA can be a useful way of plugging any knowledge gaps in this area. For more information, check out this Network+ Cheat Sheet.
To operate as a white hat hacker, you are going to need to understand how to use Linux. Two Linux distributions in particular - Kali Linux and ParrotOS - contain a host of ready-made ethical hacking tools, covering everything from information gathering to exploitation. For further information, check out our guide, Kali Linux vs Parrot OS: Which Pentesting Distro is Best?
The move to cloud infrastructure is only picking up speed, so it’s likely many of the organizations you’ll be carrying out ethical hacking activities for will operate within a cloud environment. You’ll need a solid knowledge of these environments (e.g. cloud-specific configurations, APIs, virtual machines and databases). For more detailed tips on boosting your expertise in this area, check out our guide to The Best Cloud Security Certifications.
This general-purpose programming language is a very popular choice among hackers. It is relatively easy to get to grips with, and has a large range of libraries that enable you to access and adapt tools for activities such as port scanning, packet sniffing, and password cracking.
Ethical hacking tools
You don’t become a confident white hat hacker overnight. It comes with experience - and a big part of this involves finding your way around the toolkits commonly used for things like enumeration, remote code injection, password cracking, and a host of other common hacking tasks.
For an introduction to some of the best ready-made hacking solutions out there, Take a look at our guide, 25 Top Penetration Testing Tools for Kali Linux in 2023.
White Hat Hacking Activities
Below, we’ve highlighted some of the most common activities you’ll be involved in day-to-day as a white hat hacker.
In this early stage, you don’t interact directly with the target system. Instead, it’s about gathering publicly available information - referred to as Open Source Intelligence (OSINT). This includes information such as active hosts, domain names, IP addresses, user information, and technologies used.
The purpose of this reconnaissance is to provide you with insight on the best approach to hacking the target.
Here you begin to actively scan your target (whether it is a network, website, etc.). This provides you with a vast amount of information, including open ports, software versions, users and groups, and other technologies. You can then use this information to determine your attack surface.
Based on the vulnerabilities or weak security controls you have identified, you can then attempt to exploit them to gain access to the target system. A few example techniques include exploiting known vulnerabilities that the target organization has failed to patch, using social engineering to bypass access controls, or exploiting misconfigurations in applications or network devices.
Once you have gained access, further investigation may involve, for instance, attempts to escalate privileges to try and establish how much control or damage an actual attacker would be able to achieve.
Having completed your investigations, it’s then a case of following up; i.e. reporting on the specific vulnerabilities you have found and suggesting remediation steps.
The majority of these activities are included under the umbrella term, “penetration testing”: i.e. a systematic process of probing for vulnerabilities across an IT infrastructure - often involving mock cyber attacks. For a closer look at the tools, tricks and techniques used in this area, take a look at our guide, How to Become a Penetration Tester.
White Hat Hacking Certifications
We’ve seen how authorization is central to white hat hacking. And, whether you’re being drafted in as a freelancer, or being considered for a payrolled position where ethical hacking is involved, organizations will want verifiable assurances that you know your stuff before they let you loose on their systems.
With this in mind, we’ve picked out the best ethical hacking certifications for cyber security professionals at different stages in their careers. For further info on our recommendations and a rundown of each certification, head over to our guide, The Very Best Ethical Hacking Certifications for You in 2023.
Famous White Hat Hackers
Take a look at these examples of accomplished hackers putting their talents to good use.
Miller made his name in the hacking world for demonstrating the vulnerabilities of Apple products, including this feat of hacking a MacBook Air in just two minutes…
In 2008, Kaminsky discovered a major flaw in the DNS system, which, if exploited, would have opened the door to the mass theft of account and password information. Sadly, Kaminsky died in 2021. Here he is being interviewed for DEFCON in 2012…
Winners of the 2023 Pwn2Own hacker contest. This is the second year in a row that the French-based security team, Synacktiv had managed to successfully hack a Tesla Model 3.
In 2022, they hacked the vehicle’s infotainment system, but the complexity of the hack was not enough to win the car. A year later, they came back with a successful Time of Check to Time of Use (TOCTOU) hack, which won them the top cash prize and the car itself…
The best way to test the effectiveness of security measures is to keep probing them for weaknesses. Sensible organizations recognize this, which is why the demand for skilled white hat hackers isn’t going away any time soon.
To start developing the fundamental knowledge required for ethical hacking, we would recommend taking a look at the following courses.