Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
Why do people become ethical hackers? Given the negative connotations that the word “hacker” has unfortunately acquired over the past few decades, it’s tough to understand why anyone would ascribe themselves to that oxymoron.
Yet, ethical hackers are playing an increasingly vital role in cybersecurity, and the ranks of the ethical hacking community are growing significantly. If you’re thinking about working with or hiring ethical hackers — or even becoming one yourself — it’s important to understand what makes this unique breed of cyber-pro tick.
If you talk to people in the hacker community, you will find that the opportunity to earn cash rewards through bug bounty programs is a key motivator for many. But it’s not the only one, and perhaps it’s not even the most important.
Some people sign up for the sheer enjoyment of hacking without breaking laws. Others want to test their cyber skills and build a resume. Some just want to be part of a community. There’s even an element of vigilantism and the thrill of finding vulnerabilities before bad actors do, helping not only organizations but even friends and family protect themselves.
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
As someone who’s been hacking ethically since high school and now helps curate and manage a community of ethical hackers in my career, I have a good understanding of what makes and motivates a good ethical hacker. Here’s what I’ve learned.
It is not just about the money
Like many side hustles, the money is important. But not always a deciding factor.
A recent survey of my ethical hacker community shows that money is a big motivator. The pay can certainly be good, with one-third of all ethical hackers making at least $1,000 a month.
But there is more to becoming an ethical hacker than financial rewards. According to the survey, 60% of the community spends at least 10 hours a week hacking, 40% devote more than 20 hours, and 18% clock in at over 40 hours a week. Putting in that kind of time shows that it’s not just about the money. Given the skills ethical hackers have, they could likely make more money working as cyber security analysts.
It starts with curiosity
For many ethical hackers, the journey begins with a deep seeded interest in solving puzzles and learning about how things work. For example, Sebastian Neef (alias Gehaxelt) is a computer science Ph.D. student in Germany who started hacking when he was 17.
He said it seemed like a cool thing to do back in 2011 when hackers defacing websites was common. He said it seemed easy too, but unlike some chaos actors interested in vandalism, Sebastian was motivated by curiosity. He wanted to know what administrators would do when he alerted them to vulnerabilities in their systems. Some were grateful and addressed the vulnerability. Others did nothing.
Stories like Sebastian’s are common, where many get started because of an aptitude with technology and curious mindset. But once they discover their skills and become hooked on hacking, there’s a fork in the road. People like Sebastian choose the ethical path.
Belonging to a community has strong appeal
Like any other bond of professionals, ethical hackers form groups and communities where people share both tips and respect. Those communities aren’t like recreational football teams where everybody is fighting for a common purpose, but they are certainly competitive. Many ethical hacking communities have leaderboards. Everyone knows who is at the top of the leaderboard and everyone wants to be number one.
There’s also a camaraderie of working together. Sebastian and roughly 30 other ethical hackers are on a German bug bounty Slack channel. Once a year, they rent out a co-working space, pick a few targets and work together to see who can find the most vulnerabilities. For Sebastian, the community also extends to Tuesday meetups, where people get together and talk about security or participate in capture the flag competitions.
Protecting what’s close provides purpose
In some ways, ethical hackers are a lot like everyone else. They are concerned about the security of websites and other technologies they use every day. But unlike most people, ethical hackers have the skills and knowledge to test things and make sure they’re secure. And once you’ve seen the dangers lurking in technology, and know you have the skills to uncover it, it’s very difficult not to act.
The concern about the security of everyday technology is also one of the things that motivates ethical hackers to pick targets. Beyond just the bounty program, they’re concerned about their own welfare and the cybersecurity of their friends and family.
Like many other professionals inside and outside the technology field, Sebastian and his cohort are motivated by autonomy, mastery and recognition. Ethical hackers can work on their own and on their own time as they try to find weaknesses in an organization’s infrastructure that cyber criminals could exploit. It’s a sense of autonomy that few others in cyber security can claim. Being able to expose vulnerabilities in an organization’s systems and networks that others are not able to find — because of the specific skills and knowledge an ethical hacker possesses — brings a sense of pride and acknowledgment in the community.
But mostly, ethical hackers do it because they want to do the right thing, especially if it leads to stronger security measures that prevent future attacks. These professionals have the potential to do something that might seem impossible or unlikely to many in the cybersecurity field: Giving hacking a good name.
Fredrik Nordberg Almroth is a cofounder and security researcher at Detectify.