Download Article
Download Article
Hiring an ethical hacker, also known as a "white hat," can help you protect your business from threats like DDoS attacks and phishing scams. We'll help you find qualified candidates to help you find and fix any security breaches in your companies internet technology.
Steps
-
Evaluate the risks of going unprotected. It may be tempting to try to save money by sticking with your existing IT team. Without specialized backup, however, your company’s IT systems will be vulnerable to attacks that are far too sophisticated for the average computer whiz to catch. All it would take is one of these attacks to do serious damage to your business’s finances—and reputation. [1] X Research source
- All told, the average cost of securing and cleaning up an online data breach is around $4m. [2] X Research source
- Think of hiring a white hat as taking out an insurance policy. Whatever their services command is a small price to pay for your peace of mind.
-
Identify your company’s cybersecurity needs. It’s not enough to simply decide that you need to beef up your internet defenses. Come up with a mission statement outlining exactly what you hope to accomplish by hiring an outside expert. That way, both you and your candidate will have a clear idea of their duties going in. [3] X Research source
- For example, your financial company might need increased protection from content spoofing or social engineering, or your new shopping app may put customers at risk of having their credit card information stolen. [4] X Research source
- Your statement should function as a kind of reverse cover letter. Not only will it advertise the position, but also describe the specific experience you’re looking for. This will allow you to weed out casual applicants and find the best person for the job.
Advertisement -
Be prepared to offer competitive pay. Having an ethical hacker on your side is a wise move, but it isn’t a cheap one. According to PayScale, most white hats can expect to pull in $70,000 or more per year. Again, it’s important to keep in mind that the job they’ll be performing is worth what they’re asking. It’s an investment you most likely can’t afford not to make. [5] X Research source
- An inflated pay rate is a small financial setback compared to having a hole blown in the IT system that your company depends on to make a profit.
-
See if you can hire a hacker by the job. It may not be necessary to keep a white hat on your IT staff full time. As part of your objectives statement, specify that you’re looking for a consultant to spearhead a major project, perhaps an external penetration test or a rewrite of some security software. This will allow you to pay them a one-time retainer rather than a continual salary. [6] X Expert Source Mitch Harris
Consumer Technology Expert Expert Interview. 23 June 2021.- The odd consulting job may be perfect for freelance hackers, or those who have recently received their certification.
- If you’re pleased with your cybersecurity expert’s performance, you can offer them a chance to work with you again on future projects.
Advertisement
-
Look for candidates with Certified Ethical Hacker (CEH) certification. The International Council of Electronic Commerce Consultants (EC-Council for short) has responded to the growing demand for ethical hackers by creating a special certification program designed to train them and help them find employment. If the security expert you interview can point to official CEH certification, you can be sure they’re the genuine article and not someone who learned their craft in a dark basement. [7] X Research source
- While hacking credentials can be difficult thing to verify, your candidates should be held to the same rigorous standards that all other applicants would.
- Avoid hiring anyone who can’t provide proof of CEH certification. Since they don’t have a third party to vouch for them, the risks are just too high.
-
Browse an online ethical hacker marketplace. Take a look at some of the listings on sites like Hackers List and Neighborhoodhacker.com. Similar to ordinary job search platforms like Monster and Indeed, these sites compile entries from eligible hackers seeking opportunities to apply their skills. This may be the most intuitive option for employers who are used to a more traditional hiring process. [8] X Research source
- Ethical hacker marketplaces only promote legal, qualified specialists, which means you can sleep easy knowing that your livelihood will be in good hands.
-
Host an open hacking competition. One fun solution that employers have started using to attract prospective candidates is to pit competitors against one another in head-to-head hacking simulations. These simulations are modeled after video games, and are designed to put general expertise and fast-thinking decision making abilities to the test. The winner of your competition may just be the one to provide the support you’ve been looking for. [9] X Research source
- Have your tech team cook up a series of puzzles modeled after common IT systems, or purchase a more sophisticated simulation from a third party developer. [10] X Research source
- Assuming that devising your own simulation is too much labor or expense, you could also try getting in touch with past winners of international competitions like Global Cyberlympics. [11] X Research source
-
Train a member of your staff to handle your counter-hacking duties. Anyone is free to enroll in the EC-Council program that white hats use to earn their CEH certification. If you’d prefer to keep such a high-profile position in-house, consider putting one of your current IT employees through the course. There, they’ll be taught to perform penetration testing techniques that can then be used to probe for leaks. [12] X Research source
- The program is structured as a 5 day hands-on class, with a 4 hour comprehensive exam given on the last day. Attendees must make a score of at least 70% in order to pass. [13] X Research source
- It costs $500 to sit for the exam, along with an additional fee of $100 for students who opt to study on their own.
Advertisement
-
Conduct a thorough background check. It will be necessary to have your candidates thoroughly investigated before you even think about putting them on your payroll. Send their information off to HR or an outside organization and see what they turn up. Pay particular attention to any past criminal activity, especially those involving online offenses. [14] X Research source
- Any type of criminal behavior that pops up in the results of a background check should be considered a red flag (and probably grounds for disqualification). [15] X Research source
- Trust is key to any working relationship. If you can’t trust the person, they don’t belong in your company, no matter how experienced they are.
-
Interview your candidate in depth. Assuming your prospect successfully passes their background check, the next step in the process is to conduct an interview. Have your IT manager a member of HR sit down with the candidate with a list of questions prepared, such as, "how did you get involved in ethical hacking?", "Have you ever performed any other paid work?", "What sorts of tools do you use to screen for and neutralize threats?" and "give me an example of how defend our system from an external penetration attack." [16] X Research source
- Meet face-to-face, rather than relying on phone or email, so you can get an accurate idea of the applicant's character.
- If you have any lingering concerns, schedule one or more followup interviews with another member of management team so you can get a second opinion.
-
Assign your cybersecurity expert to work closely with your development team. Going forward, your IT team’s number one priority should be preventing cyber attacks rather than cleaning up after them. [17] X Expert Source Mitch Harris
Consumer Technology Expert Expert Interview. 23 June 2021. Through this collaboration, the people creating your company’s online content will learn safer coding practices, more exhaustive product testing, and other techniques for outsmarting would-be scammers. [18] X Research source- Having an ethical hacker there to check each and every new feature may slow down the development process slightly, but the new airtight security features they devise will be worth the delay. [19] X Research source
-
Inform yourself on how cybersecurity affects your business. Take advantage of your white hat’s wealth of knowledge and learn a bit about the types of tactics commonly used by hackers. When you begin to form an understanding of how cyber attacks are planned and carried out, you’ll be able to see them coming. [20] X Research source
- Ask your consultant to submit regular, detailed briefings on what they’ve uncovered. Another way to brush up is to analyze their findings with the help of your IT team. [21]
X
Expert Source
Mitch Harris
Consumer Technology Expert Expert Interview. 23 June 2021. - Encourage your hired hacker to explain the measures they’re implementing rather than just leaving them to do their thing unquestioned. [22]
X
Expert Source
Mitch Harris
Consumer Technology Expert Expert Interview. 23 June 2021.
- Ask your consultant to submit regular, detailed briefings on what they’ve uncovered. Another way to brush up is to analyze their findings with the help of your IT team. [21]
X
Expert Source
Mitch Harris
-
5Keep a close watch on your hired hacker. While it's unlikely that they'll attempt anything unscrupulous, it's not outside the realm of possibility. Instruct the other members of your IT team to monitor your security status and look for vulnerabilities that weren't there before. Your mission is to protect your business at all costs. Don't lose sight of the fact that threats can come from the inside as well as the outside. [23] X Research source
- An unwillingness to explain their exact plans or methods to you may be a warning sign. [24]
X
Expert Source
Mitch Harris
Consumer Technology Expert Expert Interview. 23 June 2021. - If you have reason to suspect that an outsourced specialist is harming your business, don't hesitate to terminate their employment and search for a new one.
- An unwillingness to explain their exact plans or methods to you may be a warning sign. [24]
X
Expert Source
Mitch Harris
Advertisement
Expert Q&A
Search
-
QuestionWhat qualifications should I look for in an ethical hacker?Mitch Harris is a Consumer Technology Expert based in the San Francisco Bay Area. Mitch runs his own IT Consulting company called Mitch the Geek, helping individuals and businesses with home office technology, data security, remote support, and cybersecurity compliance. Mitch earned a BS in Psychology, English, and Physics and graduated Cum Laude from Northern Arizona University.Look for someone who is authoritative, not authoritarian. A qualified professional should address your fears and concern with knowledge and instruction, not overbearing direction.
-
QuestionHow do you manage an ethical hacker?Mitch Harris is a Consumer Technology Expert based in the San Francisco Bay Area. Mitch runs his own IT Consulting company called Mitch the Geek, helping individuals and businesses with home office technology, data security, remote support, and cybersecurity compliance. Mitch earned a BS in Psychology, English, and Physics and graduated Cum Laude from Northern Arizona University.Establish simple rules for your employee. If your rules are too tedious, they might not follow them.
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
Advertisement
Tips
- Cybersecurity is a vital concern for every 21st century business, from the biggest financial firm to the smallest startup.Thanks
- Purchasing cybersecurity insurance can guarantee that you’ll get back whatever you lose in the event of a scam, breach, or data leak.Thanks
- It may be a good idea to advertise your need for an ethical hacker on sites like Reddit, where white hats are known to talk shop.Thanks
Submit a Tip
All tip submissions are carefully reviewed before being published
Name
Please provide your name and last initial
Thanks for submitting a tip for review!
Advertisement
Warnings
- Stay away from uncertified free agents, hackers with strong political or religious leanings, and so-called “hacktivists.” These rogues may attempt to use the information they gain access to for insidious purposes.Thanks
- Working with a hacker, even an ethical one, could reflect poorly on your company in the eyes of your partners or clients.Thanks
Advertisement
References
- ↑ https://www.businessnewsdaily.com/8231-small-business-cybersecurity-guide.html
- ↑ https://www.esecurityplanet.com/hackers/how-to-hire-an-ethical-hacker.html
- ↑ https://www.techworld.com/careers/how-hire-ethical-hacker-3653832/
- ↑ https://www.esecurityplanet.com/hackers/how-to-hire-an-ethical-hacker.html
- ↑ https://www.tomsitpro.com/articles/white-hat-hacker-career,1-1151.html
- ↑ Mitch Harris. Consumer Technology Expert. Expert Interview. 23 June 2021.
- ↑ https://cert.eccouncil.org/certified-ethical-hacker.html
- ↑ https://www.recruiter.com/i/how-to-hire-an-ethical-hacker/
- ↑ https://www.techworld.com/careers/how-hire-ethical-hacker-3653832/
- ↑ https://www.fastcompany.com/3026749/not-your-typical-hackathon-symantecs-cyberwar-simulation-transforms-employees-into-criminals
- ↑ https://www.cyberlympics.org/
- ↑ https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
- ↑ https://www.eccouncil.org/wp-content/uploads/2016/02/cehv9-brochure.pdf
- ↑ https://www.esecurityplanet.com/hackers/how-to-hire-an-ethical-hacker.html
- ↑ https://www.techrepublic.com/blog/it-security/hiring-hackers-the-good-the-bad-and-the-ugly/
- ↑ https://resources.infosecinstitute.com/ethical-hacking-interview-questions/
- ↑ Mitch Harris. Consumer Technology Expert. Expert Interview. 23 June 2021.
- ↑ https://www.techrepublic.com/article/ethical-hackers-how-hiring-white-hats-can-help-defend-your-organisation-against-the-bad-guys/
- ↑ https://www.esecurityplanet.com/hackers/how-to-hire-an-ethical-hacker.html
- ↑ https://www.businessnewsdaily.com/8231-small-business-cybersecurity-guide.html
- ↑ Mitch Harris. Consumer Technology Expert. Expert Interview. 23 June 2021.
- ↑ Mitch Harris. Consumer Technology Expert. Expert Interview. 23 June 2021.
- ↑ https://blog.trendmicro.com/the-inside-job-how-hackers-are-stealing-data-from-within/
- ↑ Mitch Harris. Consumer Technology Expert. Expert Interview. 23 June 2021.
About This Article
Thanks to all authors for creating a page that has been read 33,183 times.
Advertisement