PDF download Download Article PDF download Download Article

Hiring an ethical hacker, also known as a "white hat," can help you protect your business from threats like DDoS attacks and phishing scams. We'll help you find qualified candidates to help you find and fix any security breaches in your companies internet technology.

Part 1
Part 1 of 3:

Filling the Position

PDF download Download Article
  1. It may be tempting to try to save money by sticking with your existing IT team. Without specialized backup, however, your company’s IT systems will be vulnerable to attacks that are far too sophisticated for the average computer whiz to catch. All it would take is one of these attacks to do serious damage to your business’s finances—and reputation. [1]
    • All told, the average cost of securing and cleaning up an online data breach is around $4m. [2]
    • Think of hiring a white hat as taking out an insurance policy. Whatever their services command is a small price to pay for your peace of mind.
  2. It’s not enough to simply decide that you need to beef up your internet defenses. Come up with a mission statement outlining exactly what you hope to accomplish by hiring an outside expert. That way, both you and your candidate will have a clear idea of their duties going in. [3]
    • For example, your financial company might need increased protection from content spoofing or social engineering, or your new shopping app may put customers at risk of having their credit card information stolen. [4]
    • Your statement should function as a kind of reverse cover letter. Not only will it advertise the position, but also describe the specific experience you’re looking for. This will allow you to weed out casual applicants and find the best person for the job.
    Advertisement
  3. Having an ethical hacker on your side is a wise move, but it isn’t a cheap one. According to PayScale, most white hats can expect to pull in $70,000 or more per year. Again, it’s important to keep in mind that the job they’ll be performing is worth what they’re asking. It’s an investment you most likely can’t afford not to make. [5]
    • An inflated pay rate is a small financial setback compared to having a hole blown in the IT system that your company depends on to make a profit.
  4. It may not be necessary to keep a white hat on your IT staff full time. As part of your objectives statement, specify that you’re looking for a consultant to spearhead a major project, perhaps an external penetration test or a rewrite of some security software. This will allow you to pay them a one-time retainer rather than a continual salary. [6]
    • The odd consulting job may be perfect for freelance hackers, or those who have recently received their certification.
    • If you’re pleased with your cybersecurity expert’s performance, you can offer them a chance to work with you again on future projects.
  5. Advertisement
Part 2
Part 2 of 3:

Tracking Down a Qualified Candidate

PDF download Download Article
  1. The International Council of Electronic Commerce Consultants (EC-Council for short) has responded to the growing demand for ethical hackers by creating a special certification program designed to train them and help them find employment. If the security expert you interview can point to official CEH certification, you can be sure they’re the genuine article and not someone who learned their craft in a dark basement. [7]
    • While hacking credentials can be difficult thing to verify, your candidates should be held to the same rigorous standards that all other applicants would.
    • Avoid hiring anyone who can’t provide proof of CEH certification. Since they don’t have a third party to vouch for them, the risks are just too high.
  2. Take a look at some of the listings on sites like Hackers List and Neighborhoodhacker.com. Similar to ordinary job search platforms like Monster and Indeed, these sites compile entries from eligible hackers seeking opportunities to apply their skills. This may be the most intuitive option for employers who are used to a more traditional hiring process. [8]
    • Ethical hacker marketplaces only promote legal, qualified specialists, which means you can sleep easy knowing that your livelihood will be in good hands.
  3. One fun solution that employers have started using to attract prospective candidates is to pit competitors against one another in head-to-head hacking simulations. These simulations are modeled after video games, and are designed to put general expertise and fast-thinking decision making abilities to the test. The winner of your competition may just be the one to provide the support you’ve been looking for. [9]
    • Have your tech team cook up a series of puzzles modeled after common IT systems, or purchase a more sophisticated simulation from a third party developer. [10]
    • Assuming that devising your own simulation is too much labor or expense, you could also try getting in touch with past winners of international competitions like Global Cyberlympics. [11]
  4. Anyone is free to enroll in the EC-Council program that white hats use to earn their CEH certification. If you’d prefer to keep such a high-profile position in-house, consider putting one of your current IT employees through the course. There, they’ll be taught to perform penetration testing techniques that can then be used to probe for leaks. [12]
    • The program is structured as a 5 day hands-on class, with a 4 hour comprehensive exam given on the last day. Attendees must make a score of at least 70% in order to pass. [13]
    • It costs $500 to sit for the exam, along with an additional fee of $100 for students who opt to study on their own.
  5. Advertisement
Part 3
Part 3 of 3:

Bringing an Ethical Hacker into Your Business

PDF download Download Article
  1. It will be necessary to have your candidates thoroughly investigated before you even think about putting them on your payroll. Send their information off to HR or an outside organization and see what they turn up. Pay particular attention to any past criminal activity, especially those involving online offenses. [14]
    • Any type of criminal behavior that pops up in the results of a background check should be considered a red flag (and probably grounds for disqualification). [15]
    • Trust is key to any working relationship. If you can’t trust the person, they don’t belong in your company, no matter how experienced they are.
  2. Assuming your prospect successfully passes their background check, the next step in the process is to conduct an interview. Have your IT manager a member of HR sit down with the candidate with a list of questions prepared, such as, "how did you get involved in ethical hacking?", "Have you ever performed any other paid work?", "What sorts of tools do you use to screen for and neutralize threats?" and "give me an example of how defend our system from an external penetration attack." [16]
    • Meet face-to-face, rather than relying on phone or email, so you can get an accurate idea of the applicant's character.
    • If you have any lingering concerns, schedule one or more followup interviews with another member of management team so you can get a second opinion.
  3. Going forward, your IT team’s number one priority should be preventing cyber attacks rather than cleaning up after them. [17] Through this collaboration, the people creating your company’s online content will learn safer coding practices, more exhaustive product testing, and other techniques for outsmarting would-be scammers. [18]
    • Having an ethical hacker there to check each and every new feature may slow down the development process slightly, but the new airtight security features they devise will be worth the delay. [19]
  4. Take advantage of your white hat’s wealth of knowledge and learn a bit about the types of tactics commonly used by hackers. When you begin to form an understanding of how cyber attacks are planned and carried out, you’ll be able to see them coming. [20]
  5. 5
    Keep a close watch on your hired hacker. While it's unlikely that they'll attempt anything unscrupulous, it's not outside the realm of possibility. Instruct the other members of your IT team to monitor your security status and look for vulnerabilities that weren't there before. Your mission is to protect your business at all costs. Don't lose sight of the fact that threats can come from the inside as well as the outside. [23]
    • An unwillingness to explain their exact plans or methods to you may be a warning sign. [24]
    • If you have reason to suspect that an outsourced specialist is harming your business, don't hesitate to terminate their employment and search for a new one.
  6. Advertisement

Expert Q&A

Search
Add New Question
  • Question
    What qualifications should I look for in an ethical hacker?
    Mitch Harris
    Consumer Technology Expert
    Mitch Harris is a Consumer Technology Expert based in the San Francisco Bay Area. Mitch runs his own IT Consulting company called Mitch the Geek, helping individuals and businesses with home office technology, data security, remote support, and cybersecurity compliance. Mitch earned a BS in Psychology, English, and Physics and graduated Cum Laude from Northern Arizona University.
    Consumer Technology Expert
    Expert Answer
    Look for someone who is authoritative, not authoritarian. A qualified professional should address your fears and concern with knowledge and instruction, not overbearing direction.
  • Question
    How do you manage an ethical hacker?
    Mitch Harris
    Consumer Technology Expert
    Mitch Harris is a Consumer Technology Expert based in the San Francisco Bay Area. Mitch runs his own IT Consulting company called Mitch the Geek, helping individuals and businesses with home office technology, data security, remote support, and cybersecurity compliance. Mitch earned a BS in Psychology, English, and Physics and graduated Cum Laude from Northern Arizona University.
    Consumer Technology Expert
    Expert Answer
    Establish simple rules for your employee. If your rules are too tedious, they might not follow them.
Ask a Question
      Advertisement

      Tips

      • Cybersecurity is a vital concern for every 21st century business, from the biggest financial firm to the smallest startup.
      • Purchasing cybersecurity insurance can guarantee that you’ll get back whatever you lose in the event of a scam, breach, or data leak.
      • It may be a good idea to advertise your need for an ethical hacker on sites like Reddit, where white hats are known to talk shop.
      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!
      Advertisement

      Warnings

      • Stay away from uncertified free agents, hackers with strong political or religious leanings, and so-called “hacktivists.” These rogues may attempt to use the information they gain access to for insidious purposes.
      • Working with a hacker, even an ethical one, could reflect poorly on your company in the eyes of your partners or clients.
      Advertisement

      About This Article

      Thanks to all authors for creating a page that has been read 33,183 times.

      Is this article up to date?

      Advertisement