Why More Businesses Should Hire Hackers by Kayla Matthews

Your idea of hacking might involve people who do their deeds in secret to steal information or get revenge. Some hackers, known as black hat hackers, still have those priorities, but there’s a growing number of them who are transparent about what they do and get paid for it.

They’re known as ethical hackers, and many forward-thinking businesses are hiring them.

The Pool of Cybersecurity Experts Is Growing

Firms that have been on the fence about hiring hackers have arguably never had better opportunities to make moves. According to Jeff Schilling, the chief security officer at a company called Armor, there’s approximately a one million person shortage of cyber security specialists — including hackers — but the field is very enticing for individuals looking to get into an in-demand career.

To help encourage students to consider working in cyber security, numerous colleges, including Stanford University and Purdue University, have dedicated majors and extracurricular activities that train people in the fundamentals of ethical hacking. Because these opportunities are present, companies have more chances to connect with highly qualified hackers.

Hackers Spot Vulnerabilities Before It’s Too Late

A company that hires hackers today is not as likely as it might have once been to attract curious stares from competing organizations — that’s because IBM is one example of a company that hired 1000 security specialists in 2015. Many of those employees conduct what are known as “pen tests,” or penetration tests, to see how easy it is to gain access to secured networks and address identified weak points.

One major argument for hiring hackers is that companies need to have people on their side who think the same way hackers do. Then, the businesses can stay ahead of the criminal hackers and patch up holes before they’re found and exploited.

If a company representative asserts IBM thought it was worthwhile to hire hundreds of experts to beef up security, it’s harder for naysayers to build opposing arguments. That’s true because IBM is such a trustworthy and longstanding name in the tech industry.

Companies That Don’t Stay on Top of Flaws Could Receive Bad Press

Because of the rising interest level in things related to cybersecurity, companies can’t merely stay intentionally in the dark about potential security-related problems. If they do, competitors may call them out. A similar kind of announcement happened recently when Google exposed one of Microsoft’s vulnerabilities before the latter company issued a patch for it.

After that announcement, Microsoft’s representatives had to scramble and deal with the unwanted publicity — and they weren’t thrilled with Google's security team for spreading the word about the issue. Companies not only have to worry about criminal hackers infiltrating their systems, but legal ones uncovering issues and raising awareness.

Through an initiative called Project Zero, Google has hired ethical hackers, or “security researchers” to expose internet-wide security problems. Potentially then, if a business has an online presence and isn’t doing what’s necessary to keep things secure, Google might go public about those shortcomings.

Ethical Hackers Help Safeguard Customer Data

Major companies, including Home Depot and Target, found out the hard way about recovering from massive data breaches. To be more proactive about preventing those attacks, brands are employing ethical hackers to try and compromise new features, having them act as if they were illegal hackers intending on grabbing customers’ details.

A Citibank branch in Bahrain even discusses its use of ethical hackers on a page outlining measures taken to beef up security for customers. The mention appears alongside precautions such as 128-bit encryption and periodic security audits.

The Citibank example indicates a couple of things. Firstly, ethical hacking is becoming so commonplace that companies confidently admit they’re doing it and trust customers will understand and accept their reasons. Secondly, the hiring of ethical hackers is a worldwide practice.

The partnership between ethical hackers and banks may initially not seem like a very likely one. However, the banking industry is beginning to capitalize on hiring cybersecurity experts to keep customer data secure, along with other reasons.

Hacking Should Be a Necessary Skill Sought by Those in the Cloud Computing Sector

It’s no secret that cloud computing is experiencing tremendous growth. It’s also a field that looks for people who are knowledgeable about ethical hacking. That skill is considered by some to be among the most desirable in people who are interested in cloud computing careers.

One of the main reasons why shouldn’t come as a surprise. Consider how much information companies store in the cloud. The more data that’s there, the more attractive a target it is for hackers. If a company suffers a malicious hack that only affects its on-site data, that’s bad enough — a cloud infiltration is often much more severe.

Even after reading the information above, some companies still balk at hiring ethical hackers. Representatives might convince themselves the associated expense isn’t worthwhile because a hacking attempt might never occur. Statistics say cyber attacks cost US companies $15.4 million each year. Besides the direct monetary losses, they compromise jobs and wreak havoc on carefully built reputations.

Once companies reach the point where they’re ready to hire, these tips can help them locate and attract the most talented hackers:

1. Know the Types of Hackers Available to Hire

The ethical hackers we’ve focused on so far are also known as white hat hackers. But, they’re not the only kinds a company might hire. There are also blue hat hackers, responsible for revealing bugs before the launch of a new system. Gray hat hackers also exist, but they’re not usually found in job listings — that’s because these hackers do not act with employer consent. However, they offer to sell uncovered information to government agencies.

2. Consider Hiring a Freelance Hacker

In some cases, companies may have one-off jobs for hackers or remain hesitant about bringing someone on board for a full-time position. Those instances may make it feasible for businesses to look at what are called “hacker marketplaces.” Those websites bring freelance hackers and people looking to hire them together. Services offered range from fully legit white-hat capabilities to sinister tasks performed by black-hat hackers.

3. Have a Purpose in Mind

It's not wise for companies to hire hackers unless they have identified reasons for doing so. Otherwise, it'll be hard for hackers to meet expectations, and employers may waste a lot of money because they're not sure which skills are most important for them to find in potential hackers.

4. Think Outside the Box During the Hiring Process

Although there are some exceptions, many hackers aren’t accustomed to the typical corporate lifestyle. They love working in places that prize their creativity and allow them to enjoy lots of freedom. Companies who place many restrictions on their employees and outline them in the job description will likely have trouble getting hackers interested.

Many hackers are also relatively young individuals who have grown up online, so they’ll quickly get bored with dry, stiff language. Businesses not accustomed to hiring people with the personality traits hackers often have may want to hire a copywriter to put a fresh, youthful spin on the language used in the job description.

People in the tech community are familiar with “hackathons” that bring together the brightest minds in the industry and let them show their abilities within tight timeframes. A company interested in recruiting top ethical hackers could host similar events to identify candidates without going through a typical recruiting process — it’d be a terrific way to challenge participants with real-world scenarios while gauging performances and preparing job offers.

There’s something to be aware of regarding background checks, too: When applying at many companies, people with criminal backgrounds are at a significant disadvantage when it comes to getting hired. However, companies seeking out the worthiest hackers must realize that many of those individuals may have honed their skills through illegal means.

That reality is becoming less prominent now because of the college programs mentioned above that give people legal avenues through which to explore hacking. However, they’re relatively new, so if a company is looking for candidates with many years of hacking know-how, it’ll need to be especially aware that applicants who meet the required experience level might not have clean backgrounds.

5. Budget Properly When Recruiting Talented Hackers

Hackers fall within a job category the Bureau of Labor Statistics calls information systems analysts. The average salary for people on that career path is $96,200 annually, and the field is going through a period of rapid forecasted growth.

Those realities mean businesses need to be strategic when making budgets in preparation for hiring hackers. They must be ready to pay new hires more than the amount of money some other types of technology roles command because the skills hackers possess are highly specialized.

Also, since employers are so much more interested in welcoming hackers to their workplaces than they once were, hackers will quickly find companies that are offering attractive salaries and focus on them. The saying “you get what you pay for” holds true in any emerging industry, and corporations can't expect to appeal to skilled hackers while sticking to small budgets.

This is why companies are eager to hire ethical hackers. Tapping into the expertise of hackers could prevent major security breakdowns by spotlighting vulnerabilities before criminal hackers notice them.

About the Author:

Writing about technology for more than five years, Kayla Matthews has contributed to The Week, VICE, VentureBeat and The Data Center Journal. You can also read posts by Kayla on her tech blog, Productivity Bytes.