Not all hackers are bad: Discover the positive impact of ethical hackers in cybersecurity

By Nathan Vincent

Sep 2, 2024

Hackers aren’t always the ‘baddies’. Photo by Dragos Condrea

The word hacker often makes people think of a hooded villain sitting behind a computer and up to no good but I’m here to dispel that myth. Of course, there are malicious actors out there that do bad things, but there is an army of professional hackers protecting networks and people across the world.

How do these hackers differ from the bad guys? I explain it like this: Imagine your house has been robbed. You come home to find that someone has broken in, but there are no obvious signs of forced entry. You call the police, and when they arrive to investigate, they aren’t criminals, but they understand how criminals think. They quickly notice subtle clues, like a small object used to slip under a window to open it, revealing how the thief gained access.

Meet the ethical hacker: the unsung hero working behind the scenes. So, what exactly is an ethical hacker? First and foremost, they adhere to a strict code of ethics, with the most important rule being to never test or attack a network without the owner’s explicit permission. Additionally, ethical hackers operate within a clearly defined scope — often referred to as the rules of engagement — which outlines precise instructions on how to conduct tests and report any vulnerabilities or misconfigurations discovered during their assessment.

How do ethical hackers train? There are countless platforms available for learning the art of hacking, with YouTube being a popular starting point for many. Currently, I’m focused on earning the Offensive Security Certified Professional certification, one of the most sought-after credentials in the cybersecurity field. I won’t sugarcoat it — this certification is not for the faint-hearted. It demands a significant amount of study time and dedication to achieve. I’ve been studying for about six months, and I still have a long way to go before I’m ready to take the exam. The exam itself is intense: you’re given 24 hours to compromise several machines, earning points for each successful breach. To pass, you need to accumulate 70 points, which involves locating specific files, known as flags, on each machine and reporting your findings.

Other legitimate training platforms include sites such as TryHackMe and Hack The Box, which offer a variety of modules presented in a gamified learning style that makes the experience both educational and enjoyable.

Ethical hackers and cybersecurity professionals play a crucial role in helping companies and small businesses identify and fix vulnerabilities in their networks. One popular avenue for this is through bug bounties, where independent security researchers are rewarded for discovering and reporting software flaws. This process is vital for maintaining the security of various systems, as it allows software vendors to issue patches before vulnerabilities can be exploited.

It’s essential to regularly patch not only your operating systems, such as Windows, macOS, Android and iOS, but also commonly used software such as Chrome, Firefox and Adobe Reader. Bug bounties can be quite lucrative; payouts can start at around $500 for common software bugs and go much higher. As of 2024, the highest bug bounty ever paid was $605,000, awarded by Google for identifying a critical vulnerability in the Android operating system. This demonstrates the significant financial incentives available for skilled cybersecurity professionals.

So there you have it! Not all hackers are bad, just know for every bad actor there is an army of good hackers out there trying to make the internet safer for you.

As always, if you have enjoyed this or have any questions please feel free to reach out to askatech@mmg.com.au