Just to be perfectly clear: we are not talking about hiring hackers to engage in unethical or illegal activity; this article looks at the process of hiring hackers who can engage in ethical and legal hacking assignments. Think of an ethical hacker as “a computer or network expert who systematically attempts to penetrate a computer system or network on behalf of it’s owners for the purpose of finding security vulnerabilities that a malicious hacker could exploit,” says Margaret Rouse.
You shouldn’t assume that it will be easy to find a cybersecurity professional: this report from ISACA found that 92 percent of those planning to hire cybersecurity professionals in 2015 think it will be difficult to find candidates.
If you are looking to find an ethical hacker — through a means that your HR department might approve of — where should you start?
Ethical Hacking Certificates
Several organizations offer ethical hacking certificates. including EC-Council, Firebrand, InfoSec Institute, and SecureNinja. EC-Council seems to be the most reputable organization among those listed, but I am not vouching for any of them. I advise you make sure you conduct proper research on all of them before hiring a certified ethical hacker. You may also consider approaching these organizations to ask if they will circulate your job advertisements to their graduates.
Online Hacking Competitions
Competitions that require candidates to use their occupational skills have become all the rage, and they’re a great way to attract top talent. Follow the lead of British intelligence agency the Government Communications Headquaters (GCHQ), which set up an online Cyber Security Challenge. The GCHQ describes this competition as a “new virtual game from the British Intelligence Agency to find future cyber defence [sic] talent which comprises a search for vulnerabilities in a fictional threatened aerospace company.”
Set up your own ethical hacking competition and promote it as a way to attract and identify hackers who can expose system vulnerabilities. Hackers who are successful in your competition may be the cybersecurity talent you need.
Online Ethical Hacker Marketplaces
There are a range of online marketplaces where you can hire ethical hackers on a job-by-job basis. For example, Neighborhoodhacker.com claims to only supply certified ethical hackers, and Hackers List states clearly that only legal and ethical hacking is acceptable within its system.
These two examples seem to be the most ethical and transparent hacker marketplaces that I could find. Once again, I am not vouching for or endorsing these sites; you’ll need to be responsible for your own due diligence before deciding to use them.
Have you ever hired an ethical hacker? If so, how did you go about finding one? Was it a positive experience? Would you do it again? I’d love to hear your thoughts!