What makes a great hackerAround 70% of all ethical hacker job advertisements requested official accreditation (CREST/CHECK/CCT/APP/INF). A quarter of the job posts requested knowledge of programming languages, and just over a fifth wanted security checked candidates. In terms of softer skills, the job advertisements called for: flexibility (21%); innovation (12%); passion (11%); confidence (8%); and communication skills (6%). Interestingly, only 15% of advertisements called for a university degree. According to a report by HackerOne, nearly 58% of the hacker community is self-taught. Around 50% have studied computer science at undergraduate or graduate level, but less than 5% have learned hacking skills in a classroom.
Disclosure policiesA bug bounty programme offers a financial reward for ethical hackers to find and report flaws. However, it’s not always money that motivates a hacker. HackerOne reports that one in four hackers have found a vulnerability that they have not reported because the company in question didn’t have a way to disclose it. Of course, they can try emailed or sending a message on social media etc., but HackerOne says that implementing a Vulnerability Disclosure Policy (VDP) can be very effective – for example, the US Department of Defense has resolved nearly 3,000 vulnerabilities through their VDP. Overall – even if a company isn’t looking to take on an ethical hacker full time, it might be worth considering whether there is a proper process in place to report flaws. After all, if an ethical hacker wants to warn you about something, it would be a good idea to listen – next time you might not be so lucky, and these days businesses need to understand the threat of cyber-attacks.
Share this story