When people think of hackers, the standard perception is a teenage script kid working under his hood in his bedroom. The media still mistakenly uses the hooded person hunched over a keyboard on a regular basis as visual content for related storylines, which only helps to reinforce the myth.
So is this picture still relevant? To a lesser extent, it is, because it shows how most hackers begin their journey – test their skills and refine them to the nth degree. We all have to start somewhere. The big difference, however, is that a hacker’s capabilities have increased dramatically.
Hacking is now a recognized profession where people can earn an honest and decent living. Not only are there many penetration test jobs in companies that give these “start-up” hackers a place to legitimately hone these skills, but we also have a new type of test – bug bounties.
Bug bounty programs take two forms. Organizations offer a bug bounty for vulnerabilities discovered in their systems, where a hacker detects them and reports them to the company so that they can be fixed before they are publicly released. The hacker is then rewarded for this discovery. This is popular with many big tech companies like Google, Apple, and Dropbox. Several government organizations are also starting to use this method.
The second form is a bug bounty platform, for example HackerOne, SynAck or BugCrowd, which is a fusion of the bug bounty idea and the traditional. is Penetration tests. A company leases the platform to examine its infrastructure, websites, and applications for potential vulnerabilities. Hackers become members of the platform and are given the opportunity to discover vulnerabilities, which are then reported back to the hiring company.
The hackers are rewarded for discovered vulnerabilities and not paid for the time required, as is the case with conventional penetration tests. This encourages the hackers to dive deep and discover something – the more critical the vulnerability, the greater the reward.
These platforms are very popular with companies because they allow their systems to be tested in real life so that hackers can test and improve their skills on real systems without fear of reproach. Some of these hackers have broken the $ 1 million bug bounty mark, so encouraging more hackers to use their skills forever can be very lucrative. This shows a shift towards hacking towards a gig economy – they can take on the role full time or hack in their spare time.
A few years ago, those script kiddies would have stopped hacking when they grew up, got a job and raised a family, with little time to play with computers. But today the hooded hacker has grown up and turned into a real professional. Whether this means that images of hackers should depict a suitable and booted adult is up for debate, but the behavior and characteristics of a hacker have certainly changed.
Hacking is a normal business process today and reflects the need to test systems regularly to ensure that both information and the systems that support it remain secure. Organizations need to recruit and nurture people with the hacking skills. Hackers can be a great asset as they provide in-depth insight into problems you didn’t even know existed.
So encourage people to destroy your systems and use those skills and knowledge to your advantage before someone else does and you lose your business.