Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

White-hat hacking as a viable career choice | Information Age | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | #hacking | #aihp

ICS2’s 2023 Cybersecurity Workforce Study How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cyber security Workforce estimates the global cyber security workforce at 5.5 million, a nine per cent increase from 2022.

ISC2 – the world’s leading association for cyber security professionals with 600,000 members – also estimates another 3.9 million are needed.

This is not the number being sought, it’s the number of cyber security professionals ICS2 estimates organisations require to properly secure themselves.

And ICS2 found that, rather than organisations increasing their security workforces to beef up security, the opposite is happening.

From its survey of almost 15,000 cyber security professionals, it found 28 per cent saying they had seen layoffs elsewhere in their organisations that could significantly affect the cyber security workforce, and 41 per cent felt cutbacks had affected their security team disproportionately in comparison to the rest of their organisation.

Sixty-seven per cent of respondents reported their organisations having a shortage of the cyber security staff needed to prevent and troubleshoot security issues.

Ninety-two per cent said their organisation suffered from skills gaps in one or more areas, and 43 per cent cited one or more significant or critical security skills gap at their organisation.


To make matters worse, cyber security is a stressful job and burnout a major industry problem.

A study undertaken by Cybermindz, an Australian charity dedicated to the mental health of cyber security professionals found them to be suffering high stress levels impacting their effectiveness.

It concluded that stress could result in high attrition rates, leaving organisations more vulnerable to cyber attack.

There is an alternative way for an organisation to deploy essential cyber security resources without the challenges of finding and keeping salaried employees.

Large organisations typically have red team and blue team cyber security specialists on staff.

Blue teams do their best to protect systems, always on the lookout for signs of an attack.

Red teams spend their days playing a ‘bad guy’ role looking for vulnerabilites, finding ways to breach the organisation’s cyber defences.

However, blue team and red teams are a luxury that small organisations cannot afford, and blue teams especially can be difficult to maintain.

The role can be thankless and often dull.

Detection systems generate thousands of alerts every day, including false-positives and low-level threats that blue team members must sift through.

Bug bounty programs present a practical alternative to in-house red teams.

They enable organisations to draw on a community of millions of white hat hackers.

They are a great resource, but the industry needs to better understand the hacker psychology: the motivations that drive ethical hackers and the best way to tap into those motivations.

Ethical hacking

Probably the biggest myth about ethical hacking is that client companies engage them in a ‘set and forget’ mode: charge them with finding a vulnerability in a specified system and leave them to it.

The truth is the exact opposite.

Australian-founded and funded security company Bugcrowd operates a platform that enables companies to find and engage with the ethical hackers who best meet their needs.

It has been canvassing the opinions of the ethical hackers on its platform for several years and publishing the results in its Inside the Mind of a Hacker (ITMOAH) report.

For the latest 2023, edition Bugcrowd analysed responses from 1,000 respondents.

It said: “There is a common misconception that hackers are drawn to programs that pay the most.

“However, our findings suggest that hackers take a much more holistic approach when assessing their professional opportunities.”

The number one reason for choosing a particular engagement, cited by 61 per cent of respondents, was “working with a responsive team.”

Overall, 75 per cent of respondents identified non-financial factors as their main motivators.

When asked why they chose to work through Bugcrowd’s platform, the reason cited by most was not related to financial rewards or any other selfish motivation: more than half said it was “to reduce the risk of breaches and reputation damage for companies.”

Respondents were also asked what they saw as the main barrier preventing them being more successful in finding vulnerabilities in client systems.

The number one reason given was lack of scope, cited by a third of respondents.

Clients who restrict the scope given to a hacker to probe their systems prevent the hacker from identifying many impactful vulnerabilities.

Entrusting hackers with greater latitude allows them to do their work more effectively and empowers companies to quickly reduce risk through more rigorous, holistic testing.

The survey also dispels the myth that ethical hackers, like their unethical counterparts, are primarily lone operators on the fringes of society.

“Hackers actively pursue their careers the same way other professionals do; they seek networking opportunities through community groups and conferences, they mentor others, and they supplement their skills with academic coursework and certifications.

“Over half of all hackers use the skills they learn about hacking as a stepping stone to get a new job,” ITMOAH reported.

It concluded: “This evidence shows the increased legitimacy of hacking as a career, not just a side hustle.”

The survey also showed the importance of ethical hacking in providing much needed security skills: 96 per cent of respondents agreed that ethical hacking helps companies fill their cyber security skills gap.

Finally, unlike much expenditure on security, where the return on an investment is invisible—security is not breached—the benefit gained from a bounty paid to an ethical hacker for a discovered vulnerability is very transparent.

This content has been written by a topic area expert and is not a sponsored post or advertisement.

Information Age welcomes Opinion pieces from industry leaders. You can find our submission guidelines here.

(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); = id;
js.src = “//”;
fjs.parentNode.insertBefore(js, fjs);
} (document, ‘script’, ‘facebook-jssdk’));

Click Here For The Original Source.