Global cybercrime losses are estimated to reach $6 trillion this year and $10.5 trillion by 2025. To address this, business owners are racing to strengthen their cybersecurity measures to prevent data breaches that could put their investment and reputation in trouble. One of these measures is the hiring of white hat hackers (WHHs), experienced bug hunters who find flaws in the IT systems and networks and provide solutions. These ethical hackers are fast becoming in-demand with the market value for their services expected to reach $4.1-B by 2027 globally.
Allan Jay Dumanhug, Chief Information and Security Officer of Secuna, the largest cybersecurity testing platform in the Philippines which finds an organization’s IT security flaws that cybercriminals exploit, explains the difference between the WHHs and their malicious counterparts, the Black Hat Hackers (BHHs): “WHHs are all ethical, moral, and cybersecurity professionals making an honest living. They enjoy the intellectual challenge of creatively overcoming and circumventing limitations to keep the Filipino business community safe,” Dumanhug said. “They are very familiar with the tactics of BHHs who are the ones who attack organizations to steal data, compromise systems, and do other kinds of cyber damage. WHHs use this knowledge and their expertise to counter the BHHs’ attack as well as assess the organization’s level of strength in withstanding it.”
The Department of Information and Communications Technology has certified Secuna as a recognized Cybersecurity Assessment Service Provider. Secuna connects companies and brands to vetted and trusted international cybersecurity professionals who simulate cyber-attacks and find security flaws that BHHs can exploit to gain access to IT systems.
ctulu, the #1-ranked WHH of Secuna, discusses the risks that Philippine businesses face: “Most of the companies in the Philippines do not have a Vulnerability Disclosure Policy or a program where their researchers can report potential vulnerabilities to them. Some of the high-profile breaches in the country could have been avoided if there was a program where researchers can report their findings. This highlights the importance of White Hat Hacking in the country.”
Chris Laconsay, another Secuna-registered WHH says, “Cybercrime and cyber-related offenses are now starting to increase. To combat this scourge of cyber-attacks, hiring WHHs enables companies to find flaws in their cybersecurity before those flaws are found and exploited by someone with criminal intentions.”
ctulu, who has audited and tested the COVID-19-related systems of the Philippine Red Cross in the Secuna platform, dispels the stereotypical negative view of WHHs, “Not all hackers are bad. Many of the WHHs are actually security professionals hired by companies to find and exploit vulnerabilities before the BHHs find them and take advantage.”
To excel in his profession, “a top WHH should have these two qualities: an endless curiosity and patience,” says ctulu. “To drive your curiosity to hack and break things, you need a lot of patience since finding bugs is not easy.”
“White hat hacking involves a great deal of problem-solving skills and creativity. As I observed, currently famous WHHs are usually very good at these,” says Laconsay. “Learning newer things is what gives me immense motivation. Willingness to learn a new trick or trade is what kept me going.”
A Bachelor’s Degree in Information Security and/or Computer Science provides a strong foundation for any WHH. Training courses that result in certification that recruiters look for, such as the Offensive Security Certified Professional (OSCP) program, are also one preparation for the WHH career path. Once hired, the WHHs can work themselves up the organization with positions like Penetration Tester, Red Team, Application Security Engineer, and Security Researcher, among others. The salary of a Philippine-based WHH ranges from PHP 18,200 to PHP 63,000.
ctulu adds, “Knowing Python, C++ or Structured Query Language (SQL) is an advantage.” At the same time, he points out that WHHs can come from various backgrounds that, like their tasks, break the mold. He says, “Some of the WHHs I know are nurses, businessmen, or taxi drivers. As long as the hacker can follow the rules, conduct tests, write the reports properly, and have a good attitude, there won’t be any problems.”
Laconsay adds, “Though anyone can become a WHH without any programming skills, you need to have at least one programming language to be good in this craft.”
Unfortunately, the negative public perception of the word “hacking” has been associated with the criminal activity of BHHs, and made companies hesitate in hiring WHHs. It has also prevented WHHs from volunteering or stepping out to help companies once or before a breach happens. ctulu says, “Helpful hackers who see a potential threat usually don’t say something because they are afraid that doing so might land them in jail. However, reporting these flaws is critically important. Failure to do so gives malicious hackers or the BBHs the means and opportunity to hide and strike from the shadows.”