Life hack: How to hack for a living

Inside the world of ethical hacking


Casey Critz, Staff Writer

In shows like “Mr. Robot,” “CSI: Cyber” and “Criminal Minds,” hackers are typically portrayed as criminals, but the truth is that not all of them are bad, with many using their expertise to help keep companies safe. 

Hackers are generally categorized by the type of metaphorical “hat” they don: white hat, gray hat and black hat. White hat hackers use their skills for good, protecting systems against cyber attacks. Black hat hackers use their skills primarily for personal or financial gain, ranging from spreading harmful systems to hacking into people’s bank accounts and emails. Standing in the middle, gray hat hackers may sometimes violate the law or ethical standards, but do not function with the malicious intent of a black hat.

Sophomore Gabriel Orozco began to dive into the world wide web around 2016, starting with Java and working his way into white hat hacking. He has written programs for start-up companies, and has most recently done cyber security for his relative’s estate agency, protecting them from cyber attacks.

“I got into white hat hacking from a desire to protect myself online,” Orozco said. “I mostly do it to keep others safe and knowledgeable online while making sure they don’t get their privacy breached.” 

White hats work with companies to find discrepancies in their cybersecurity by intentionally hacking their systems, looking for loopholes black hat hackers missed. Usually working in ethical hacking companies composed of different hackers working for profit, white hats are paid anywhere from thousands to hundreds of thousands of dollars by these companies.

“According to HackerOne, a San Francisco, hacker-powered security testing company, Google has paid out about $3 million through its own hacker bonus program; along with Uber paying out $860,000 over the past year to use his platform,” New York Post staff writer, Ed Zwirn, said.

Hackers find these discrepancies through penetration testing, security system tests and vulnerability assessments. These are different forms of tests in which hackers have permission to simulate a cyberattack on a company in order to find any security issues.  

However, white hat hackers have other forms of income aside from what they make when hired by a company. The way to win hundreds of thousands of dollars as an ethical hacker can also be done through competitions. Hacking competitions are similar to the testing paid for by companies, but instead are hosted by corporations such as “Cyberlympics” and “WhiteHat Contest.” In these contests, a game called Capture the Flag occurs in which they compete by solving puzzles and finding bugs, errors in software and security systems, in order to find a “flag” that proves they have successively hacked into a system. These competitions occur across the world, with prizes accounting up to $1 million for a single competition.

According to GeeksforGeeks, five of the most famous competitions include Insomni’hack in Switzerland, OCTF in Shanghai, the worldwide CTF held by Google, the capture the flag held by Plaid at Pennsylvania’s Carnegie Mellon University and DEF CON in Las Vegas. 

In order to become a white hat hacker and earn a median salary of $80,000, it is recommended to have a bachelor’s degree in computer engineering, information technology, information systems security or mathematics. Although, it is required that you have an applicable certification.

“The applicable certifications include ones from the certified register of ethical security testers, certified ethical hacker, global information assurance certification penetration tester, offensive security certified professional, certified penetration testing consultant and certified penetration testing engineer companies,” Varonis Systems, a software company in New York City said.

Whether it’s through “capture the flag” games or planned company hacks, white hat hackers can make a suitable living by helping to keep internet users safe.