What is the Role of a White Hat Hacker?

February 8, 2017 | Views: 4506

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Breaches. Breaches. In the past two years, we have read, witnessed or even been affected by attacks even on some fortune 500 companies. The attacks have become sophisticated, notorious and devastating. This calls for advanced blue team efforts which should be focused and relentless. For all we know, the attacker is always ahead.

Most companies I have interactions with have resulted to having internal bug bounty programs / managed by the likes of Hackerone, Bugcrowd, etc. But what happens to the rest of the companies /organizations without the not-so-forward-looking CISOs and CIOs? To be honest there is no company that can wholly manage and contain the numerous vulnerabilities / zero days that potentially affect their infrastructure. Having worked with numerous companies, I can say this for a fact.

So, here comes the whitehat. According to searchsecurity, a whitehat “describes a hacker (or, if you prefer, cracker) who identifies a security weakness in a computer system or network but, instead of taking malicious advantage of it, exposes the weakness in a way that will allow the system’s owners to fix the breach before it can be taken advantage by others (such as black hat hackers.) Methods of telling the owners about it range from a simple phone call through sending an e-mail note to a Webmaster or administrator all the way to leaving an electronic “calling card” in the system that makes it obvious that security has been breached.”

The Role of the Organization:

I have sampled a few of the responses I have got after highlighting some vulnerabilities to some organizations. See below:


Image A

Image B

Image B

Image C

Image C

From the sample above we can see a) commitment b) disdain/arrogance c) arrogance perhaps? To be honest, I can say I am lucky that I got a response. Many times we don’t. I will leave you to guess which of the three responses above recently ( 3 weeks back) got breached 🙂


To my fellow white hats, let’s keep the spirit – responsible disclosure. Never tire. Make the internet safe(r) one CVE at a time.

…Part Two on the way


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Thank you Alfie.

    One would think that Security Officers or SysAdmins put in a lot of passion and care in resolving issues like this, particularly, when they are approached exactly the same way you did. You did not particularly ‘want something’ from them, but you know, being a White Hacker, that’s just what it is. Like white on rice.

    Moving on… Is CEH the way to go to become a White Hacker? I’m about 8months into a path of InfoSec.

    Thank you again.

    • It is hard for me to say CEH is the way,ofcourse it is a good starting place to learn the terminologies and technologies etc; I would recommend hands on experience..try the CTFs,break into the many vulnerable VMs available. Remember the attacks we are seeing nowadays are not taught in the many security certifications, things are evolving quite fast…case in point we now have IOTs, fileless malware..I doubt they are taught in any certification as at today. So…practise.

  2. Nice article – short and interesting. I think you have to go in with the right expectations, then you won’t be disappointed. Are you doing this for a pat on the head or to be praised by the companies, or just for the challenge and truly wanting to help?

    • @Whitebyte,you are pre-empting what part two is all about :-)…but personally, there is a big sense of fulfillment when I point out a vulnerability and the organization am addressing fixes it.(Cue my slogan) As for what I am in it for..hmm a t-shirt, swag, social media mention, website mention or bounty wouldn’t hurt, would it? 🙂

  3. thanks needs to be a balance….

  4. Thanks For The Post Alfie Was A Good Read, Yeah The World Needs More Good Guys Like Us.

  5. Great article! ^_^ I enjoyed it. Hehe, i also “wonder” which one got breached. I think it’s safe to say that in this instance, karma is a b…err..*inserts pg-13 word/s* …is a bumblebee that stings only if you are. Whew! That one almost slipped. 😀 Can’t wait to see part two of this saga. The great adventures of Whitehat: Arrogant knights meet their fate part 1. Part 2 the Great Adventure continues…in a cyber space far far away. 😀 ok I’m done for now. hehe =^_^=

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?