Wednesday, January 31, 2018

Outside of the stereotypes

Women don´t know how to drive. In Spain, we nap daily. All Irish are redheads. Chinese are all similar physically. There are many stereotypes, some more accurate than others, but certainly include a large part of the population in categories, groups and descriptive adjectives. In the "cyber" world we are not free of stereotypes, computer and security professionals we are usually fit into the group of asocial, introverted, lonely and ... little valued?


We discovered that this is not true thanks to by HackerOne and the study that has been carried out on more than 2000 ethical hackers participating in bounty bug programs in more than 100 countries. When we talk about ethical hackers we refer to those security professionals who use their knowledge to find vulnerabilities and report them to companies so that they can take action. One of the most surprising results that can be drawn from this study is that, on average, ethical hackers who earn more than twice as much as a software engineer in their respective countries of origin.

One in four ethical hackers based 50% of their annual income on this activity, while 14% say that this work accounts for 90-100% of their annual income. Although these data sound like more than sufficient reason to focus, at least our free time, in this labor sector in fact the data of this survey reveals another disturbing fact: hackers in general are less motivated by the monetary gain with respect to 2016, falling from its first to fourth priority. 

Despite the speed at which ethical hacking extends, there are still many obstacles to overcome. If we take a look at the vulnerability disclosure policies published by the companies, we realize that 94% of those that are part of Forbes Global 200 haven´t published any. This leads to situations of waste of resources and talent, since 1 out of 4 professionals couldn´t inform the company of the vulnerability they found. According to industry professionals, this data, despite being negative, is in the process of change as 72% believe that companies are increasingly open to receiving feedback from others about their vulnerabilities.

Marten Mickos, CEO of HackerOne, values very positively the activity carried out by these ethical hackers, since they demonstrate the power of this community making the Internet safer for all of us. Mickos points out the impressive work of this group: "We are impressed by the skills, passion and integrity of these people that are shown in this report. The work of the ethical hacker community is significantly reducing the risk of security breaches. "

Thanks to this study, it´s easier for us to elaborate a more concrete profile about the ethical hacker. Several of the results of this survey make us rethink the preconceived idea we have of the figure of the hacker as isolated and solitary. Actually 60% of them prefer to work in a group, 31% disclose their discovery in blogs, 8% of IT professionals act as mentors or apprentices of other hackers and 7% have presented at least one error report with other hackers such as part of a team.

So, if you were looking for some extra income or some new activity to do, we already have data to affirm that there is no better time to be an ethical hacker. More than 1,000 organizations, including General Motors, GitHub, Lufthansa, Nintendo, Spotify, Starbucks and the US Department of Defense, they work with the worldwide community of ethical hackers to find and fix security vulnerabilities quickly. From CIGTR we want to thank this community for the great work it does in the cybersecurity sector, protecting even those who do not know that they are at risk.

0 comments:

Post a Comment