So you’re an experienced programmer with a solid CV and lots of experience working for legitimate developers, but you’re bored of the daily grind? It’s a common narrative, but not one which has to remain unchallenged.
The brave new world of InfoSec has a lot to offer talented individuals; especially those who have developed hacking skills in their spare time but do not want to go down the dark path and actually participate in cybercrime.
Become a Penetration Tester
The market for pen testing has expanded exponentially in the past decade, with more and more businesses eagerly acquiring the assistance of ethical hackers to see whether there are chinks in their digital armor.
The even better news is that this discipline is fairly broad, encompassing a range of tactics and strategies that should provide enough variety for prospective employees from different backgrounds. For example, the team at Fidus Information Security use penetration testing to cover everything from infrastructural resilience to app vulnerabilities, PCI DSS compliance, and even physical security.
Since a data breach can cost businesses $3.8 million or more to recover from, it is easy to see why there is so much demand for preventative services like this. And if you already have the skills necessary to conduct realistic cyber attacks, then you should fit right in with this kind of white hat crowd.
Hunt For Bugs
If you would prefer to take a more individual approach to improve security and making your altruism pay, then picking up a bug bounty offered by a major tech firm could be a good idea.
In a way, such bounties are essentially a means of pre-emptively ransoming problems that might exist with popular software platforms, but which the developers have overlooked. Rather than allowing those who discover them to sell them to malicious third parties, the companies offer a reward and thus incentivize a culture of openness and honesty.
Freelancers who take on the challenge of tearing down software, seeking out the flaws that inevitably exist and then passing on the relevant information so that a patch can be created are growing in number. And in many cases, bounty hunters can expect to earn almost three times as much as a typical software engineer, so from a financial perspective making the leap is a no-brainer.
While some businesses will choose to outsource their information security responsibilities to third-party providers, many will instead recruit dedicated team members to tackle this as their full-time job.
In-house InfoSec roles can be varied, engaging and well paid, depending on where you work and the size of the organization itself. Of course, there is also the added responsibility of being accountable in the event that a cyber attack against the firm is successful, but if you are confident in your hacking abilities then this should not be a major concern.
There is also the added stability and consistency of a permanent position like this to consider, as opposed to the freelance route, which could be more lucrative but is far more vulnerable to peaks and troughs of earning.
The most important thing to remember is that using your hacking skills for good, in whatever capacity you choose, is a better option than the alternative. Penalties for cybercrime are becoming steeper and it is simply not worth the risk to get involved.