The IT industry has completely taken over the world in recent decades – the advent of computers that are increasingly powerful in everyday life, the miniaturization of technologies that have led to the emergence of devices such as smartphones, and the large global network that connects all of our devices. It has constantly led to a huge increase in the demand for IT professionals: programmers, computer engineers, hardware specialists and interface designers, among many other important professions in the labor market.
And when we talk about the industry responsible for handling all banking transactions, storing all our personal data, executing financial market operations, storing secret video calls between CEOs, and supporting virtually thousands of companies, it is only natural that the concern for security being one of the highest priorities and demands.
Digital security specialists, penetration tests or “ethical hackers” are a group of interconnected professionals, specialists and employees employed abroad, and here in Brazil it has become a growing segment within the IT sector, attracting thousands of people seeking better pay, interesting challenges and delving into computing world.
But is it possible to survive thanks to hacking knowledge? And why would a company hire a hacker on its team? Let’s meet.
Bug Bonuses and Bounty Programs
When we think about making money from hacking, the image that comes to mind is a sinister American movie, hidden in a darkroom and an open computer station that prints at high speed – and although in a less theatrical way, there are hackers responsible for many types of digital thefts, as well as Other scams like ransomware, the truth is that a system invasion specialist can earn a lot of money in a completely ethical manner and in cooperation with companies and governments.
This is because large companies and organizations offer bounty programs, and notorious bug bounties, to those who find security holes in their platforms. These programs are useful for several reasons: a hacker can use their skills to prevent security breaches that would harm many people, and they get paid to do so. At the same time, the company is informed of security flaws before they become a problem, and it buys time to fix the vulnerability before bad actors discover it as well.
And it’s not uncommon: Big companies like ExpressVPN open Bug Bounty software often during new technology launches, and companies like Apple and Google have a firmware – no matter what time of year, hackers report a major flaw. Security officers get a bonus.
Types of hackers: white hat and black hat
If it is possible to act as a hacker or digital security expert ethically, what is the true meaning of this term? The tech community ended up creating terms to distinguish between these two categories of people:
- black hat: These are the hackers that we usually know due to their illegal and criminal activity. Its goal is to invade or prevent a system from operating to steal data, extort, tamper, or permanently steal some value.
- white hat: They are the professionals who use their expertise to find and fix security holes, whether they work for a specific company or provide their analysis to third-party bounty programs.
Many well-known members of the cybersecurity community started their careers in a more gray manner, a cross between the black hat and the white hat known as the gray hat. This is the example of user Smealum, known for hacking the Nintendo 3DS, the Nintendo handheld console, allowing a series of homebrew software, and eventually software piracy. His ability to understand and break into a closed system earned him a steady job at Microsoft as an Edge security specialist.
In Brazil, the demand for security professionals who are hired directly by the responsible company is high, especially after moving to the home office during the pandemic, so this field is excellent for those who are starting their career in IT and want to work in a more specialized niche with higher pay. However, it should be noted that in addition to a series of specific knowledge about advanced programming and standard security protocols, a security professional also needs to enjoy challenges, puzzles, hacks, and creative solutions.