Ask HN: How was your experience hiring a white hat hacker? How did you find them? Was it worthwhile? Any recommendations for a company paranoid about IT security and considering hiring one? |
Ask HN: How was your experience hiring a white hat hacker? How did you find them? Was it worthwhile? Any recommendations for a company paranoid about IT security and considering hiring one? |
I think a better question is what are you looking for or what type of organization do you run or work for? A good security firm can provide application reviews to find everything from xss bugs in your web app to remote code execution in kernel components. This is done either black-box or source assisted and staffed with a team reflective of the size and complexity of the application.
Another aspect of security assessments can be network and infrastructure, these generally mean someone running nmap and looking for entry ways further into your network. I am biased but my organization almost never fails to find critical bugs or breach networks.
I'm not a salesman but my firm is NCC Group, we are a global pure security consulting firm, which means we don't make or push products. We also have tons of research https://www.nccgroup.trust/us/our-research/ which you can check out to see a sample of what you be paying security consultants for.
The client needed us to review code and act as a witness in a court case on very short notice.
It was interesting work, but a bit frightening once we did some research into the black hat hacker who had been warring with the client.
I would say to make sure you are hiring a WHITE hat hacker, and pay accordingly. Do your research, check recommendations by past clients and the community, and do a background check at minimum.
HackerOne is the leading bug bounty platform.