For those people out there that enjoy hacking but don’t want to worry about the consequences one may have to face because you are doing something unlawful, there’s a job in it for you. An ethical hacker is someone who rather than hacks to, for example, steal, instead hacks when hired to find weaknesses in a company’s security.
Hacking becomes a job, and a job means making money. As a ethical hacker one has a decent pay grade. Depending on the jobs you take on as well as your experience, a person can make between $60,000 and $100,000 if not more.
In the end, being an ethical hacker is a complete win-win situation. Hacking to your hearts content is now a possibility, plus you earn a steady income and the chances of serving time have been eliminated. If you want to hack being an ethical hacker seems to be the way to go.
info obtained from: http://www.nypost.com/p/news/business/jobs/what_up_with_that_job_73bcepcf42NSN1m1fRsr2I?CMP=OTC-rss&FEEDNAME=
RIT Cyber Security Policy and Law Class Blog 
I think that this is definitely an interesting topic for a blog post, because in some cases hacking can really come in handy to determine the level of security a certain company has. Also, if a person really enjoys and has a love for hacking then they should be able to make a living out of it as long as they are only hacking to help companies and that they are not breaking the law in any way.
There’s a few websites dedicated to ethical hackers including several communities. One that I belong to is The Ethical Hacker Network, which has many news articles, links to information site and a forum where you can discuss relevant topics and ask advice about various issues you may be having. Here is the link.
http://www.ethicalhacker.net
I was searching about this topic for one of my blog posts in the past, never actually did a post about it though. I was thinking how do you know as a company that someone is a good enough hacker to pay them to test your security, maybe there not good enough to find the holes. I eventually found that there are Ethical Hacker certifications such as the CEH certification. I don’t know how creditable these certifications are but i think its a good idea because it shows a hacker has a certain standard of knowledge/skill.
This is basically what penetration testing is. That’s why I’m in the ISF major here at RIT. It seems pretty cool to get paid (and well) to hack into stuff. I agree with mitchmoliterni when he says “…how do you know as a company that someone is a good enough hacker to pay them to test your security…” When I took the Information Security Policies class, Professor Weisman told us that when doing penetration testing you want to give them something to worry about. Penetration testing companies have a playbook of things to try and look out for. You don’t want to tell them “Your system is 100% secure! We weren’t able to compromise anything about your system.” because then you don’t look like you are very capable as an auditor. That’s just a trick of the trade I learned from Professor Weisman. It might sound a little unethical but it isn’t outright lying (you SHOULD find SOMETHING wrong with the system, unless the sys admin is a real security guru).
This is a interesting career that I would definitely like to see grow. The idea of having hackers use their abilities to help the general public by finding faults within a system is something that would be very beneficial. Not only does it provide a legal outlet for a hacker’s skills, but also provides them with a paid job as well as help further positive technological advances.
It has all the benefits without having to look behind you all the time and you get paid good money to be a thief.
As said in earlier comments this is basically what most ISF students will be doing for a living after graduation. Unfortunately, most penetration testing is a bit of a grey area subject. Its only worth doing if people are willing to shell out the cash to fix the flaws someone finds after they well, hack the site. If they don’t the information gathered is pretty much useless.
It’s kind of like being a dentist. You see a patient come in for a cleaning every six months and find some cavities and let them know that they should really brush and floss every day to prevent further decay. You can only do so much to educate them. Once they leave your office it’s up to them to have a healthy mouth. The same applies here. If you do an audit of a company’s security and they don’t take your advice, that’s their problem. At least you got paid!
As others have stated this is a great topic. The thought of being trained and paid to hack or “counter-hack”. Again as others have said, the majority of ISF students have this very career goal or something of the sort in mind upon graduation. It will be interesting to see as this program grows and how the demand will/will not increase in the near future. For the sake of me and my feature, and other fellow RIT students, we can only hope that “white hat” hackers become more and more in demand.