The Ethical Hacker Pathway: Exploring Positive Cyber Behavior

Key Points Discussed:

• Defining Ethical Hacking: Ethical hackers use their skills to identify and report vulnerabilities, often to enhance cybersecurity in various capacities, including voluntary work, bug bounty programs, or professional roles.
• Research Focus: Dr. Weulen Kranenbarg’s studies highlight a significant overlap between positive and negative cyber behaviors, particularly among IT students, and explore how individuals transition toward ethical hacking.
• Ethical Hacking as a Pathway:
  • Early positive experiences, such as reporting vulnerabilities to schools or organizations, can strongly influence individuals toward ethical hacking.
  • Responses from organizations play a critical role—positive reinforcement encourages further ethical behavior, while negative experiences can deter individuals.
• Challenges in Defining Ethics:
  • Ethical hackers themselves debate the boundaries of what constitutes ethical behavior, such as whether making vulnerabilities public is acceptable if organizations fail to act.
  • The term "ethical hacker" is often contentious within the community.
• Role of Education: Schools struggle to address and guide ethical behavior among IT students effectively. Clear vulnerability disclosure policies and ethics education in IT programs are crucial.
• Future Research Directions: Dr. Weulen Kranenbarg plans to conduct life-history interviews with hackers to better understand their pathways and influences toward ethical behavior.

About our Guest:

Dr Marleen Weulen Kranenbarg

https://research.vu.nl/en/persons/marleen-weulen-kranenbarg

Papers or Resources Mentioned:

• Weulen Kranenbarg, M. (2018). Cyber-offenders versus traditional offenders: An empirical comparison. Vrije Universiteit Amsterdam. Retrieved from https://research.vu.nl/en/publications/cyber-offenders-versus-traditional-offenders-an-empirical-comparison
• Weulen Kranenbarg, M., Ruiter, S., & Nieuwbeerta, P. (2018). Cyber-offending and traditional offending over the life-course: An empirical comparison. Crime & Delinquency, 64(10), 1270–1292. https://doi.org/10.1177/0011128718763134
• Weulen Kranenbarg, M., Holt, T. J., & van Gelder, J.-L. (2021). Contrasting cyber-dependent and traditional offenders: A comparison on criminological explanations and potential prevention methods. In J. van Gelder, H. Elffers, D. Reynald, & D. Nagin (Eds.), Routledge International Handbook of Criminology and Criminal Justice Studies (pp. 234–249). Routledge. Retrieved from https://research.vu.nl/en/publications/contrasting-cyber-dependent-and-traditional-offenders-a-compariso
• Weulen Kranenbarg, M., & Noordegraaf, J. (2023). Why do young people start and continue with ethical hacking? A qualitative study on individual and social aspects in the lives of ethical hackers. Criminology & Public Policy, 22(3), 465–490. https://doi.org/10.1111/1745-9133.12640

Additional Resources:Capture the Flag (CTF) events:

Hack the Box - A popular online platform offering a variety of CTF challenges to test and improve cybersecurity skills.

https://www.hackthebox.com

NorthSec - A popular in-person CTF competition designed for everyone excited about cybersecurity.

https://nsec.io

Bug Bounty Programs:

HackerOne - A leading bug bounty platform connecting ethical hackers with organizations to find and fix vulnerabilities.

https://www.hackerone.com

Bugcrowd - A platform that hosts bug bounty programs for a wide range of companies and industries.

https://www.bugcrowd.com