The term “ethical hacker” as it used today is, if you ask me, somewhat imprecise. After all, a hacker in it for the money could be said to follow his or her own moral compass on what is right and what is wrong – the only difference is that those ethics aren’t compatible with those held by most people.
The majority of people in the security industry use the term interchangeably with the term “white hat” – a computer hacker that performs all kinds of penetration testing against an organization’s information systems, at the behest of that same organization and so that it can secure those systems against black hats (straight up “bad guys” hacking for money) and grey hats.
John Yeo, EMEA Director at Trustwave, is one of those. “An ethical hacker or penetration tester is someone who is an expert practitioner when it comes to using the same tools and techniques as the bad guys do, but in a controlled manner, within a professional services wrapper,” he says.