What Is a White Hat? The Ethical Side of Hacking

Written by Coursera • Updated on

When you think of hackers, you might envision the villains you've seen in movies who break into computers to steal data. But, all hackers aren't bad. To find out more, learn what it takes to become a certified ethical hacker.

[Featured Image] A man looks at a whiteboard and places a Post-it note on it.

The term white hat refers to an ethical hacker whose job involves hacking into computer systems to detect security risks. The term and its definition derive from old movie westerns, where law-abiding heroes always wore white hats. Unlike those who break into computers to destroy or steal data, white hat hackers have good intentions.

What does a white hat do?

When a company needs to test its information system’s security, it hires white hats to attempt to hack information systems. This ethical hacking process helps detect vulnerabilities in a system. Depending on the company you work for, your duties as a white hat hacker might include:

  • Reverse engineering malware and viruses

  • Analyzing attacks and security incidents for their root causes

  • Scanning a target network with vulnerability scanners

  • Designing plans of attack to try and exploit (and then patch) vulnerabilities

  • Providing technical support

  • Reviewing and updating documentation  

Jobs for white hats

These days, the demand for ethical hackers is higher than ever in both private and public sectors. 

Private sector vs. government jobs

There are many types of private sector companies that need stringent security for their information systems. Examples include:

  • Financial institutions like banks, credit card companies, and mortgage companies

  • Technology companies 

  • Educational institutions

  • Aerospace companies

  • Cell phone companies

  • Healthcare businesses

  • Utility companies

  • Large retail and wholesale establishments

  • Entertainment and media companies

  • Artificial intelligence (AI) companies

Ethical hackers who want a government job might work for the Departments of Defense, Homeland Security, Intelligence, Justice, or Revenue. These are just a few government agencies that hire white hats to secure their information systems. 

Some common job titles for ethical hackers in the private and public sector include:

  • Data security analyst

  • Data security manager

  • Network administrator/manager

  • Network security consultant

  • Penetration tester

  • Security engineer

  • Vulnerability assessor 

Ethical hacker skills 

There are two types of skills that help with job performance: technical skills and workplace skills. Technical skills are learned through training or education, while workplace skills are those that involve your personality or work ethic. To become a white hat, plan to develop a unique combination of technical and workplace skills, including:

  • Computer programming skills

  • Databases and networks

  • Cryptography (study of encryption and decryption)

  • Web applications and wireless technologies

  • Problem-solving

  • Organization

  • Communication

  • Ability to remain calm in high-pressure situations

Degree types for a white hat

Although some white hat hackers develop their expertise from working with computers, many get bachelor's degrees as well. Degrees that might benefit ethical hackers include:

Read more: Computer Science vs. Information Technology: Careers, Degrees, and More

When you're ready to apply for a position as a white hat, you'll likely need a strong working knowledge of operating systems like Linux, Kali Linux, and Windows and extensive experience writing code. Types of scripting and programming languages to learn and master include:

Read more: Popular Programming Languages in 2022

Should I get a master’s degree?

You may not need a master's degree to get a job as a white hat hacker. But if you have an undergraduate degree in a field like math, physics, computer science, or engineering, you can go on to get a Master of Science in Cybersecurity. 

This program may offer opportunities to develop a deep understanding of cybersecurity principles, practices, and techniques. A full-time student might obtain a master's degree in cybersecurity in one to two years. 

Alternatives to getting a degree 

If you aren't interested in going to college, you can pick up valuable ethical hacking experience by joining the military and advancing up a cybersecurity or intelligence track. Another bonus of joining the military is the security clearance you'll likely get while you're there. This is a valuable asset to many public and private sector employers when it's time for you to move on from the military. 

Certifications for career prospects

If you're hoping to work as an ethical hacker, certifications can give you a chance to show employers that you have those skills. The Certified Ethical Hacker (CEH) Certification offered through the EC-Council (International Council of E-Commerce Consultants) is one of the most respected and comprehensive certifications in the industry. 

This program is globally recognized, and participants who complete it might get top positions as ethical hackers. To enroll in the course, you must have at least two years of experience in information security and pass a pre-enrollment exam. The CEH exam costs $1,199 and retakes cost $450. Applying to take the exam costs $100. The class focuses on these topics and more:

  • Cryptography

  • Enumeration

  • Firewalls

  • Footprinting

  • Honeypots

  • Latest trojans, worms, and viruses

  • Penetration testing

  • Server hacking

  • Session hijacking

  • Social engineering

  • SQL injection

Part of the process of getting this certification is agreeing to the EC-Council's code of ethics, stating that participants of the program must always protect intellectual property and promise never to engage in malicious hacking activities. 


As with most jobs, your salary as an ethical hacker depends on your level of education and experience. According to Glassdoor, the average salary for an ethical hacker in the United States is $105,153 (September 2022) [1]. 

Next steps

Start building the skills you need to become an ethical hacker with the IBM Cybersecurity Analyst Professional Certificate. Learn from field experts and get a hands-on experience with industry tools and real-world case studies, all at your own pace.


professional certificate

IBM Cybersecurity Analyst

Get ready to launch your career in cybersecurity. Build job-ready skills for an in-demand role in the field, no degree or prior experience required.


(8,744 ratings)

112,245 already enrolled


Average time: 3 month(s)

Learn at your own pace

Skills you'll build:

information security analyst, IT security analyst, security analyst, Junior cybersecurity analyst, Information Security (INFOSEC), IBM New Collar, Malware, Cybersecurity, Cyber Attacks, database vulnerabilities, Network Security, Sql Injection, networking basics, scripting, forensics, Penetration Test, Computer Security Incident Management, Application Security, threat intelligence, network defensive tactics, cyber attack, Breach (Security Exploit), professional certificate, cybersecurity analyst

Article sources

  1. Glassdoor. “How much does a Ethical Hacker make?, https://www.glassdoor.com/Salaries/ethical-hacker-salary-SRCH_KO0,14.htm.” Accessed September 28, 2022.

Written by Coursera • Updated on

This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.

Big savings for your big goals! Save $200 on Coursera Plus.

  • For a limited time, save like never before on a new Coursera Plus annual subscription (original price: $399 | after discount: $199 for one year).
  • Get unlimited access to 7,000+ courses from world-class universities and companies—for less than $20/month!
  • Gain the skills you need to succeed, anytime you need them—whether you’re starting your first job, switching to a new career, or advancing in your current role.