The Ethical Hacker Pathway: Exploring Positive Cyber Behavior
What is an ethical hacker, what do they do and how does their journey to this point unfold? Dr. Marleen Weulen Kranenbarg joins us to discuss her research towards discovering the overlaps in pathways to the positive and negative cyber behaviors among ethical hackers. We explore the nuances of ethical hacking, the factors influencing the choice of a positive path, and the challenges faced by schools and organizations in supporting ethical cybersecurity practices.
Cybercrimeology · Marleen Weulen Kranenbarg
Audio is streamed directly from the publisher (cdn.simplecast.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Key Points Discussed:
- Defining Ethical Hacking: Ethical hackers use their skills to identify and report vulnerabilities, often to enhance cybersecurity in various capacities, including voluntary work, bug bounty programs, or professional roles.
- Research Focus: Dr. Weulen Kranenbarg’s studies highlight a significant overlap between positive and negative cyber behaviors, particularly among IT students, and explore how individuals transition toward ethical hacking.
- Ethical Hacking as a Pathway:
- Early positive experiences, such as reporting vulnerabilities to schools or organizations, can strongly influence individuals toward ethical hacking.
- Responses from organizations play a critical role—positive reinforcement encourages further ethical behavior, while negative experiences can deter individuals.
- Challenges in Defining Ethics:
- Ethical hackers themselves debate the boundaries of what constitutes ethical behavior, such as whether making vulnerabilities public is acceptable if organizations fail to act.
- The term "ethical hacker" is often contentious within the community.
- Role of Education: Schools struggle to address and guide ethical behavior among IT students effectively. Clear vulnerability disclosure policies and ethics education in IT programs are crucial.
- Future Research Directions: Dr. Weulen Kranenbarg plans to conduct life-history interviews with hackers to better understand their pathways and influences toward ethical behavior.
About our Guest:
Dr Marleen Weulen Kranenbarg
https://research.vu.nl/en/persons/marleen-weulen-kranenbarg
Papers or Resources Mentioned:
- Weulen Kranenbarg, M. (2018). Cyber-offenders versus traditional offenders: An empirical comparison. Vrije Universiteit Amsterdam. Retrieved from https://research.vu.nl/en/publications/cyber-offenders-versus-traditional-offenders-an-empirical-comparison
- Weulen Kranenbarg, M., Ruiter, S., & Nieuwbeerta, P. (2018). Cyber-offending and traditional offending over the life-course: An empirical comparison. Crime & Delinquency, 64(10), 1270–1292. https://doi.org/10.1177/0011128718763134
- Weulen Kranenbarg, M., Holt, T. J., & van Gelder, J.-L. (2021). Contrasting cyber-dependent and traditional offenders: A comparison on criminological explanations and potential prevention methods. In J. van Gelder, H. Elffers, D. Reynald, & D. Nagin (Eds.), Routledge International Handbook of Criminology and Criminal Justice Studies (pp. 234–249). Routledge. Retrieved from https://research.vu.nl/en/publications/contrasting-cyber-dependent-and-traditional-offenders-a-compariso
- Weulen Kranenbarg, M., & Noordegraaf, J. (2023). Why do young people start and continue with ethical hacking? A qualitative study on individual and social aspects in the lives of ethical hackers. Criminology & Public Policy, 22(3), 465–490. https://doi.org/10.1111/1745-9133.12640
Additional Resources:
Capture the Flag (CTF) events:
Hack the Box - A popular online platform offering a variety of CTF challenges to test and improve cybersecurity skills.
NorthSec - A popular in-person CTF competition designed for everyone excited about cybersecurity.
Bug Bounty Programs:
HackerOne - A leading bug bounty platform connecting ethical hackers with organizations to find and fix vulnerabilities.
Bugcrowd - A platform that hosts bug bounty programs for a wide range of companies and industries.