Ask HN: How was your experience hiring a white hat hacker?

I'm a white hat hacker!

I think a better question is what are you looking for or what type of organization do you run or work for? A good security firm can provide application reviews to find everything from xss bugs in your web app to remote code execution in kernel components. This is done either black-box or source assisted and staffed with a team reflective of the size and complexity of the application.

Another aspect of security assessments can be network and infrastructure, these generally mean someone running nmap and looking for entry ways further into your network. I am biased but my organization almost never fails to find critical bugs or breach networks.

I'm not a salesman but my firm is NCC Group, we are a global pure security consulting firm, which means we don't make or push products. We also have tons of research https://www.nccgroup.trust/us/our-research/ which you can check out to see a sample of what you be paying security consultants for.

My firm was referred to a firm that needed us through the leader of the local Python user group.

The client needed us to review code and act as a witness in a court case on very short notice.

It was interesting work, but a bit frightening once we did some research into the black hat hacker who had been warring with the client.

I would say to make sure you are hiring a WHITE hat hacker, and pay accordingly. Do your research, check recommendations by past clients and the community, and do a background check at minimum.

HackerOne worked really well for us, it's a crowdsourced bounty based marketplace for white hat hackers.

Bugcrowd leaderboard provides insight into the top bounty hunters - https://bugcrowd.com/leaderboard

The safest and most convenient way of hiring a white hat hacker (a.k.a. ethical hacker) is to run a bug bounty program and get the input of many of them.

HackerOne is the leading bug bounty platform.