Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Ethical Hacker: Understanding the Differences between Black, White, and Grey Hats

Ethical Hacker: Understanding the Differences between Black, White, and Grey Hats

about the author

Share this post

If you type “Ethical Hacker,” “Black Hat,” or “White Hat” into a search engine, you won’t just find results about the latest offers on hats. These terms are deeply connected to information security and hacking computer systems. But what do hats have to do with hacking? And what constitutes an ethical hacker? These are the questions we will answer in the following blog article.

First of all, what exactly is hacking?

You’ve probably read articles about the “10 best camping hacks”, which explain how to make popcorn over a campfire, or you’ve heard about “life hacks”, which can make everyday life easier in a creative way. “Hackers”, then, are by definition people who use their knowledge and creativity, often related to technology, to understand, improve and change existing systems. Since the 1980s, however, the term has undergone a negative transformation and narrowing to the field of IT security. Nowadays, in everyday speech, someone who penetrates other people’s computer systems is called a hacker.

Black hat, white hat, and ethical hacker: what’s the difference?

Hackers are almost exclusively the dodgy people in hoodies, pounding away at keyboards in a darkened room in front of various screens. This is also evident in the media, in news and feature films alike. There it becomes clear: the word “hacker ” usually has negative connotations. Maybe that’s why other descriptions are needed to distinguish between hackers: there is more and more talk of black hat hackers and white hat hackers. But how do they differ?

The terms have their origins in old Western films. There, the good characters with white hats distinguished themselves from their evil counterparts who wore black hats. And it is precisely in this sense that we find the “black hats” and “white hats” again in the world of hacking. To distinguish between good and evil in hackers, we need to look at two factors in particular: their motivation and the legitimacy of their work.

Black hats find motivation in their own financial gain, but also cyber espionage, protesting, or for the sheer thrill of it. They attempt to steal, encrypt, or destroy personal data, financial information or login details and thus cause harm to those they attack. They act without the knowledge of the targeted persons or companies and therefore make themselves liable to prosecution.

Read more: How Do Hackers Get Caught and Exposed?

“White hats”, on the other hand, use their skills for a good cause. Their approach is similar to that of black hat hackers, with the difference that they do not act illegally. They work for companies or organisations as IT specialists and help to uncover and close security gaps through hacking. Their motivation is to improve and secure technical systems. More and more companies are making use of such services to prevent malicious cyberattacks.

The distinction between black and white, good and evil, is, as everywhere else, too short-sighted in the IT world. And so there is a third group: the “grey hats”. These stand between the two previously mentioned. They detect security vulnerabilities without the consent or knowledge of the system owners but then report the problems to those affected. They then ask for a financial reward for their work or/and give the companies a time frame for fixing the problems and then go public with the vulnerabilities. They do not pursue their goals with malicious intent. Their motivation is to raise awareness of the issue and to enjoy the hacking itself. This type of hacking is on the borderline of illegality, as they work without the permission of the system owners and often gain insight into sensitive data. The fact that the boundaries between white and black hat hackers are becoming increasingly blurred was already proven in a 2018 study by Osterman Research.

Understanding the role of an ethical hacker

White and grey hat hackers are also called “ethical hackers”. This term describes a responsible approach to one’s own hacking skills and results. There are even courses, conferences and certificates for ethical hackers who want to offer their work officially. For in addition to the appropriate ethical attitude, ethical hackers must also fulfil other requirements: great technical skill, the ability to put themselves in the shoes of attackers and an understanding of the value of the data and systems they are supposed to secure.

In this context, you may remember a case highlighted in the media in May 2021. The hacker Lilith Wittmann uncovered security vulnerabilities in the CDU’s election campaign app. She then informed the party, the Federal Office for Information Security and the Berlin data protection commissioners, offering them the opportunity to fix the problem. Only when the app was offline did she publish her work. This approach is also called “responsible disclosure” and shows an example of ethical hacking. However, the case also shows how difficult it can be to evaluate such work under the law. In this case, the CDU filed a criminal complaint against Wittmann, which not only increased the public embarrassment for the party but also resulted in the official statement of the Chaos Computer Club (CCC) that they would no longer point out security vulnerabilities to the party in the future. The case was dropped because the data was publicly accessible, and the legal situation only criminalises the spying or interception of access-protected data.

This example shows once again that the work of ethical hackers is important: without them, there would be more open security gaps, which in turn could be exploited by black hat hackers.

By the way, the colour palette of hackers is expanding. For example, you can also read about Red Hats, Blue Hats, Purple and Green Hats. However, the definitions of these are sometimes very far apart, so we will leave it at this for the moment.

Read more: How to Stop Hackers on Facebook? Hands-On Advice

Other Articles on Cyber Security Awareness Training You Might Find Interesting