I'm a white hat hacker!<p>I think a better question is what are you looking for or what type of organization do you run or work for? A good security firm can provide application reviews to find everything from xss bugs in your web app to remote code execution in kernel components. This is done either black-box or source assisted and staffed with a team reflective of the size and complexity of the application.<p>Another aspect of security assessments can be network and infrastructure, these generally mean someone running nmap and looking for entry ways further into your network. I am biased but my organization almost never fails to find critical bugs or breach networks.<p>I'm not a salesman but my firm is NCC Group, we are a global pure security consulting firm, which means we don't make or push products. We also have tons of research <a href="https://www.nccgroup.trust/us/our-research/" rel="nofollow">https://www.nccgroup.trust/us/our-research/</a> which you can check out to see a sample of what you be paying security consultants for.
My firm was referred to a firm that needed us through the leader of the local Python user group.<p>The client needed us to review code and act as a witness in a court case on very short notice.<p>It was interesting work, but a bit frightening once we did some research into the black hat hacker who had been warring with the client.<p>I would say to make sure you are hiring a WHITE hat hacker, and pay accordingly. Do your research, check recommendations by past clients and the community, and do a background check at minimum.
Bugcrowd leaderboard provides insight into the top bounty hunters - <a href="https://bugcrowd.com/leaderboard" rel="nofollow">https://bugcrowd.com/leaderboard</a>
The safest and most convenient way of hiring a white hat hacker (a.k.a. ethical hacker) is to run a bug bounty program and get the input of many of them.<p>HackerOne is the leading bug bounty platform.