The reason why I used Nikola Tesla as an example of a hacker, is because he was extremely clever and brilliant, he was way ahead of his time and was hacking together devices still in use today. Hacking is you and many others said, not confined to technology. The original meaning of a hacker was e.g. a person who was extremely good at crafting items out of wood. Of course, you don't have to share my beliefs and generally I wouldn't consider Nikola Tesla as the general kind of hacker, but, he was extremely dedicated to his work, just like any other hacker is, and he knew exactly what he was doing.
It's good to hear your friend is learning that everything is not black and white, there's (even though I don't want to say this), shades of grey in between. (Not 50 though.)
On the good side, depending on what type of role you're in, you will do almost the same as the attackers (blackhats), except you have permission to do so, and that you abide by an ethical code so you won't e.g. sell the client out, blackmail them, or disclose their information, etc.
Examples of work I have done is as follows:
- Web Application Penetration Tests (often few ips or small blocks)
- Web Service Penetration Tests
- Wireless Penetration Tests
- External Network Penetration Tests
(And soon I'll be doing Internal Network Penetration Tests too.)
- External Vulnerability Assessments (of large blocks)
- Vulnerability Research (finding 0days)
- Incident Response (when a client gets hacked by the bad guys..)
- Host Security Assessments (review of OS and/or Service configuration)
- Writing Secure Configuration Standards (for clients)
(And soon, I'll be writing Secure Coding Standards)
- Denial of Service Testing (i.e. stress testing servers.)
- Verifying that a site is e.g. out of a PCI Scope. (Otherwise, they have to get a PCI Assessment, which I don't do. We have a separate team for that.
- Source Code Reviews (I have a few big projects coming up.)
- Social Engineering Penetration Test (I have this type of project coming up soon as well.)
Of course I have also done:
- Marketing Videos for Information Security Conferences (showing how an external penetration test could get Domain Access, all because of an XSS bug to start with, and a MySQL server (the latest) hosted on a Windows server. This video was made months before KingCope released his "bugs".)
- Developing and upgrading internal tools (hacking tools, reporting tools, security tools)
- Developing and upgrading internal lab environment (for demonstrations, Capture-the-Flag contest, testing environments, etc)
And of course, I have used a variety of different risk rating systems, internal, client-based, and CVSS 2.0
Besides that I have done research in a variety of domains (most not released yet), but it spans across network attacks, web application security, etc.
The released stuff is mostly related to web application security. (Where this was released way before I got my job.)
I'm an InterN0T'er