There’s also ethical offensive cyber: penetration testing apps/services with permission from the owner to find weaknesses and vulnerabilities so that they can implement fixes, or red-teaming which is basically pretending to be a threat actor and testing an organization’s overall security posture.