Security

Should you hire an ex-hacker?

Hiring an ex-hacker as a chief security officer may sound crazy, but one company took a chance and it paid off. Find out why the company did it and what an ex-hacker can bring to your organization.


Top Layer Networks, a security products company in Westboro, MA, didn't hesitate when 23-year-old former hacker Joe Magee applied for the job as chief security officer (CSO). They hired him. Magee’s credentials are impressive. Any technology company, especially a security firm, would be happy to have him.

What should you look for in a hacker?
Magee’s employer had the good sense to look for some of the classic traits hackers share. They include:
  • Hungry to learn and be on top of the latest technology
  • Happy to teach themselves
  • Thrilled by discovery
  • Disciplined and driven (They’ll work 24/7 to master a technology.)
  • Able to thrive on complex, detailed tasks

From hacker to chief security officer
By Magee’s late teens, he was not only an experienced hacker but a seasoned techie, as well. At age 14, Magee worked as a tech support rep for Philadelphia’s Globe Times. A year later, he took a job as the top techie at a law firm, where he built computers and designed networks.

Later he attended Drexel University, where he studied computer engineering. Two years later, he was working as a troubleshooter and tech support agent at a brokerage house, Daytek Online. Finally, he landed his present job. It was obvious from the start that Magee possessed advanced and unusual technical skills.

Working as a CSO is the perfect job for Magee. Ask him about security or intrusion issues and you practically have to gag him to get him to stop talking. He can explain the details of the recent denial of service (DoS) attack at MSNBC and how the intruders were discovered and stopped. Then he’ll go on to boast about his firm’s security products and the difficulty of keeping up with high-speed networks. Or, he’ll detail how preventing DoS attacks takes more than a simple firewall: “It takes a network processor requiring a separate hardware device to mitigate high-speed DoS attacks,” Magee explained.

Naturally, Magee didn’t advertise that he mastered his computer skills by hacking when he applied for his job. He wasn’t wrong in thinking it would make a bad impression. Ex-hackers don’t have to advertise their former lifestyle to prove they have valuable technical skills. Besides technical acumen, they are obsessively disciplined with an insatiable curiosity to learn.

Magee’s introduction to the mysterious world of computers began when his parents gave him an Apple 2E. After spending a couple of days trying to figure out how his family’s VCR worked, his parents felt he needed something mechanical and complex to challenge him and occupy his mind. They had no idea the computer would change his life. As soon as he booted up the Apple, he was mesmerized and incurably hooked. His addiction intensified, and his thirst to learn was insatiable. If he didn’t have to go to school or sleep, he’d spend 24 hours a day exploring and mastering his machine. But even with a hectic school schedule, Magee, to his parents’ chagrin, managed to spend at least 10 hours a day working on his computer.

An Apple a day
It took him barely six months to master the Apple. He taught himself basic programming and how to roam the Internet by checking out thousands of bulletin boards. He quickly made friends and learned the rudiments of hacking by writing script. Like his hacker buddies (most of whom were men), he admits to breaking into some reportedly secure off-limit systems such as that of the University of Philadelphia.

Even though Magee insists his hacking days are over, he won’t reveal his code name or talk about all of his exploits, most of which were hardly legal. And who’s to say he doesn’t still check out his favorite hacking sites to get the latest hacker gossip in the wee hours of the morning? Magee is not ashamed or apologetic about his past. After all, don’t we secretly enjoy the success of “bad boys” who relish the knowledge that they foiled the system?

No matter what side of the law they’re on, there is no shortage of nocturnal hackers of all ages and backgrounds. Many are senior security executives in blue-chip, FORTUNE 500 companies. Some are university professors who teach computer science or computer engineering. Others are celebrity hackers like Apple inventor Steve Wozniak. The computer genius’ Web site includes links to information about “blue boxing” and the story of how he met phone phreaker Captain Crunch.

Mastering technology, causing havoc
Magee admits that plenty of hackers like Mafiaboy, the Canadian hacker who broke into Yahoo, eBay, Dell, and CNN’s Web sites and immobilized them for several hours, are out to wreak havoc. Mafiaboy’s exploits are meticulously described in Dan Verton’s book, The Hacker Diaries, Confessions of Teenage Hackers (McGraw-Hill/Osborne; $24.99).

Yet the majority of hackers simply want to master technology, said Magee. And hacking, which does not necessarily mean breaking into the Pentagon database—although it’s been done—is a vehicle for learning the intricate details of technical systems. “Most employers don’t realize that former hackers bring extraordinary problem-solving skills, which means the patience and stamina to work around the clock to find solutions,” said Magee. “If they don’t have the tools, they’ll find them. The same knowledge it takes to break into a system can be used to build a database, enterprise application, and of course, a security system.” They have an extraordinary work ethic, according to Verton, “which most people don’t have.”

Good enough for the Feds, good enough for you
And it’s no small wonder many ex-hackers pursue security jobs when they decide to experience daylight and turn legitimate. “In the hacker community, it’s well known that the only person who can stop a hacker is a hacker,” said Verton. Magee is a good example, and plenty of other ex-hackers have identical skills or better. “All those years of learning the ropes gives them a depth of understanding it takes most technical people several years to acquire,” Verton added.

But while Magee insists ex-hackers can be assets to his company, he said he would check them out carefully to find out if they have given up their former hacker lifestyle. And, unlike most of us, Magee has endless channels to check information. “He’s probably better at it than most FBI cyberoperatives,” added Verton.

How do you think the Feds learn how the hacker world works? No wonder the government has plenty of hackers on their payroll. Many of them even have the authority to green-light high-level security systems.

An ex-hacker could turn out to be your smartest hire ever.

Hiring a hacker
Would you hire a hacker? Drop us a note or post a comment below.

 

Editor's Picks