Saying “yes” to hiring a hacker isn’t a hard decision for many of you. After all, hackers have the skills to protect your network. The only nagging issue is one of trust. Many of you want background checks, psychological tests, contracts, and threats of prosecution hanging over their heads.
In a recent article, we asked whether you would risk hiring a hacker. According to 25 percent of you, the answer is no. For a look at the reasons and reservations offered by the “no” camp, check out last week’s article “Reader feedback: Would you hire a hacker?“. But on the flip side, 57 percent of you said you would, indeed, hire a hacker. This week, we examine some of the reasons why.
Are they who they say they are?
FGLENN said, “The question is, how do you test a hacker to see if that person is a hacker. Just because someone broke into a Web site or database does not mean that person is qualified for the job of security. That person may have downloaded a program by a more experienced hacker and used it. If a person can hack through a firewall that is properly configured, then I would call him a hacker. If they can do that, then they have probably done enough research to become a security specialist.”
According to Daina, “Without hackers, vulnerabilities wouldn’t be found. Anyone that considers themselves a hacker because they ripped some Web site isn’t a hacker. Hackers shouldn’t be compared with criminals. There is a clear difference…A hacker is simply a person searching for answers.”
They sure have the right skills
“I’d pay top dollar for an IT pro with A-hacking skills,” said Ernie. He added, “I often wonder if anyone but a good hacker can protect our systems. On the other hand, I want nothing to do with hacker-types with zero values, those prone to eavesdropping or doing any activity with the potential to create damage.”
Jimmym said he would hire a hacker because “they are the best in the technical field. The perfect person to deal with network security is someone who can beat existing network security. These guys have a born skill for reasoning and logic, and that makes them invaluable.” Jamazan agrees: “It takes a hacker to stop a hacker.” Hookie also concurs: “A hacker is probably one of the best people to hire in an IT security environment.”
“Would I hire a hacker? I am a hacker,” said ChadA. “Spent my early years flying through the Internet before there was a Web to play on. Now I run a networking department for a consulting company. I have another hacker working for me. I can troubleshoot rings around everyone else. We don’t advertise the fact that we’re hackers, but once we’ve done that first job for the customer, where they’ve had several other people come in for days working on a problem, then we come in and it’s fixed in minutes, they usually figure it out.”
Bigben said he used his hacker skills to get a job. “When I was in [school], I was asked by the instructors to see if I could break into their computer systems [so they could find out] what they could do to make them more secure. From that, it gave me an excellent knowledge for security, and now I have two network administrator jobs.”
Computertech said that hackers’ skill sets “are exactly what are required to build a good, secure network.” Gvivek said he would not hesitate in hiring a hacker: “A hacker is the best guy to protect your network from the world, since all his/her energy goes into digging out holes in the system.” Mrunza noted, “Many retired hackers enjoy network security and such because it is their opportunity to be on the ‘other side.’ If you think in terms of ‘Who is best to keep hackers at bay?,’ the answer would obviously be someone who already knows their tricks.”
“Yes, I would and did hire a hacker. He’s great and makes it his personal goal to protect his turf (our network), from other hackers,” said BonnieS.
Wmansur said he would hire a hacker because “there are so many computer security loopholes that are not taught in any class or computer security training. Hiring a successful hacker could be the safest thing a business could do.”
PeterO said, “Yes. I think many hackers are looking at security in a different way than security or network people. Hire a hacker for finding your weak points and to change your traditional thinking. How to secure your hacker is another question. I guess you have to trust your instincts, even if you have a good and covering contract.”
USMALE responded, “Yes, I would hire a hacker, but only the ‘good guys’ and that’s the real problem. Knowing who is!”
Trust is the only sticky issue
EricF said, “Hiring a hacker comes with risks, most ‘brilliant specialists’ do. After all, you give the keys to the cash by hiring a new comptroller…The more intelligent, gifted, and creative the individual, the higher the risks you might suffer if/when that individual becomes greedy/disgruntled/angry.” He added, “How can someone claim to specialize in computer security if they don’t know how to exploit that very security? And that knowledge is acquired by testing the limits of the security, in essence, hacking.”
ChadB said, “Yes, I believe I would hire a hacker. Of course, only after an extensive interview and a thorough background check. I wouldn’t hire a hacker that had been in trouble with the law too many times though.” Jhorvath added, “I would have a validated psychological test as part of the process.” MarkD said, “I would also ensure that every action be carefully monitored by qualified staff.” And Psoong said, “Somewhere in the contract with them as an employee, it should be stated very clearly what the policy of the company is and the legalities they would face if any of the company’s policies are violated.” Cour095’s conditions for hiring a hacker include “that they sign an agreement stating that they never disclose network assets, security, etc., to anyone during or after employment,” and “that they don’t participate in any illegal activity relating to hacking during employment.” And Ecp001 said that, in the job interview with a hacker, “attitude, personality, and hygiene are factors that would have higher weight in the decision than would be normal.”
Kikwear said, “I will only hire hackers that I have known in past professional or personal relationships. This way there is an amount of loyalty. Just remember when hiring hackers to keep them happy; never try to undermine them.”
A hacker code of ethics
Nitrium said, “Most hackers I know of are not malicious but know very well how to take down a system if they want to. There is a code of ethics…that many hackers follow. Being malicious doesn’t help anybody. Most hackers know that.”
We’re happy with our staff hackers
Witetigr said, “Yes, we have hired hackers! I have four of them on my payroll at the moment. One is a 17-year-old kid that is getting paid $18 an hour to do nothing but break into our systems…and keep breaking in…plus he keeps our servers and systems pretty clean.”
Diskman has his own computer company, and he only hires hackers. “My entire staff is made up of the best hackers I could find from across the Net,” he said. “I trust them implicitly because I give them the trust they have earned. I know all of them very well and have put them through rigorous training and screening. However, if I were ever to catch one of them hacking illicitly, either on my network or on any network or dial-up connection, not only would I terminate their employment, I would hand them to the authorities myself.”
“Actually we have a gentleman on our staff that is a hacker,” said Richmuniz. “He tries to hack our system on a constant basis, looking for holes, and then coming up with an effective defense. Being an ex cop, I know the best cops are the ones who have the street smarts and weren’t saints (you want to catch a crook, you need to think like one).”
“You are already hiring hackers if you have an IT department of any size and skill…Every company I have worked for has hired a hacker,” said Brian. “Most of them knew, but some of them didn’t.” He concludes that because of a hacker’s often undisclosed background, “You have no say in the matter.”
AmoraC is thinking clearly about the consequences of hiring a hacker. “Yes, I would, unless the company’s name is Jurassic Park.” And—a bit more thoughtful—Pmdracer reminded us, “Keep your friends close, but your enemies closer.” Merrily1 summed up the philosophical point of view when she said, “’Tis better to have a wildman/woman locked in your barn than loose in your fields!”
We appreciate the many responses to our informal survey about hiring a hacker.If you have a new security topic you’d like us to survey, let us know. Just post a comment below or send us an e-mail .