Hackers have made quite a name for themselves: They break into countless corporate and government Web sites and computer networks on a regular basis. In the summer of 1999, hackers broke into the computers at the Pentagon, as well as the Web sites of the Army, NASA, and the National Oceanic and Atmospheric Administration (NOAA).
Within their skills set is the ability to annihilate files and shut down or even obliterate networks. But those same hackers can bring much-needed firepower to your cyber security team, according to one of the nation’s top cyberterrorism experts. Is the risk of hiring a hacker worth the potential reward? Find out what two specialists say.
Some hackers are malicious, and some are just troublesome. As this group gains experience, many are beginning to look for careers in IT security. And their skills may be just what your company is looking for. We want to know how you feel about hiring hackers, with a definitive Yes, No, or Maybe. Would you ever hire a hacker? If so, under what circumstances? We want your opinion. Please post a comment below or send us an e-mail . We’ll report back to you with the survey results.
I hire hackers, but only the good guys
Tony Valletta would hire a hacker. The top security official at SRA International, Valletta is vice president and director of the command, control, communications, and intelligence (C3I) systems business unit. Valletta said, “When I joined SRA, one of my top initiatives was to set up a critical infrastructure protection capability here, and to staff it with some of the best people that I could find.” As part of that initiative, he said, he hired some hackers, “because hackers are some of the best people to bring to our side. They help us defend against the people they know and are used to dealing with.” Valletta also chose several top-level IT staffers that he knew from the federal government, where he spent 29 years working in IT and became a cyberterrorism expert.
Valletta added, speaking about hackers: “We have two already, and hackers are being hired by a bunch of other companies as part of their teams that we all put together to help businesses as well as government agencies perform vulnerability analyses.” In fact, reports are that hackers who are ready to act responsibly are working for most, if not all, of the Big Five accounting firms.
It’s a matter of ethics
Tim Landgrave, president of eAdvantage, an ASP in Louisville, KY, said, “I wouldn’t hire someone to work for me that I didn’t trust. And I would have a hard time trusting a hacker.” Landgrave added, “There are certain things that are right and certain things that are wrong, and hacking is wrong.”
Landgrave thinks that the goal of hacking is more often to challenge authority than it is to perfect a skill, or it might simply be the challenge of doing it in the first place. “After all,” Landgrave said, “What’s the value to the skill? It’s illegal, immoral, and unethical.”
So, would Landgrave hire a hacker? Well, he admitted, “There are some circumstances when I might hire a hacker. [For example] if he was an admitted hacker in high school or college, but now is settled down and wants to manage a secure environment that he understands, and if the challenge to him now is stopping hackers.” But, Landgrave said he’d still be wary. “My problem with hiring a guy who is still a hacker is that the things he will learn about my system leaves me exposed forever. Can you trust the hacker you hired to tell you everything he found?”
How do you find them?
If you want to hire one, how do you find a hacker? Valletta said, “It’s very difficult. It’s mostly by word-of-mouth, by people who know people. Certainly, a lot of people don’t want to put [on their resumes] ‘hey, I’m the hacker who broke into this system.’ They’d be worried about the next knock on their door.”
When looking for a job, do hackers admit to this skill? “No,” Valletta says. “However,” he adds, “the people who we look at, we screen very carefully, as do the other companies. We don’t hire criminals. That is not what these technical people are.”
Who are the hackers who are hirable? “These are people who grew up with video games, and they just love this stuff,” Valletta said. “Some of them have their master’s and Ph.D.s in computer science. We have [some] of them here today that are just the smartest people that I’ve ever dealt with. We don’t go after the people who were bad. We try to find the great people who decided to make this their obsession and to make it their skill area. They’re very highly sought after. These people get top dollar in [the] industry.”