There's a common saying that goes way back, "Once a thief always a thief." That being said, there are plenty of examples where criminals have cleaned up their acts and have truly added positively to their given industry. Two that come to mind are Kevin Mitnick and Frank W. Abagnale of "Catch Me If You Can" fame. So the questions you have to ask yourself are 1) How many cases of criminals unsuccessfully making the ethical switch go unreported? And 2) Do you want to take that risk and trust your corporate assets to someone with a questionable past? My opinion is that there are plenty of incredibly smart people in the field of security that never crossed over to the dark side. Hire them. As a business owner, that would make me sleep well at night. As for certifications, a piece of paper will never prove that one is ethical. A criminal background check is much better at that.
By no means am I saying that people are beyond reform or that they don't deserve a second chance, but giving a black hat access to your corporate assets is like asking a recovering alcoholic to tend bar. The temptation my just be too great.
But not all criminals are hardened. Some simply take advantage of a situation for temporary gain. As Editor of The Ethical Hacker Network, an online magazine for security professionals, I feel it is the ethical hacker's duty to not only give back to the security community in general, but also to mentor those just entering the profession. If newbies understand the reaction they'll get from a vast majority of those in the security field, maybe they'll think twice when a questionable opportunity arises.
So my suggestion for a black hat would be community service. Give back to the community and show that you now want to be a positive part. Volunteer at elementary and high schools and show the next generation the wonders of computers, the power of networks and the advantages of playing for the right team. And then...maybe...we can start to reclaim the word "hacker," a positive term formerly given to intelligent tinkerers.
This was first published in March 2007