Ask the Expert

Options for a former black hat gone ethical

Understanding the mindset of a hacker may be useful to counter security attacks, but apparently companies still object to hiring former (or even reformed) black hats, even as consultants. Do you have any suggestions for a former black hat gone ethical? Would it help to get ethical hacking certification?

    Requires Free Membership to View

There's a common saying that goes way back, "Once a thief always a thief." That being said, there are plenty of examples where criminals have cleaned up their acts and have truly added positively to their given industry. Two that come to mind are Kevin Mitnick and Frank W. Abagnale of "Catch Me If You Can" fame. So the questions you have to ask yourself are 1) How many cases of criminals unsuccessfully making the ethical switch go unreported? And 2) Do you want to take that risk and trust your corporate assets to someone with a questionable past? My opinion is that there are plenty of incredibly smart people in the field of security that never crossed over to the dark side. Hire them. As a business owner, that would make me sleep well at night. As for certifications, a piece of paper will never prove that one is ethical. A criminal background check is much better at that.

By no means am I saying that people are beyond reform or that they don't deserve a second chance, but giving a black hat access to your corporate assets is like asking a recovering alcoholic to tend bar. The temptation my just be too great.

But not all criminals are hardened. Some simply take advantage of a situation for temporary gain. As Editor of The Ethical Hacker Network, an online magazine for security professionals, I feel it is the ethical hacker's duty to not only give back to the security community in general, but also to mentor those just entering the profession. If newbies understand the reaction they'll get from a vast majority of those in the security field, maybe they'll think twice when a questionable opportunity arises.

So my suggestion for a black hat would be community service. Give back to the community and show that you now want to be a positive part. Volunteer at elementary and high schools and show the next generation the wonders of computers, the power of networks and the advantages of playing for the right team. And then...maybe...we can start to reclaim the word "hacker," a positive term formerly given to intelligent tinkerers.

This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: