Q

Options for a former black hat gone ethical

Can a former black hat ever really reform? Don Donzal tackles tough ethical questions in this expert response, suggesting community service and mentorship for black hats looking to erase a questionable past.

Understanding the mindset of a hacker may be useful to counter security attacks, but apparently companies still object to hiring former (or even reformed) black hats, even as consultants. Do you have any suggestions for a former black hat gone ethical? Would it help to get ethical hacking certification?

There's a common saying that goes way back, "Once a thief always a thief." That being said, there are plenty of

examples where criminals have cleaned up their acts and have truly added positively to their given industry. Two that come to mind are Kevin Mitnick and Frank W. Abagnale of "Catch Me If You Can" fame. So the questions you have to ask yourself are 1) How many cases of criminals unsuccessfully making the ethical switch go unreported? And 2) Do you want to take that risk and trust your corporate assets to someone with a questionable past? My opinion is that there are plenty of incredibly smart people in the field of security that never crossed over to the dark side. Hire them. As a business owner, that would make me sleep well at night. As for certifications, a piece of paper will never prove that one is ethical. A criminal background check is much better at that.

By no means am I saying that people are beyond reform or that they don't deserve a second chance, but giving a black hat access to your corporate assets is like asking a recovering alcoholic to tend bar. The temptation my just be too great.

But not all criminals are hardened. Some simply take advantage of a situation for temporary gain. As Editor of The Ethical Hacker Network, an online magazine for security professionals, I feel it is the ethical hacker's duty to not only give back to the security community in general, but also to mentor those just entering the profession. If newbies understand the reaction they'll get from a vast majority of those in the security field, maybe they'll think twice when a questionable opportunity arises.

So my suggestion for a black hat would be community service. Give back to the community and show that you now want to be a positive part. Volunteer at elementary and high schools and show the next generation the wonders of computers, the power of networks and the advantages of playing for the right team. And then...maybe...we can start to reclaim the word "hacker," a positive term formerly given to intelligent tinkerers.

This was first published in March 2007

Dig deeper on Threat management and prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close