Problem solve Get help with specific problems with your technologies, process and projects.

Options for a former black hat gone ethical

Can a former black hat ever really reform? Don Donzal tackles tough ethical questions in this expert response, suggesting community service and mentorship for black hats looking to erase a questionable past.

Understanding the mindset of a hacker may be useful to counter security attacks, but apparently companies still object to hiring former (or even reformed) black hats, even as consultants. Do you have any suggestions for a former black hat gone ethical? Would it help to get ethical hacking certification?

There's a common saying that goes way back, "Once a thief always a thief." That being said, there are plenty of examples where criminals have cleaned up their acts and have truly added positively to their given industry. Two that come to mind are Kevin Mitnick and Frank W. Abagnale of "Catch Me If You Can" fame. So the questions you have to ask yourself are 1) How many cases of criminals unsuccessfully making the ethical switch go unreported? And 2) Do you want to take that risk and trust your corporate assets to someone with a questionable past? My opinion is that there are plenty of incredibly smart people in the field of security that never crossed over to the dark side. Hire them. As a business owner, that would make me sleep well at night. As for certifications, a piece of paper will never prove that one is ethical. A criminal background check is much better at that.

By no means am I saying that people are beyond reform or that they don't deserve a second chance, but giving a black hat access to your corporate assets is like asking a recovering alcoholic to tend bar. The temptation my just be too great.

But not all criminals are hardened. Some simply take advantage of a situation for temporary gain. As Editor of The Ethical Hacker Network, an online magazine for security professionals, I feel it is the ethical hacker's duty to not only give back to the security community in general, but also to mentor those just entering the profession. If newbies understand the reaction they'll get from a vast majority of those in the security field, maybe they'll think twice when a questionable opportunity arises.

So my suggestion for a black hat would be community service. Give back to the community and show that you now want to be a positive part. Volunteer at elementary and high schools and show the next generation the wonders of computers, the power of networks and the advantages of playing for the right team. And then...maybe...we can start to reclaim the word "hacker," a positive term formerly given to intelligent tinkerers.

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.