get reputational kudos and/or hard
currency to showcase and test their skills
in a very public forum. In exchange, the
hiring organisation gains new dimensions
of security smarts and perspectives.
Some businesses choose to hire
hackers direct. Hands-on experience is
key here. While it may sound counter-
intuitive to make use of external
hackers – some of which have a
track record of criminal activity – the
one thing they have in abundance is
hands-on experience. At the end of
the day, a hacker is a hacker. The only
difference is what they do once a bug or
vulnerability is found.
Ultimately, employing an ex-
cybercriminal is a risky decision that
should be made on a case-by-case
www.intelligentciso.com
|
Issue 15
While it may sound
counter-intuitive to
make use of external
hackers – some of
which have a track
record of criminal
activity – the one
thing they have in
abundance is hands-
on experience.
basis. It is also worth noting that
criminal background checks only help
identify previous offenders – they lack
context on how a person has changed.
For example, it is unlikely that
someone charged for a denial of
service attack at a young age has
mutated into an international career
criminal. Indeed, some young offenders
often go on to become well respected
security consultants and industry
thought-leaders.
Another fertile hunting ground for
hackers could be closer to home. The
best practitioners are curious, with
a strong passion to deconstruct and
reassemble. Businesses need to get
better at harnessing the skills of those
building their applications, code and
75