Would you employ a hacker or malware writer?
Microsoft has pointed the figure at a Russian antivirus outfit's former technical expert, claiming he was the brains behind the Kelihos spam botnet. Davey Winder is prompted to ponder whether it's ever advisable to hire a former hacker or malware author...
Not all ex-hackers are quite as 'ex' as they would like you to think.
I know a number of ethical hackers who get hired as penetration testers by large corporates, who also earned their stripes before they started wearing the white hats they sport today.
It goes without saying that not all ex-hackers are quite as 'ex' as they would like you to think. And that's where the real problems start.
How can you trust someone not to work for you and steal from you at the same time? The answer is in exactly the same way that you trust someone not to steal money from the shop till or sell your secrets to a competing business.
It's what happens during the interview and selection process; it's the picture that you paint from talking to someone, checking their backgrounds and seeing if the two things gel; it's the personality profiling that you employ that specialist company to carry out on your behalf.
If the would-be employee 'fesses up about his or her past as a hacker then at least they have honesty on their side. Such honesty also suggests they are more than willing to leave you to make the judgment call and risk not being employed as a result. If they don't reveal their past and you uncover it, then they probably are not quite what you are looking for.
Ultimately, the decision is yours. You have to weight up the positives (in-depth knowledge of network and data security threats and methodologies, which can be put to good use protecting your data from their contemporaries who would wish to do you harm) against the negatives (the potential for things to go wrong with dire consequences for your network, your data and your brand reputation).
This is where the real nitty gritty comes into play: can you trust the ex-hacker to be on your side when things are no longer rosy, if your working relationship has gone pear-shaped and they have become an ex-employee? For a great many of the businesses I talk to about such matters the answer is a categorical 'no' and it is this greater potential for disaster which ends up tripping the risk assessment against the ex-hacker and in favour of someone with less obvious 'skillz'.
In This Article
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Security best practices for PostgreSQL
Securing data with PostgreSQLDownload now
Transform your MSP business into a money-making machine
Benefits and challenges of a recurring revenue modelDownload now
The care and feeding of cloud
How to support cloud infrastructure post-migrationWatch now