Would you employ a hacker or malware writer?

Microsoft has pointed the figure at a Russian antivirus outfit's former technical expert, claiming he was the brains behind the Kelihos spam botnet. Davey Winder is prompted to ponder whether it's ever advisable to hire a former hacker or malware author...

Not all ex-hackers are quite as 'ex' as they would like you to think.

I know a number of ethical hackers who get hired as penetration testers by large corporates, who also earned their stripes before they started wearing the white hats they sport today.

It goes without saying that not all ex-hackers are quite as 'ex' as they would like you to think. And that's where the real problems start.

How can you trust someone not to work for you and steal from you at the same time? The answer is in exactly the same way that you trust someone not to steal money from the shop till or sell your secrets to a competing business.

It's what happens during the interview and selection process; it's the picture that you paint from talking to someone, checking their backgrounds and seeing if the two things gel; it's the personality profiling that you employ that specialist company to carry out on your behalf.

If the would-be employee 'fesses up about his or her past as a hacker then at least they have honesty on their side. Such honesty also suggests they are more than willing to leave you to make the judgment call and risk not being employed as a result. If they don't reveal their past and you uncover it, then they probably are not quite what you are looking for.

Ultimately, the decision is yours. You have to weight up the positives (in-depth knowledge of network and data security threats and methodologies, which can be put to good use protecting your data from their contemporaries who would wish to do you harm) against the negatives (the potential for things to go wrong with dire consequences for your network, your data and your brand reputation).

This is where the real nitty gritty comes into play: can you trust the ex-hacker to be on your side when things are no longer rosy, if your working relationship has gone pear-shaped and they have become an ex-employee? For a great many of the businesses I talk to about such matters the answer is a categorical 'no' and it is this greater potential for disaster which ends up tripping the risk assessment against the ex-hacker and in favour of someone with less obvious 'skillz'.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021