Would you employ a hacker or malware writer?

Microsoft has pointed the figure at a Russian antivirus outfit's former technical expert, claiming he was the brains behind the Kelihos spam botnet. Davey Winder is prompted to ponder whether it's ever advisable to hire a former hacker or malware author...

Not all ex-hackers are quite as 'ex' as they would like you to think.

I know a number of ethical hackers who get hired as penetration testers by large corporates, who also earned their stripes before they started wearing the white hats they sport today.

It goes without saying that not all ex-hackers are quite as 'ex' as they would like you to think. And that's where the real problems start.

How can you trust someone not to work for you and steal from you at the same time? The answer is in exactly the same way that you trust someone not to steal money from the shop till or sell your secrets to a competing business.

It's what happens during the interview and selection process; it's the picture that you paint from talking to someone, checking their backgrounds and seeing if the two things gel; it's the personality profiling that you employ that specialist company to carry out on your behalf.

If the would-be employee 'fesses up about his or her past as a hacker then at least they have honesty on their side. Such honesty also suggests they are more than willing to leave you to make the judgment call and risk not being employed as a result. If they don't reveal their past and you uncover it, then they probably are not quite what you are looking for.

Ultimately, the decision is yours. You have to weight up the positives (in-depth knowledge of network and data security threats and methodologies, which can be put to good use protecting your data from their contemporaries who would wish to do you harm) against the negatives (the potential for things to go wrong with dire consequences for your network, your data and your brand reputation).

This is where the real nitty gritty comes into play: can you trust the ex-hacker to be on your side when things are no longer rosy, if your working relationship has gone pear-shaped and they have become an ex-employee? For a great many of the businesses I talk to about such matters the answer is a categorical 'no' and it is this greater potential for disaster which ends up tripping the risk assessment against the ex-hacker and in favour of someone with less obvious 'skillz'.

Featured Resources

The ultimate guide to business connectivity in field services

A roadmap to increased workplace efficiency

Free download

The definitive guide to migrating to the cloud

Migrate apps to the public cloud with multi-cloud infrastructure solutions

Free download

Transform your network with advanced load balancing from VMware

How to modernise load balancing to enable digital transformation

Free download

How to secure workloads in hybrid clouds

Cloud workload protection

Free download

Recommended

Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Barracuda Backup Vx review: Hassle-free hybrid backup
backup

Barracuda Backup Vx review: Hassle-free hybrid backup

20 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021