Would you employ a hacker or malware writer?

Microsoft has pointed the figure at a Russian antivirus outfit's former technical expert, claiming he was the brains behind the Kelihos spam botnet. Davey Winder is prompted to ponder whether it's ever advisable to hire a former hacker or malware author...

Not all ex-hackers are quite as 'ex' as they would like you to think.

I know a number of ethical hackers who get hired as penetration testers by large corporates, who also earned their stripes before they started wearing the white hats they sport today.

It goes without saying that not all ex-hackers are quite as 'ex' as they would like you to think. And that's where the real problems start.

How can you trust someone not to work for you and steal from you at the same time? The answer is in exactly the same way that you trust someone not to steal money from the shop till or sell your secrets to a competing business.

It's what happens during the interview and selection process; it's the picture that you paint from talking to someone, checking their backgrounds and seeing if the two things gel; it's the personality profiling that you employ that specialist company to carry out on your behalf.

If the would-be employee 'fesses up about his or her past as a hacker then at least they have honesty on their side. Such honesty also suggests they are more than willing to leave you to make the judgment call and risk not being employed as a result. If they don't reveal their past and you uncover it, then they probably are not quite what you are looking for.

Ultimately, the decision is yours. You have to weight up the positives (in-depth knowledge of network and data security threats and methodologies, which can be put to good use protecting your data from their contemporaries who would wish to do you harm) against the negatives (the potential for things to go wrong with dire consequences for your network, your data and your brand reputation).

This is where the real nitty gritty comes into play: can you trust the ex-hacker to be on your side when things are no longer rosy, if your working relationship has gone pear-shaped and they have become an ex-employee? For a great many of the businesses I talk to about such matters the answer is a categorical 'no' and it is this greater potential for disaster which ends up tripping the risk assessment against the ex-hacker and in favour of someone with less obvious 'skillz'.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
Should IT departments call time on WhatsApp?

Should IT departments call time on WhatsApp?

15 Jan 2021