They’re the bane of the IT security professional’s existence when they’re on the wrong side of the law, but the truth is, hackers often understand the nuances of network security better than your average CSO. So is it safe to bring a hacker into your IT team?
According to Shane MacDougall, there are pros and cons to hiring a hacker. MacDougall is a partner at Canadian security consultancy Tactical Intelligence, a hacker at the DEFCON Hacking Conference, and last year’s winner of Social-Engineer.org’s The Schmooze Strikes Back hacking contest.
“Every IT department needs to hire an ethical hacker,” says MacDougall. But his advice comes with a warning: “You really do need to check the background on who these people are, who they’ve been hanging with, and who their crews are.” MacDougall offers these tips for hiring a hacker that’s right for your IT shop:
Ensure a good fit. No two hackers’ skill sets are exactly the same. For this reason, MacDougall recommends that you carefully consider why you need to hire someone in the first place.
For example, if your company is focused on programming, MacDougall says, “Somebody who has a lot of background in breaking applications is a desired skill.” On the other hand, a network operations center might look for a network ninja who is handy with lots of network sniffing tools. Finally, if your company needs a systems administrator, a hacker who has broken into systems and who knows how to find the holes within various servers and where vulnerabilities exist might be the best bet. “They’re all very unique jobs and they all take very unique skill sets,” says MacDougall.