A news story on Bloomberg Businessweek reports that companies and vendors in Europe are turning to "white hat hackers" -- the stereotypically grimy and obsessed young turks of the Web -- for help with growing security development needs.
"Recruiters are turning their backs on resumes, diplomas, suits and ties as they work to attract atypical, sometimes marginal profiles that fit into a different set of rules," noted authors Marie Mawad and Jonathan Browning yesterday. And they cite an ad posted recently on Facebook's site: “seeking a passionate hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses.”
This isn't a new approach. Back in the day, Zuck himself allegedly belonged to the unwashed, sleepless masses of buggy-eyed geeks. For years, hackers at the Defcon conference and other venues have showed off for vendors and enterprises willing to hire them for security consulting and development.
There are success stories like that of Kevin Mitnick, who served jail time (a chunk of it in solitary confinement) for notorious hacking in the 1990s -- only to emerge as a security consultant.
Kevin Mitnick. Photo: Mikhail Romanenko.
Mitnick's story shows the advantages that hackers can bring to corporate employers. After all, who better to guard the gates than a former trespasser who's wise to all the tricks?
But there are downsides. As time has passed, it's become apparent that hackers are often unpredictable and irascible people. Efforts to define a "hacker mentality" seem to generate as much controversy as answers. By definition, hackers don't accept authority; they're as likely to turn up in Anonymous as the corner office.
Perhaps because of this, hiring hackers can put one at risk of ending up with unreliable help. And while some hackers come cheap, others with marquee value may be even more expensive than more traditional developer services. Is that the kind of help you really need?
Ultimately, the choice of whether or not to hire a hacker will be made on a per-case basis. There are surely benefits that come from the special expertise of white-hat hackers. And in many instances, enterprises can avoid exposure to the unpredictable by assigning hackers to work in a larger team of trusted internal and external partners.
There are always risks. Naturally, the best strategy is to weigh the pros and cons carefully before hiring. Best case, you'll get an unusual and hard-to-duplicate perspective to advance your security profile. Worst case, you may get ripped off or simply find yourself saddled with an expensive rogue.
What do you think of hiring hackers? Sound off on the board below, and be sure to take our latest poll: Would you hire hackers for online security expertise?
— Mary Jander , Managing Editor, Internet Evolution