A news story on Bloomberg Businessweek reports that companies and vendors in Europe are turning to "white hat hackers" -- the stereotypically grimy and obsessed young turks of the Web -- for help with growing security development needs.
"Recruiters are turning their backs on resumes, diplomas, suits and ties as they work to attract atypical, sometimes marginal profiles that fit into a different set of rules," noted authors Marie Mawad and Jonathan Browning yesterday. And they cite an ad posted recently on Facebook's site: “seeking a passionate hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses.”
This isn't a new approach. Back in the day, Zuck himself allegedly belonged to the unwashed, sleepless masses of buggy-eyed geeks. For years, hackers at the Defcon conference and other venues have showed off for vendors and enterprises willing to hire them for security consulting and development.
There are success stories like that of Kevin Mitnick, who served jail time (a chunk of it in solitary confinement) for notorious hacking in the 1990s -- only to emerge as a security consultant.
Kevin Mitnick. Photo: Mikhail Romanenko.
Mitnick's story shows the advantages that hackers can bring to corporate employers. After all, who better to guard the gates than a former trespasser who's wise to all the tricks?
But there are downsides. As time has passed, it's become apparent that hackers are often unpredictable and irascible people. Efforts to define a "hacker mentality" seem to generate as much controversy as answers. By definition, hackers don't accept authority; they're as likely to turn up in Anonymous as the corner office.
Perhaps because of this, hiring hackers can put one at risk of ending up with unreliable help. And while some hackers come cheap, others with marquee value may be even more expensive than more traditional developer services. Is that the kind of help you really need?
Ultimately, the choice of whether or not to hire a hacker will be made on a per-case basis. There are surely benefits that come from the special expertise of white-hat hackers. And in many instances, enterprises can avoid exposure to the unpredictable by assigning hackers to work in a larger team of trusted internal and external partners.
There are always risks. Naturally, the best strategy is to weigh the pros and cons carefully before hiring. Best case, you'll get an unusual and hard-to-duplicate perspective to advance your security profile. Worst case, you may get ripped off or simply find yourself saddled with an expensive rogue.
"Nathan true you have a point but what Im saying si that why do you repeat the smae blunder again and agian ? Its not a mistake there after. FB keeps on doing the same thing for so many times which makes people sick of it."
- Yes, but people are reliant upon Facebook - almost in an addictive sort of way - as a central system for connecting with friends, family, news, etc. It's a central service these days for many people, including me I might add, for social event planning and coordinating. Facebook has made mistakes over and over, but nothing has rosen up to stop them. Not even Google could do it.
Nathan true you have a point but what Im saying si that why do you repeat the smae blunder again and agian ? Its not a mistake there after. FB keeps on doing the same thing for so many times which makes people sick of it.
Why do you say? I think that many companies smaller and larger than Facebook can make such blunders. As you know blunders happen, and with more complexity comes more error.
I also agree. Unauthorized access to a system is law breaking. But, if a company like Facebook for example, encourages breaking the security of their systems, and rewarding them for it under disclosure protections, this is positive.
"Got it nathan but a hacker is always a hack er and what ever the definition says the main purpose of a hacker is to get un-authorized data and breech the law. That is risky."
- I find this offense. Lumping people into the pejorative bad "hacker" category isn't fair and completely overlooks the fine details of what it is that makes a hacker a hacker; the love of knowledge and learning. You cannot simply say that those who are interested in learning about things the system doesn't necessarily want them to learn are law breakers.
Why hire them outright when you can create a contest for finding security flaws and then get the work done by a crowd of both hackers and legit professionals? Hackers seem to like to earn bragging rights, so setting up a challenge that exposes security flaws can get hackers working for you for free...
The problem is that they may find your security flaws, but you'll never know how they cracked them. :P
I think it isn't fair to lump all hackers into the same category, including the white hat ones. It also depends on what the purpose of their position is. Perhaps the company already thinks there is a malicious hacker among them, or there have been repeated attempts that are too difficult for the current staff to figure out. Recruiting someone qualified for a position may take the kind of creativity described in this post then. Why not look at this on a case by case basis of what is needed and who would fit the job?
Got it nathan but a hacker is always a hack er and what ever the definition says the main purpose of a hacker is to get un-authorized data and breech the law. That is risky.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Facebook and Twitter are great for posting cat pictures. But are people really using social media for life-changing communications? Like, if a hurricane comes by and blows down their house?
In a standout presentation at the Jefferies 2013 Global Technology, Media & Telecom Conference in New York this week, the UK government talked about becoming a "very intelligent client."
A consumer business would have to be crazy or desperate to change call-center software in December, the peak of the holiday season. But that was exactly Positec's position.
To help enterprises deploy software faster for mobile, social, big-data, and cloud applications, IBM this week acquired development tools vendor UrbanCode.
Internet Explorer seems like a relic of the 90s, like parachute pants and Friends. But that's just me. I'm a Chrome guy, and before that I used Firefox.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
Cisco's rumored sale of Linksys suggests we may have problem with innovation and profit at the edge of our Internet, and that could be critical to the evolution of many Internet-delivered services.
Sean Smith, a US Foreign Service IT manager, gave his life in service of his country and the world. His life and death are a humbling example for all of us who work in IT.
Enterprises are discovering that using social networking within the secure setting of a SaaS provider's network gives them an unusual opportunity to freely collaborate with partners, suppliers, and even competitors.
The very low-tech "scrum" project technique introduces "crowd talking" to projects and also sets the entire crowd to problem solving. So far, these new social-media-style meetings appear to have supercharged project execution.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
E-discovery is the requirement to make available all digital information related to, and in conjunction with, a legal proceeding. An appeals court ruled recently to limit the scope of e-discovery searches, which gives corporate counsel and IT executives a bit more power over the e-discovery process.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Big-data has become a big point of emphasis for many businesses. While the technology is available to deploy these applications, the needed personnel often is not. As a result, analytic engineers' salaries have blown past the six-figure mark, and hiring these experts has become a challenge for IT managers.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
