Home > Ask the Security Channel Experts > Information Security Training and Certification Questions & Answers > Options for a former black hat gone ethical
Ask The Security Channel Expert: Questions & Answers
EMAIL THIS

Options for a former black hat gone ethical

Retired Expert - Donald C. Donzal EXPERT RESPONSE FROM: Retired Expert - Donald C. Donzal

Pose a Question
Other Security Channel Categories
Meet all Security Channel Experts
Become an Expert for this site


Security Channel Update
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 28 February 2007
Understanding the mindset of a hacker may be useful to counter security attacks, but apparently companies still object to hiring former (or even reformed) black hats, even as consultants. Do you have any suggestions for a former black hat gone ethical? Would it help to get ethical hacking certification?

>
EXPERT RESPONSE

There's a common saying that goes way back, "Once a thief always a thief." That being said, there are plenty of examples where criminals have cleaned up their acts and have truly added positively to their given industry. Two that come to mind are Kevin Mitnick and Frank W. Abagnale of "Catch Me If You Can" fame. So the questions you have to ask yourself are 1) How many cases of criminals unsuccessfully making the ethical switch go unreported? And 2) Do you want to take that risk and trust your corporate assets to someone with a questionable past? My opinion is that there are plenty of incredibly smart people in the field of security that never crossed over to the dark side. Hire them. As a business owner, that would make me sleep well at night. As for certifications, a piece of paper will never prove that one is ethical. A criminal background check is much better at that.

By no means am I saying that people are beyond reform or that they don't deserve a second chance, but giving a black hat access to your corporate assets is like asking a recovering alcoholic to tend bar. The temptation my just be too great.

But not all criminals are hardened. Some simply take advantage of a situation for temporary gain. As Editor of The Ethical Hacker Network, an online magazine for security professionals, I feel it is the ethical hacker's duty to not only give back to the security community in general, but also to mentor those just entering the profession. If newbies understand the reaction they'll get from a vast majority of those in the security field, maybe they'll think twice when a questionable opportunity arises.

So my suggestion for a black hat would be community service. Give back to the community and show that you now want to be a positive part. Volunteer at elementary and high schools and show the next generation the wonders of computers, the power of networks and the advantages of playing for the right team. And then...maybe...we can start to reclaim the word "hacker," a positive term formerly given to intelligent tinkerers.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Information Security Training and Certification
Information security certification: Top five Ask the Expert Q&As
CISM and CISSP certification for the channel
Vista, IIS on Windows Server 2003, and Web apps certifications
Certified Ethical Hacker (CEH) vs. Certified Network Defense Architect (CNDA) training
CompTIA A+ certification and the MCSA credential
SANS-GIAC vs. (ISC)2's certs: Advice on which is more beneficial for security consultants
Microsoft certifications and the CISSP exam
Where can I find an advanced ethical hacking/penetration testing course?
Recommended CISSP books
Best practices for taking the CISSP exam

Penetration Testing and Ethical Hacking
Security site assessment FAQ: Podcast with Joel Scambray
Penetration testing 101: How to offer pen test services
How to prepare for network penetration testing services
Network penetration tools
Top five security service provider tips of 2007
Checklist: Top five security assessment tools
Penetration testing tutorial for service providers
An introduction to penetration testing and its legal implications for VARs and consultants
Penetration testing reconnaissance -- Footprinting, scanning and enumerating
Network penetration testing: Ethical hacking tools and techniques

Information Security Training and Certification
CISSP Study Guide: Business Continuity
CISSP Study Guide: Law, Investigations and Ethics
CISSP Study Guide: Security Architecture and Design
CISSP Study Guide: Information Security and Risk Management
CISSP Study Guide: Application Security
CISSP Study Guide: Access Control
CISSP Study Guide: Operations Security
CISSP Study Guide: Cryptography
CISSP Study Guide: Physical Security
CISSP Study Guide: Telecommunications and Network Security

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts