Slashdot Mirror
Would You Hire a Former Black Hat?
Mark Zenson asks: "Understanding the mindset of a hacker and the likes of one may be useful to counter security attacks, but apparently companies still object to hiring former, or even reformed, black hats."
The article asks this question of several executives in the industry and for various reasons, many of them were skeptical to the idea of hiring such people. Would you give black hats a second chance if you were in their position?
Takes one to know one, I suppose. Looking at what Frank Abagnale did to improve security against bank fraud, I'm sure that a 'black hat' turned good could be of some use to a company.
If the company is going to be ripped off, it will probably start in the boardroom as upper management are granted perks that they shouldn't have. One company I worked for is on the road to bankruptcy but the company is still paying for the CEO's $200K/year New York City apartment. This is the same management that banned free soda when they figured out that employees were taking a can or two home. Go figure.
Are these big companies likening it to hiring a reformed bank robber as a teller, or a paedophile as a teacher?
Anyway, I thought the biggest part of being a 'black-hat' was to keep your online identity COMPLETLY SEPARTE from your real life ID... A big company should have no idea they've employed a 'former' black hat - at least if they were any good at it. If they got caught then he/she might not have the attention to detail you require for an employee in that field.
My question is, why would they know of their "Black Hat" exploits? I have to admit I've skipped applicants who admitted to "hacking" in a black hat context (Not "I sniffed my neighbors WiFi to get free internet", but I hacked into a potential employers network and explored). It shows an inability to set bounds and a lack of understanding of appropriate/inappropriate. I'd rather have lower skills that I can trust over high skills that might be working against me.
You are in a maze of twisted little posts, all alike.
My observations as an old person by definition using your rules:
* Can they work with people?
* Can they dress well?
* Do they shower?
* Are they capable of staying after normal work hours every now and then to see to something getting finished?
* Are they sensitive to other people and their surroundings?
Black Hat Hacker.
I am clean, charming, well dressed, always working, and my sensors are constantly monitoring people and places. I'm also perfectly cold and capable of taking every coin you own and are capable of borrowing. I will do this using my clean, charming, well dressed, and sensitive persona.
White Hat Hacker.
I showered today because I wasn't up all night playing WOW. Jeans, T-shirt, piercings, tatoos, uncombed long hair and beard are my personality, get over it. People are either cool or annoying. I try not to be around too many of them at one time but there is nothing wrong with that. Most of my friends are on IRC and WOW anyway. As long as I bang out enough code to meet my boss' requirements I'm golden.
Having to work for a living is the root of all evil.
Not only that, but also what they were doing during their "black hat" phase.
Running scripts you've downloaded to scan for default passwords on websites so you can post that you've "pwn3d" their site
On the other hand, knowing enough about TCP/IP to crack servers with an injection routine that you've written
Script kiddies are a dime a dozen. And their "knowledge" is just about useless in the corporate world. What else do you have that's better than I can find elsewhere without the issue of your past behaviour?
The same with social engineering attacks (unless you're hired by HP to investigate leaks).
Real hackers, on the other hand, are extremely valuable not only for the technical skills they've built up, but also because they're driven by problem solving and they are more than happy to get down to the metal.
Oh Gods. It depends on what you mean. If you mean my normal attaire is that uncomfortable garish dandy's outfit known as a three piece suit, I'll have to say no. The apparell oft proclaims the man, and I generally don't choose what clothes to wear based on what everyone else deems appropriate. If you need me to meet customers, I suppose, but for gods sakes why are you making me wear a shirt in my cubicle? Would anything else make you feel uncomfortable somehow?
This is reasonable. If you're going to ask me to do this every morning unconditionally, I'm gogint to ahve to say that if I choose the odd tuesday or so as a "wash the bits" morning and you take offense; you're standing to close inside my bubble.
Of course I am! You'll never see me do or say anything inappropriate. Oh, wait. Do you mean by sensitive that I must take time away from my job to engage in vapid conversation to make insecure coworkers feel better? Must my meetings and greeting be peppered with trite reassurances and shallow smiles? Must I waste precious minutes of my life decoding and responding precisely to oh so many unfathomable and illogical social nuances, walking a tightrope of peril with each word I utter lest someone take grevious and irremediable offense and a misplaced clause or syllable. I'd rather just, you know, work.
Oh, that kind of job. Sorry, despite what the above might lead one to imply, I do in fact have a life. Or at least, enough of a one not to waste it patching up someone elses mistakes.
May the Maths Be with you!
I am not sure a "history of fraud" defines a black hat (according to my defination anyway).
Having worked with some people from this kind of background I would say that having them around in any kind of hi-tech start-up is a geniune asset. High IQ comes with the terroritory and I have also found that uber-geeks (as most dedicated black-hats are, by default) have a deep pride and sense of ownerships in their projects. I think that 'black hat' behaviour is more about ego than they would like to admit, and egos can be good if they make the owner strive to make their project the best out there.
There definatly will be a few assholes that try to screw you over, but I am not sure that it is fair to say there are more of these people in the 'ex black-hat' community than in the general population.
I'd hire a reformed bank robber to do a pen test on my bank, which is really what they're talking about.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Yes, that's exactly what you want. A *bored* (ex)black hat hacker.
Maybe not