Slashdot Mirror
How To Hire a Hacker
itwbennett writes "If you want to hire a hacker, you need to take a more psychology-based approach to the entire interview process to determine whether he or she has changed their ways enough to be a trustworthy employee, says Mich Kabay in a recent Network World blog post. But this approach is also 'germane for highly skilled staffers, even those that don't come with arrest records or who have done something questionable in their pasts,' says David Strom. For example, in your next interview, ask a question that will suss out how much of a sense of entitlement a candidate has — or how much you or your company has. 'One time when I interviewed with Microsoft in Redmond I couldn't get over this sense of corporate entitlement — it was one of the biggest turn-offs that I had during my interviewing day there,' says Strom. 'I got the feeling that I wasn't going to fit in, no matter how smart I thought (or they thought) I was.'"
...join 'em!
The Institute of Incomplete Research has determined that 9 of out 10
Sounds more like "how to hire a self important misanthrope" to me.
Like a lot of big geeks on Slashdot, I take pride in always receiving a job offer after an interview... accept once. Once I interviewed with the EDIF reader group at Cadence, and the manager had exactly one technical question for me: "Do you understand recursion?" "Well... yes I do." "Well, then, you have all the skills that matter. What really counts is that you know how to fit in, and you don't impress me there."
I'm still shaken up over that interview.
Celebrate failure, and then learn from it - Nolan Bushnell
Put a gun to his head, give him a blowjob and tell him to break AES256?
"Another problem is that some criminal hackers may exhibit traits associated with clinical personality disorders such as the narcissistic personality disorder." I'd say a large amount of IT staff exhibit personality disorders. Not just 'hackers'.
Users... the only thing keeping 1st level support from being the bottom feeders.
How to Fire a Hacker
(Without getting pwned by her/him or his/her friends)
Because (let's face it), there's a chance you hired one on accident, without realizing it, and that they don't have an arrest record, for one reason or another.
I've found the best thing is to doze off during the interview, and when woken...ask for a raise.
Remember, no sleep and no coffee are your friends here...
-Chris
--an unbreakable toy is useful for breaking other toys--
Your Microsoft reference reminds me a of technical blog I read recently that was completely devoted to the author's internal conflict (don't think he realised what he was revealing) about being excited to be promoted into Redmond and his dissapointment at loosing his platinum frequent flyer status as a result of that.
I consider this blatant hacker discrimination morally reprehensible.
Is hacker culture so bad that anyone who identifies as a hacker needs to pass special scrutiny?
Isn't it a bit insulting to the hacker community to say they shouldn't be hired, unless they've "reformed", and imply they have arrest records, suggesting they are all criminals ?
Perhaps you mean cracker
wait...
A Good Troll is better than a Bad Human.
The article is about how to not hire a self important misanthrope.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
Get him to show some work example. Almost everyone of us coders have done games, random programs or other code in the past and as our teenage years. Now if they are hacker like, it still doesn't mean he's a bad worked. Best in the IT have always had the hacker mind, something that goes beyond what everyone else does. But make sure he likes your workplace too and do basic security audit;
But whatever you do, keep in mind that there's no really an easy, computer security answer - if they're hackers, they will get around it.
When you said that he asked, "Do you understand recursion?" I was hoping that you'd say, "Then after that, he asked, 'Do you understand recursion?' And I said yes. And then he asked . . . (wait for it) . . . 'Do you understand recursion?'"
I'm sorry. It just felt like a setup for a joke about recursion.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
Even the stupidest hardened criminal can pretend remorse when it'll get him something... do hiring managers really think they're going to screen out the unrepentant with questions whose "right answers" are obvious. I mean, the few fools who suggest in an interview that the way to handle a bad supervisor is to break into his account and use it to download child porn are going to be pretty obvious in any case.
The interviewee must answer: "Yes, but to fully understand it, you must first understand recursion"
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
u mean cracker. hacker means something else.
What you're talking about when exhibited by a person with a criminal record would be considered a psychopathic personality. Believe it or not, some personality types simply cannot fake their way through their disorder. And narcissists are among the weakest at faking neurotypical behavior. NPDs generally have a hard time grasping what is so wrong about their bad behavior, and often are flagrant in their gloating and celebration of every evil deed they ever did.
I have a relative who is a full-fledged malignant narcissist, and he couldn't disengage from his behavior even when he was standing in front of a judge. I swear to God he tried to talk his way out of a traffic citation that involved putting the car airborne at 80 mph. He just plain doesn't understand why the entire world doesn't thing his shit is the awesomest shit ever shat. And he cannot turn it off.
Yes, a lot of personality types can bullshit their way out of a screening process. But, let's be honest: a person with a psychopathic personality disorder isn't applying to be a coder. They're usually fighting their way into upper management.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
1. Go to a big forest. ...
2. Follow the loud noises.
3.
4. HACKER!
Any sufficiently advanced intelligence is indistinguishable from stupidity.
The easy way to hire tech people and keep them happy is have them work on, wait for it... technology. That is, most of them, unless they signed up for help desk basically want to be given a problem, some hardware, some software and then them to fix the problem. Thats it, no "team building", no pointless meetings, in general most tech people are happy simply working. The less social interaction with most people is the best.
Taxation is legalized theft, no more, no less.
A coworker's boss once hired a "programmer" while my buddy was on vacation (avoiding the technical interview in the process.) The guy's first task was a simple program, but it always core dumped. He made no progress trying to get it fixed, so my friend held a code review. Each and every function looked like this:
Yes. He called main() at the bottom of each function. When asked about it, the "programmer" said 'that's so it'll return back to main.'
I think the biggest mistake we made was not firing that stupid manager on the spot. But I suppose if we fired managers based solely on incompetent decisions, ... well... you know.
John
Because that is an interesting real world scenario to consider in this context. In fact, it would make for a good litmus test: would your hiring process stop the SF admin problem from occurring?
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
...get a gun.
Nerd rage is the funniest rage.
Just offer them a Miata, X-Men number 1, and a subscription to Playboy.
Not a typewriter
"Only the paranoid survive."
and nobody here yet?
You kidding? We've all gone off to update our resumes.
Do not mock my vision of impractical footwear
A good hacker shouldn't be looking for work. He should be running....
---
When they outlaw computers only outlaws will be free.
Surely a site dedicated to news for nerds can get the distinction between hacker and cracker right?
Nothing more to say.
Words mean things. Everyone has to agree what those things are. If your definition of a word doesn't match the rest of the world's definition, you have a problem, not the rest of the world.
Yes, I agree. Article seems to be more focused on hiring crackers. As any hacker knows, crackers are not generally skilled geniuses. I don't see why you'd want to hire one anyway, at least not for their cracker experience.
They don't need to sit down with each other, the project manager needs to define the project goals: i.e. give them problems to work on. Mating the systems is part of that and would be in the requirements.
Best reason to hire them is to do stealthy, illegal stuff. But if they have an arrest record, or they say they are a hacker, it means they aren't very stealthy or discreet.
It's 2009 and people are still scared of hackers? People are needed in security roles, hire based on skills and personality just as one would in any other role. If one really needs to get specialized with it base it off how sales guys are hired: sure, they probably did blow in their past and lied to customers, but that was their job.
I am diabetic you insensitive clod.
Love the Arlo Guthrie reference here :)
TFA is not written by slashdot.
If it had been, we would've had CmdrTaco instantly it him to -1 ignorant.
On that note, the entire article sucks. I don't like this guy, I'm modding him -1 ignorant IRL.
Word.
When it is safe to have a hacker on your IT staff
It is always safe to hire and employ a hacker. If they don't follow the hacker ethic they aren't a hacker. Maybe a cracker, hackivist, or script kiddie but not a hacker.
Falcon
Should there be a Law?
Ohh?
So when the entire world said the world was flat, and one man said it was round, that one man was wrong?
And when everyone burned witches, and one man said there are no such thing as witches, that man was wrong?...
You're an idiot.
You see, I was talking about words. Strings of sound that have an arbitrary meaning. You are talking about facts. Demonstrable pieces of information. It's like comparing your mother and a classy lady.
sorry mate, I've bitten. A Good Troll is a bad human.
Words mean things. Everyone has to agree what those things are. If your definition of a word doesn't match the rest of the world's definition, you have a problem, not the rest of the world.
What about the word "theory". I think that most people in the world would use it incorrectly, but it doesn't change the meaning of the word.
Remember the Second Law of Thermodynamics: Let the Lord of Chaos Rule
This is absurd. The term 'hacker' as it fits into the computing world, was originated by persons who called themselves or others hackers to define skill or drive. It was later BASTARDIZED by the ignorance of people not in the industry to indicate those who could be termed 'hackers' who were essentially black hats or crackers, even outcasts.
So the precedent this sets, and you support, is that just because jargon is misused and abused outside of a field, we should change its definition. Do you understand how silly that is? The term 'hacker' has a meaning that was completely agreed upon by the persons who coined it, therein lies its definition.
Welp, you can sit there and debate the meaning of the word inflammable, I'll be waiting in the parking lot for the fire department.
Welp, you can sit there and debate the meaning of the word inflammable, I'll be waiting in the parking lot for the fire department.
That was tremendously funny. Rest assured, I will steal that line and use it elsewhere.
Do not mock my vision of impractical footwear
it's a fact that the word 'hacker' refers to a specific thing you don't like in popular culture. You can like it or not - the world doesn't care.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
In essence you are arguing that a words definition comes from common usage.
After listening to some of the tripe that comes out of teenagers mouths these days one would wonder if you could say that again with a straight face afterwards.
In regards to the term 'hacker' almost everyone who works in the industry to some extent knows the geeks version. Only those that don't have exposure get it incorrect, but most lay people don't understand trade-specific terms anyway. Does that mean that the people who study the trade are wrong, and the average person is right? due to their collective lack of knowledge?
I first read it as "How to Hack a Hiker". Freddy Cruger?
Table-ized A.I.
Surely they are not really talking about hackers here. The mass media hysteria and a few movies have a lot to answer for in elevating script kiddies and passing them off as "hackers".
Oh, please. Like many words in the English language, the word "hacker" has distinct meanings in distinct contexts, and you and everyone else here knew perfectly well which was intended in this case. The guy who looks around for an aquatic bird when someone says "duck!" might have a valid semantic point, but he still looks like an elitist fool when something smacks him upside the head.
This space intentionally left blank.
Being a 'hacker' who can find solutions to problems most mortals deem impossible, I can tell you that the approach taken by the article is just plain and simply *WRONG*.
If you seriously want someone who thinks out of the box and can figure out complex problems, there really are just a few simple steps to take into consideration:
1) Realize you WILL be hiring someone smarter than you
2) Be okay with it since it will make you look smarter!
3) Allow them to do their job! Don't impose on them stupid ass schedules that require them to attend stupid ass meetings all the freaking time! Light bulb moments don't come on schedules, they come when you allow them to spend their own good time figuring out YOUR problem.
4) DO NOT UNDER ANY CIRCUMSTANCE TRY TO MICROMANAGE!!!!!!
5) Understand they are not after your job.. they just want to do THE job you hired them to do.. so chill out, give them raises and plain and simple, keep them happy!
Step #6 is of course "PROFIT!!!"
--thrill
'One time when I interviewed with Microsoft in Redmond I couldn't get over this sense of corporate entitlement -- it was one of the biggest turn-offs that I had during my interviewing day there,' says Strom. 'I got the feeling that I wasn't going to fit in, no matter how smart I thought (or they thought) I was
Which is why MS with their vast amount of resource (human and money) couldn't produce something like the iPhone. They have a myopic culture that doesn't allow for a person that doesn't want to wear a suit and tie to work.
wtf.
Describe a case of criminal hacking in which someone's personally identifiable information is stolen and used for identity theft. Ask the candidate to describe how the victim might feel. Look for signs of empathy (or its absence).
Great. So the chances to be hired decrease if I can't vocalize empathetically how an identity theft victim would feel. Or is it maybe that being prone to identity theft and having the chops for telling a dramatic story are not directly related? Is this a book writing job or a code writing job?
Oh, I get it now. It's a first-post. I thought that was just an interview technique: if he shows up on time, he's too aware of his surroundings to be a real hacker.
Totally off topic - couldn't help but notice your username...
Socceroos at 14 in the world in the latest FIFA rankings!
That could be a communication skills test for a potential employee: sneak the word 'hacker' into the conversation and see if he starts complaining about hacker vs. cracker.
Language and words change. A person who can't change his brain accordingly can be problematic. "I insist on misunderstanding you because you don't obey my language rules" is not a team member.
Or you could hire a psychopath who knows exactly how the victim will feel .... and wishes that he could make them feel worse.
Yes, and in the headline on a site claiming to host 'news for nerds' I'd expect it to not mean naughty people.
Text:
This is the second of a two-part series on hiring hackers and criminal hackers into IT groups as programmers, network administrators and security personnel.
In a previous series of articles in this column in 2005, I discussed general principles of security when evaluating candidates for any position. A more extensive resource is "Personnel Management and INFOSEC" which, with some expansion, became the chapter on "Employment Practices and Policies" in both the Fourth and Fifth Editions of the Computer Security Handbook (CSH5).
Chapter 12 of the CSH5 is "The Psychology of Computer Criminals" by Dr. Q. Campbell and David M. Kennedy. The authors point out that research on computer criminals suggests that some criminal hackers may exhibit addictive or compulsive behavior resulting from "a combination of compulsive behaviors and curiosity." In addition, "the need for power and recognition by their peers may both be motivating factors for some cybervandals. Computer criminals report feelings of enjoyment and satisfaction when they prove themselves better than system administrators and their peers." [p 12.3]
In another section, the authors report research that suggests that criminal hackers may "alter their thinking to justify their negative actions.... Immoral behaviors can be justified by comparing them to more egregious acts, minimizing the consequences of the actions, displacing responsibility, and blaming the victim[s] themselves."
Another problem is that some criminal hackers may exhibit traits associated with clinical personality disorders such as the narcissistic personality disorder. One of the most important aspects of this disorder is the sense of entitlement. Campbell and Kennedy write, "Entitlement is described as the belief that one is in some way privileged and owed special treatment or recognition.... When corporate authority does not recognize an individual's inflated sense of entitlement, the criminal insider seeks revenge via electronic criminal aggressions."
Dr. Jerrold M. Post wrote Chapter 13 of the CSH5, "The Dangerous Information Technology Insider: Psychological Characteristics and Career Patterns." He agrees that many criminal hackers who are employees (insiders) show signs of personality disorders. In particular, he warns that several types of insiders who have a past history of criminal hacking may engage in dangerous hacking such as inserting logic bombs for extortion, theft of information for industrial espionage, and development of a sense of ownership over the entire system for which they have been hired as system administrators.[p 13.7]
Post has a list of recommendations for all IT hiring which are as follows:
I recommend the following precautionary measures be added to the usual hirin
Just make sure their father can keep them out of jail. Daddy being the head of the NSA would be best.
http://en.wikipedia.org/wiki/Robert_T._Morris
It can't be about cracker's: Those white goody goodies are the ones who make all the rules.
If it's crimminals you want, perhaps you're referring to Brothers?
(Ducks, hides, posts anonymously, and hides more;)
That particular terminology war is over. We lost.
I know it's been said lots of times before, but I think FOSS has been on the map for enough years now, that it's about time the trade press got a clue.
Crackers and hackers are two different groups of people. One group are criminal, sociopathic 14 year olds (whether chronologically or mentally) who write malware, troll security sites in eager anticipation of someone else's implementations of exploits, (because they generally don't have a prayer of being able to actually code themselves) and spend their time generating grist for Theo de Raadt's mill, more or less in general.
Hackers are programmers, and (to an extent, archetypically speaking) practical jokers; but the elements which differentiates hackish pranks from cracker behaviour, are first of all the playful/exploratory nature of their pranks, (as opposed to psychopathic, which is the cracker mentality) as well as the question of whether or not said pranks do genuinely lasting harm.
Granted, a lot of Linux's programmers these days still manage to fall into the sociopathic 14 year old category, even if they're not actively writing exploits; but even so, the distinction between Stallmanite Linux Youth, hate filled though they may be, and actual crackers, is still there.
Bzzt. Wrong answer, sorry. People get drunk together because they are comfortable with each other, not the other way 'round.
My turnips listen for the soft cry of your love
That is all.
If someone doesn't exhibit one personality disorder or another, there's something wrong with them.
Unless he's on a nature tour. Slashdot is more of a freak show than a nature tour, but still, until I got to the part about arrest records, I assumed the summary was talking about businesses that actually want to hire hackers in the non-pejorative sense. Since management's usual tendency is to prefer not to employ such people, it would have been a breath of fresh air.
Usage is language. If the majority of people use the word to mean X, it means X.
If you can't cope with this fact, go learn a language nobody else cares about, like Esperanto, then you can have the run of the place. But if you're going to speak a language that other people also speak, then you'll just have to cope with change. Sorry.
Comment of the year
Half of the people have below average I.Q.'s while 90% of people believe they are in the top ten percentile... mathematically they just can't all fit no matter how much their parents told them they are above average.
Ah, I can remember back to the days when I was working in my local community college computer lab and some adjunct professor had forgotten her password and wanted me to "hack" into her account for her.
"I'm sorry, but I really doubt I could do that."
"But your supposed to be good at computers, don't you read Wired magazine."
"I'm sorry Ma'am I can't say that I do." (I didn't bring up that I had read the odd issue of 2600)
"Well, you really should work harder and learn more about computers and read Wired magazine."
"I'll keep that in mind, Ma'am, sorry I couldn't help you."
What did this conversation tell me? This person believed:
1. Everyone who is good at computers can break into other people's password protected accounts at will.
2. All such people read Wired magazine.
So, Hacker == Good At Computers == Someone who can break into computers.
"MIT betrayed all of its basic principles."
27?
Sure thing. Just cook that chicken up with some braised stoat and microgreens, and I'll suck it on down.
I hear it's a very effective technique
putting the 'B' in LGBTQ+
Did you mean hire a "cracker"?
Perhaps it would be prudent to have a hooker take care of the BJ. Even for those in this audience that swing that way, it's probably difficult to keep control of the gun while doing that.
7/10, would rage again.
Is 1563649 a prime number?
You can if you want to, although I would rather put a gun to his head,
GET A GIRL TO GIVE HIM A BLOWJOB, and tell him to break AES256
I love it when the boys and girls at NCIS "crack" a password in 7 seconds flat. Turing? Who eez zis "Turing?"
On the plus side, most good guy fictional hackers have ethics, so they would never, ever turn up the gain on Mom's favorite cable channel (dimming out the sound on 288 other channels for everyone else...!) Hey, troo story. I had to share the same fabric walls with this slackaroon. Oh, fondly do I remember the wails when the Powers That Be punished me even further ("bad attitude") by putting him on my project: "Hey, wtf! This is rocket science!" He was good to his wife and kids, IIRC.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
http://dictionary.reference.com/browse/suss
*'D' means dictionary
On the contrary, a good human is a bad troll.
The caterpillar takes umbrage.
On the other hand, people who can't consistently use language correctly are very hard to work with. How are you supposed to know what they mean when they don't use words properly?
That's why I posted that. If you look through the post for this article, that was the only post I made on the subject until my replies to you and the other replier hours after I made the original post. I've done the same other tymes articles came up that had a negative connotation to "hacker". I've done the same for the improper use of "polygamy" as well. Polygamy is not what the Mormons did and various break-off sects now practice along with some Muslims. Polygamy is when a person, male or female, can have more than one spouse. What those sects and Muslims, where a man can have more than one wife, practice is polygyny. It's opposite, where a woman can have more than one spouse is polyandry.
Falcon
Should there be a Law?
One is a career and one is for hire. Dev of NMAP Fyodor is here and spent time in the Royal College of London, he also runs http://www.sec-tools.org/ I might be a CDC Member "Cult of the Dead Cow" or pulltheplug who can get r00t faster than you can lockdown any of your systems. But this time I am anonymous with this post. You can employ a true hacker who is loyal. You can hire a hacker and get backdoored. I would just like to say and give credit to Fyodor.you are a genius bro! You really did change life better than Linus Torvalds!
I'd guess most of the people within the computer use the word hacker interchangeably, the meaning changing with the context. "I put a wrapper around this program to fix the bug. It's a pretty ugly hack." "He's more of an old-school hacker." "Hackers made off with information from my bank..."
The only place I ever see someone getting huffy now at the definition of hacker changing are people on Slashdot and the occasional technology web forum.