Welcome Welcome to ADMIN Lead image: Lead Image © Setsiri Silapasuwanchai, 123RF.com
Lead Image © Setsiri Silapasuwanchai, 123RF.com
 

If You Don't Like Security Guys, Call a Hacker

Many years ago on a school field trip to the local police station, I noticed a bumper sticker on a cop's cruiser that read: "If you don't like Cops, next time you're in trouble call a Hippie." Of course, I understood the purpose and the message behind the sticker, but what I didn't understand was the generic hostility toward an entire group of people who could, at some point, prove useful to law enforcement and its effort to thwart crime. And although the ubiquitous peace and love hippie credo was all encompassing, there were a few bad eggs with whom law enforcement personnel weren't happily acquainted. I assume those "black hat" or perhaps "black headband" hippies comprised a minority of the worldwide hippie community, or commune, if you like. Similarly, all hackers aren't lawbreakers. Most, in fact, are law-abiding citizens who either are curious or who get a thrill of walking that fine line between ethical and illegal. In either case, my assumption is that even the line walkers will help catch their black-hatted counterparts – given the proper motivation, of course.

A day rarely passes without reading about a new hack, a new breach, or a new dump of private information. Hackers, it seems, are always one step ahead of our best security efforts. Shouldn't we embrace those who live in the deep web and harvest their knowledge for good? While I'm only comparing hippies to hackers to illustrate a point, the analogy of partnering with insiders who can help bring the really bad guys to justice is a valid one in either case.

Now, I'm not talking about Edward Snowden here. I'm talking about real hackers – people who have true knowledge of how to compromise systems, to expose data, and to maintain a stealth presence inside your network. I know that a few companies have hired hackers that have infiltrated their perimeters in the past, but that's still the exception more than the rule. My personal opinion is that I'd rather hire someone who's truly passionate about hacking and about security rather than someone who's just into it because it's the new Cisco, the new Windows, or even the new Linux. I want to hire the person who is a 24-karat hacker.

I don't care if the person uses Leet-speak, solves Sudoku, or plays D&D; I want this hacker to represent security on my network. I want him or her to be one-fourth Dr. Evil, one-fourth Kevin Mitnick, one-fourth Doctor Who, and one-fourth Sherlock Holmes. I want the dirtiest of players on my side. After all, when you hire a bodyguard, you don't hire a 98-pound weakling; you hire the biggest, meanest bully who'd scare King Kong at midday on a busy Manhattan street. The old saying, "You have to fight fire with fire," rings true when you want to protect your assets from people who want to rob you of your money, your intellectual property, your reputation, and your security.

And I'm not implying that all hackers, or all hippies for that matter, are bad people, but you have to find the genuine article for quality help in either case. Wannabes and part-timers just won't (pardon the pun) hack it in the real world of real threats and real thefts. In the world of advanced persistent threats, you need advanced persistent protection, and that can only be had from someone who truly knows his or her enemies.

So, the next time you're in trouble, call a cop. The next time your network comes under attack, you'd better call someone who can help – a hacker – a real hacker – someone just this side of evil, just this side of the law, and just this side of your firewall.

Ken Hess * ADMIN Senior Editor