Debate: Should information security firms appoint former hackers to development roles?

By on
Debate: Should information security firms appoint former hackers to development roles?

FOR - Simon Khalaf, CEO, Vernier Networks

"Keep your friends close, your enemies closer." This quote from The Godfather is now the modus operandi for many IT security companies as they recruit former hackers to fill their development positions.

To beat a hacker you have to think like one. Thus, hiring ex-hackers is necessary in the fight against the "black hats." By incorporating their insights into IT security, companies stand the best chance of staying ahead of malicious hackers.

No longer are hackers aiming for an ego boost. Now, their attacks attempt to access highly sensitive information stored on corporate IT systems. As bank robber Willie Sutton once said, that's where the money is.

Defending against these attacks requires a complete understanding of hackers' practises and a thorough analysis of exploitable holes in IT networks. This is where a former hacker's expertise proves invaluable.

While hackers only have to get it right once to succeed, they only have to make a single mistake to get caught. There is no one better at catching that single mistake than an ex-hacker.

AGAINST - Sathvik Krishnamurthy, CEO, Voltage Security

Why take the risk of hiring a hacker if you really don't need to? With the best university computer science programs in the world turning out thousands of new computer and software professionals annually, why take the risk of hiring a hacker?

Hiring a PhD from a top computer science program is always a better choice than a hacker. You're going to get the same deep understanding of "how things work," you're going to get a person with high ethical standards, and you can base your theories and discoveries on a deep understanding of science, not just mechanics learned through hacking.

And by hiring a hacker, you risk damaging your corporate credibility. What if a Fortune 50 company is considering buying your software and finds out the lead developer is a hacker? It's unlikely that fact would make it past the due diligence that these large corporations must do before making a multi-million dollar software purchase.

It's just not worth it. There are too many good, legitimate programmers available.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
appointdebatedevelopmentfirmsformerhackersinformationrolessecurityshouldto

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

Most Read Articles

Australia scraps digital passenger cards for international arrivals

Australia scraps digital passenger cards for international arrivals
PayTo rollout kicks off

PayTo rollout kicks off
Neobank Volt exits the banking industry

Neobank Volt exits the banking industry
Westpac sets sights on hybrid meeting spaces

Westpac sets sights on hybrid meeting spaces

Digital Nation

Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce

Log In

  |  Forgot your password?