On one side are those who believe that "once a crook, always a crook" and that such people should be given a wide berth, in the same way you wouldn't trust a car thief as a chauffeur.
The other side of the argument goes something like this: you should set a thief to catch a thief, and the best person to catch a computer criminal is another one, although now reformed. So hire away, and put up with the bad press.
Trustworthiness is an essential requirement for any security post, but to assume that someone who has a criminal record (or narrowly escaped gaining one) is automatically untrustworthy is naïve. I have friends who have made such mistakes in their past, but have since proven to be extremely reliable and trustworthy.
There isn't enough data to sensibly judge the recidivism rate for computer crime in the UK, but I bet when there is, it will be a lot less than the 100 per cent assumed by many.
You should, of course, take reasonable steps to check the trustworthiness of any potential employee. I'm not suggesting that you can ignore someone's background, but equally it is only one of many factors to consider.
Equally naïve is the assumption that because someone is a former computer criminal they are automatically a computer security expert. Technical expertise is only one part of the skillset for many security posts, and if you care to examine the general coding quality of recent malicious software, it will make you think twice about trusting its authors to write a "hello world" program, never mind secure your network.
Even the "set a thief" assumption has dubious merit. There is little evidence that crooks make good detectives, and the mindset required to exercise proper risk management to secure a business is very different from that required to poke holes through the perimeter.
If you simply discard applications from reformed criminals, you could be losing out on some potentially excellent staff. And if you blindly accept a Computer Misuse Act conviction as an entrance qualification, you could be very disappointed.
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
