"These guys obviously have the ability to be effective," said Peter Rya, security manager for ITNET, an outsourcing firm. "But it's almost encouraging youngsters to write viruses so they can get a job. I can understand the short-term business benefits, but it's a bit worrying when you think that there's nothing to stop them doing it again."
The managing director of security firm Utimaco said she would not employ an ex-virus writer: It wouldn't be our policy to recruit ex-hackers," she said.
"If they had written malicious code, how could you ensure that they didn't do it again? It certainly wouldn't be for us."
But other security experts seemed to think it was good business sense to hire ex-virus writers.
"This is an issue that relies on ethics," said Claudia Aguire, security specialist for SAP Switzerland. "But the company has to take into account that these people know where to be focused to see problems. And if they know that, they know how to protect you. Functionally, it would not be such a bad thing."
Peter Higginson, security executive for Coors Brewers, agreed: "It's better to have them on the inside than on the outside. I think it's a good thing, but you'd have to keep them happy to stop them doing what they might have done before. It comes down to how much you trust your employees. But it could put HR in a tough spot for not employing someone on the basis of their background."
Firewall company Securepoint has offered Sven Jaschan, who is reported to be responsible for more than 70 percent of viruses in the first half of this year, a position because of his abilities, according to press reports.
Gartner's IT Security Summit ends today.