'Rent-a-hacker' debate gets heated

UK businesses are divided over whether to open their offices to hackers. Would you 'hire a thief to catch a thief'?

The debate over whether or not companies should employ hackers to work on network security is heating up, with UK businesses divided on the contentious issue. Earlier this week, one leading security expert hit out at claims by former hacker Kevin Mitnick, who urged companies to open their doors to hackers to exploit the skills these reformed cyber-criminals would bring. Vincent Gullotto, vice president of Network Associates' anti-virus emergency response team (AVERT), said: "If Kevin Mitnick turned up on my doorstep asking for a job, I'd tell him, 'Sorry, but we don't have any jobs going'. "There is a strong feeling within the security sector that you shouldn't give these people jobs - no matter how reformed they are, or how reformed they say they are." However, attitudes in the UK workforce are less clear-cut. silicon.com reader Nathaniel Mitchell, who is currently setting up his own IT firm, said: "I would hire a hacker," citing their ability to understand the mindset of fellow hackers - thus bringing 'inside knowledge' to a company's security strategy. "A hacker has more of an insight into the minds and workings of another hacker," he said. "Personally I think it would be a great asset to a company to have a hacker as a security consultant, or even as an administrator for security." However, not all respondents were of the same opinion. David Sparkes, a systems integration engineer working in the telecoms sector, expressed concerns about the messages it would send out - suggesting many may come to think of hacking as a career move, something which they can later put on a CV. "If you employ hackers then you are actually encouraging more people to become hackers," he said. "It is the hacker dream that due to their activities they will be snapped up by some big company and paid ‘megabucks’. If you make that dream a reality you will open up a whole new generation of hackers," he added. Those firmly in the 'no' camp also received support this week from an unlikely source. One reformed hacker told silicon.com: "Being a former hacker, I can honestly say, I wouldn't personally employ a hacker. Even though the company I work for now gave me the chance, I don't think knowing what I know would ever convince me to employ a hacker. "Curiosity is something that can't be rehabilitated," he added. However, John S, a senior PC support engineer, working for the health service, argued in favour of looking at individuals on a case-by-case basis. "I think that it stands to reason that the person who will most likely be able to save your systems from hackers is one who has spent much of their youth hacking themselves," he said. "In my opinion they are the best qualified. The big question is which one do you trust to have "grown out of it" enough to put on the payroll?" We want your feedback. Where do you stand on this controversial issue? Email editorial@silicon.com