I'm addressing this about 6 months too late, but there was an extremely repetitive, relatively ignorant article that was written by M. E. Kabay which rehashes the topic of whether or not you should hire hackers for what seems to be the hundredth time. There are additional comments on Brad Johnson's blog here: http://systemexperts.blogspot.com/2009/10/hiring-hackers-please-dont-by-brad.html
The only people who argue against hiring hackers are people who are riding their coat tails, or trying to create controversy that simply isn't there. Put simply, the information security industry was -created- by the very hackers that the article suggests you shouldn't trust. The concept of compliance regimes, security standards, controls, and technologies like firewalls, IDS/IPS, DLP, etc... wouldn't exist without the need for security, and the need for security is addressed by these companies... right... the ones created by hackers.
In fact, suggesting that you shouldn't ever hire a hacker to work on your security project is analogous to suggesting that a doctor who has performed exploratory surgery on a patient with success is somehow less qualified to address your ailment.
Chris and Al, both of whom I have seen own various parts of our nation's infrastructure first hand, are two of the most respected early security technology executives in the industry. Maybe you've heard of their companies: Secure Networks, and ISS. Sorry guys, you're outed. It's been like 20 years, so I'm pretty sure you're safe from a statutes perspective. Point being that hackers are the primary people who are responsible for you having an industry to work in.
Its just funny to me that people are still having this conversation, because the argument that no one should hire hackers is silly. If you want to buy a product or have a service executed that even remotely involves security, you WILL be hiring a hacker, and you don't really have a choice in the matter. If you end up with zero hacker involvement, you may want to review the efficacy of the product or service you just bought.
No comments:
Post a Comment