Thinking about some of the responses, confusion may exist in mixing both ex-hackers
and gray hat hackers together.
Let�s use the definition of gray hat hackers as people who are active in the
underground, who go by their hacker handles, who are in a hacker groups, who perform
illegal or questionable hacking currently or has in the past, and who are now trying
to get paid for hacking/security consulting.
Most ex-hackers are people who are no longer active in the underground, that don�t go
by their hacker handles, that are not in a hacker group, that have stopped any illegal
or questionable hacking activity from the past, and are attempting to protect networks
by actually locking them down.
So if you had three candidates for hire:
1) Jack Smith, Security Professional, CISSP certified.
2) John Smith, ex-hacker turned security expert
3) Dr. Chaos, gray hat hacker in hacker group Anarchy4Life Club
Which one would you hire as VP of Security or senior security consultant lead of the
project to manage your security? Would it be in the 1, 2, 3 order? From a trust
standpoint, it seems like it would be easier to trust Jack Smith (#1), and then John
Smith (#2), and how much you trust #2 depends on what kind of hacker was John Smith
previously. How much do you trust and want to hire #3? The above names are intended
as fictional characters for example only.
With so much information flowing on the various security portals and security mailing
lists and newsgroups, you can become extremely deep in security without actually
becoming a hacker. You can test out your security knowledge on your own system, but
you don�t need to pick up a hacker handle, join a hacker group, and break into systems
illegally to learn security. In the past when security information was scarce, being
a hacker may have meant you were more aware of vulnerability issues than a security
professional, but today, it�s easier for all sides to keep on top.
Thanks,
-- JA
Jeff Andrews,
Senior Security Engineer
_____________________________________________________________
GET YOUR 6MB SUPER LARGE EMAIL ACCOUNT @ http://www.watchmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
