this is a very important topic in my opinion.

the question "should we hire convicted hackers" doesn't have a definite answer. it's too broad of a question. if someone is convicted of breaking into computers the intent should be looked at it.

for example if someone gets popped for breaking into an ISP and loots the credit card db and goes on a fraud spree, then obviously this person is motivated by monetary gain. on the other hand someone like kevin mitnick who has actual *real world* experience in penetrating computers

and after getting busted a ton of times no evidence has ever surfaced he was hacking to

make money, i don't see any reason why a case similiar to this should lead to rejection of employment. ira winkler said something along the lines of "i dont see what someone convicted of a computer crime would have to offer that someone who has never been convicted can't." well, someone who at one point was working for the people you're trying to defend against, has *MUCH* more insight into computer penetration and the whole mindset of the attacker. especially someone who at one point was on top of their game at hacking, they will no doubt produce results faster/better than someone who relies on cookbook methodical penetration testing techniques. my point is if you're faced with having to make this decision thought should be put into it,

this isn't a petty issue, your IT infrastructure is very important and security is a must! taking a chance you're discarding your best security opportunity, based on a criminal record shouldn't be the sole reason for rejection!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/3982/19376#19376