Experts debate whether or not organizations should consider hiring hackers with a criminal past.
Winn Schwartau, CEO, The Security Awareness Company; founder, InfowarCon.ComThe current Western, politically correct, risk-averse legal and HR practices enforce antique Cold War discriminatory biases to the detriment of the IT and security community while also harming national security.
No college degree. Body modifications. Can't pass a personality test. In debt. Low credit score. Smoke weed. Loud political online voice. Weekend raves. Obviously we can't trust 'em.
The concept of “trust” as a binary decision function is arbitrarily set to meet criteria deemed appropriate 60-plus years ago – not in a modern world ailing for completely different evolved skills.
Our exclusionary practices mean that we automatically dismiss the awesome, unique, and much-needed analytical capabilities of those on the autism spectrum from contributing.
Outmoded views of private recreational activities means we only allow drinkers to run the defense and intelligence sectors or to run for Congress, else they be considered unfit for office or leadership positions.
Let's embrace profiling, make much smarter hiring decisions and find the talent we need. Let's invite the Unhireable to help defend networks and the nation, instead of telling them to go work for the bad guys.
Howard Schmidt, partner, Ridge-Schmidt Cyber LLC
This is a debate that goes back more than 20 years, and it is no closer to being settled. Over the years, I've heard members of the cabinet suggest that we start hiring “hackers” as they are the only people that have the technical skills necessary to secure systems, even if they in the past likely broke computer crime laws. To place someone in a position of trust – especially to grant security clearances – would normally rule out someone that has committed felonies. I have never been inclined to hire former criminals owing to trust issues. But, having said that, there clearly is benefit as some of these people are skilled to perform legitimate work, such as uncovering vulnerabilities.
The key issue is to catch these people at the right time before they go down a path that neither does them or the government any good. As in the physical realm, where troubled kids get nabbed for shoplifting, we can get them on the right track. That is, before they're inclined to continue nefarious activities.
There are solid jobs at the government level, as well as in the private sector. And, new recruits are sorely needed. We can't discount them, but must acknowledge this is likely a risky decision, certainly not a binary choice.