NEWS A top security expert has hit out at claims by convicted hacker Kevin Mitnick that reformed cyber-criminals have a lot to offer the IT security industry. In a latter day reworking of the old 'hire a thief to catch a thief' adage, Mitnick, speaking at last week's RSA security conference in San Francisco, called upon called upon companies to open their doors to former hackers and virus writers, claiming they have the knowledge to safeguard networks against future attacks. Advocating second chances for convicted cyber-criminals, Mitnick said: "I think that it depends on the person - what value they bring. Trust has to be evaluated on a case-by-case basis." However, his words did little to convince Vincent Gullotto, vice president of Network Associates' anti-virus emergency response team (AVERT). Gullotto said: "If Kevin Mitnick turned up my doorstep asking for a job, I'd tell him, 'Sorry, but we don't have any jobs going'. "I don't think he would get a job anywhere in this industry. There is a strong feeling within the anti-virus and security sector that you shouldn't give these people jobs - no matter how reformed they are, or how reformed they say they are." Gullotto's words echo those of Ira Winkler, chief security strategist for Hewlett-Packard who last week said: "How do you explain to your shareholders that you are going to hire someone who has been jailed [for cyber crimes]?"
Kevin Mitnick 'not welcome' in the security sector
'Don't phone us, we'll phone you'...
Post your comment
In order to post a comment you need to be registered and logged in.
You can also log in with Facebook. Log in or create your silicon.com account below
Get silicon.com's daily newsletter
-
Enter your email to register
Featured white papers
-
Why is encryption important?
Data protection has become a hot topic, but where is the real threat and what can you do to protect your business? How...
-
CIO challenges: Bringing your iPad to work
The arrival of personal technology in the office is a challenge for all organisations. The technology is here, but not...
-
2012 Olympics: Is your business prepared?
Athletes prepare for all kinds of conditions and problems in competition. With the London-hosted Olympics fast...
Keep in touch with silicon.com
-
Connect with silicon.com on Facebook
Discuss the news of the day with the silicon.com team
-
Follow silicon.com on Twitter
Get regular updates from the silicon.com editors
-
Join the silicon.com LinkedIn networking group
Network with your peers and share expertise
Latest jobs
-
Managing Director - NBA3045
Managing Director – Cash and Transit Salary: £95K - £140K Basic, Bonus, Pension Scheme, Family...
-
Managing Director - NBA3045
Managing Director – Cash and Transit Salary: £95K - £140K Basic, Bonus, Pension Scheme, Family...
-
Managing Director - NBA3045
Managing Director – Cash and Transit Salary: £95K - £140K Basic, Bonus, Pension Scheme, Family...
silicon.com newsletters
-
Stay up to date with silicon.com newsletters
Keep up with the latest news and analysis from silicon.com with our free email newsletters
Comments
There is 1 comment. Join the discussion
1. anonymous
Although I have never been caught for hacking, I was employed for my experience. I also have administrative access to my corporations entire infastrcture. I have not nor will I configure any backdoors into my systems for use after termination of my employment. I have ethics just as any normal working joe does and I pride myself on them.
I continually am subject to background and security checks, as are all employee's. My employer, due to the type of business we conduct, does not hire felons, and even misdemenors are put under a microscope.
I know of quite a few companies who provide home and business security systems who actually hire convicted burgulars etc, to test the resilliance of their new systems before they release them for installation.
How better to ensure a reliable system than to use the expertise of those who are skilled at defeating them.
My point is, most IT security people have the mindset to simply secure the system. As I tend to secure my systems and networks as a result of my defeating it.
I am not saying just because a person as been convicted you should hire him, of course you have to take everyone on a case by case basis. But that's difficult to do if you sterotype people as these debates tend to do.
For me personally, I don't hack to steal files, records, etc but rather for the technological challange. Now from my viewpoint, I have the Holy Grail. I have written authorization to hack at my Corporations network. Of course it is written in legal-eaze and I signed a Non Disclosure Agreement, at my request, but I can now satisfy my thirst for knowledge without the chance of jail time and I get paid for it.
Of course not all hackers thirst is for knowledge. Some do it, whether they realize it or not, for recognition from their peers, which is sad.
I do believe that there are a lot of fine lines that need to be drawn in the "Hire a Hacker?" debate and I would not recomend hiring someone purely because he is a convicted hacker.
My belief is that true power is not money, it is not recognition, but it is knowledge. The only greater power is not to use that power to negatively affect others or their welfare.