Information Week is running an article by Matthew Schwartz on whether one Should [...] Hire A Convicted Hacker. They quote the case of Kevin Mitnick and cite a tendency that, silently, people who have been convicted of computer crimes are being hired back into the industry. I do not have any reason to doubt that Kevin Mitnick has been truly reformed, and neither do I wish that anyone should be denied a chance for a new start. However, this misses the point entirely. When we are talking about high profile personalities, who have been convicted and have now started over, we are dealing with a biased sample. It's a question of risk as much as ethics. Would we hire someone who has been repeatedly convicted of speeding as a school bus driver? Without too much prejudice, most people probably would still see that as a risk. This is the same situation. And as Matthew rightly points out in his article, getting caught hacking is as much about poor judgment as it is about technical skills. There is one caveat - over all this discussion we shouldn't forget that the absence of convictions doesn't prove someone won't stray. That's why, in any security interview (and not just IT Security), I would look out for signs of good judgment in the candidate. It's a much harder skill to learn than technology. Side remark: There was a time when the term "hacking" was referring to an exercise of technical skill, while "cracking" was the destructive variant or the one pursued for personal gain. The mainstream use of the term "hacker" however is the one of the latter variant.
↧
