Cyber-security ethics: the ex-hacker employment conundrum by Davey Winder.
From the post:
Secure Trading, a payments and cyber-security group, has announced that it has appointed Mustafa Al Bassam as a security advisor on the company’s technology and services, including a new blockchain research project. Al Bassam, however, is perhaps better known as Tflow, a former core member of the LulzSec hacker group.
According to Wikipedia, Tflow played an integral part in the Anonymous operation that hacked the HBGaryFederal servers in 2011, and leaked more than 70,000 private emails.
…
As director of a team that includes ethical hackers, Trustwave’s Lawrence Munro says he would “never knowingly hire someone with a criminal record, especially if their record included breaches of the Computer Misuse Act.” Munro reckons such a thing would be a red flag for him, and while it “may seem draconian to omit individuals who are open about their past brushes with the law” it’s simply not worth the risk when there are white hats available.
…
The most common figure I remember is that the black hats are ahead by about a decade in the cybersecurity race.
There’s an ethical dilemma, you can hire up to ten year out of date white hats or you can hire cutting edge black hat talent.
Hired “yeses” about your security or the security of your clients doesn’t impact the ability of others to hack those systems.
Are you going to hire “yes” talent or the best talent?