Randy,
You make a very valid point. Just because they are a hacker does not mean
that I am going to run out and hiring them no matter what. They are still going to
need to go through an interview process just like everyone else. In fact it would most
likely be a much strict and planed interview. Being an ex hacker they are
good and making you believe that something that is not. So the person
is really going to need to prove themselves on this. I would want to talk
to the parole agent if they have one, I want to know what kind of threat they
might pose.
I do think that would be better then someone just getting out of college that
has been taking classes for the last 4 years. No OJT yet. While the
hacker has at least some..<G>
Steven
*********** REPLY SEPARATOR ***********
On 3/12/2001 at 10:19 Graham, Randy (RAW) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I'm always concerned by people hiring "hackers" as security experts,
>simply because they are, or were, "hackers." I feel this is
>equivalent to hiring a former arsonist to be fire chief, or a
>hijacker to be an airport security inspector. Knowing how to find
>one or two holes in a system and exploiting them does not necessarily
>mean one knows how to harden and test a system, nor does breaking in
>to many IIS 4.0 machines make one qualified to protect a corporate
>network. My personal view is that having a "hacker" past should not
>automatically disqualify a person from a position in information
>security, but it should not make them a sure hire either. Of course,
>since I don't do hiring, my opinion doesn't matter much in this
>regard.
>
>Randy Graham
>
>- -----Original Message-----
>From: Steven Pierce [SMTP:[EMAIL PROTECTED]]
>Sent: Saturday, March 10, 2001 10:44 PM
>To: Gaute Gullesen; mht
>Cc: Frederick M Avolio; Hartley, Earl; Jose Nazario;
>[EMAIL PROTECTED]; Crumrine, Gary L
>Subject: Re: Re[2]: Licensing Information Security Professionals
>story
>
>
>
>I agree 100%. Who said that the information crime is something
>that is dangerous? I have read more then one story that business
>are hiring ex hackers for their business to help with security
>issues.
>Who better to know if there is a security hole, but for someone to
>that has been in to play (Defeat) with them...
>
>If they can pass a background, and the like I have no problem with
>it.
>Now they might have a little shorter leash then someone that has not
>been convicted. That would also only be until they proved
>themselves.
>I could bet they would be a better employee then someone that has not
>been into the system.
>*********** REPLY SEPARATOR ***********
>
>On 3/10/2001 at 13:56 Gaute Gullesen wrote:
>
>>On Saturday, March 10, 2001, 3:56:31 AM, mht wrote:
>>> Why would anyone want to hire someone who has actually been
>>> convicted/charged with an Information Security crime. It seems if
>>> they were smart enough to get caught they are truly not the best
>>> security personnel out there. Even testifying in front of
>>> Congress using one's hacker nom de plume doesn't help one's
>>> career either, although there has been notable exceptions over
>>> the last couple of years -:)
>>
>>i prefer judging people myself when it comes to who i'm gonna
>>trust. giving your authorities that power is just scary!
>>
>>================================================================
>> Gaute Gullesen <[EMAIL PROTECTED]> phone: +47 922 48 107
>> Fingerprint: AF90 7B96 9835 AA26 4DCC D4F7 1B82 110C B5DF 00B1
>> Support the antiSecurity movement!: http://anti.security.is/
>>================================================================
>>
>>
>>-
>>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>>"unsubscribe firewalls" in the body of the message.]
>
>
>
>- -
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Personal Privacy 6.5.3
>
>iQA/AwUBOqzpzvZOhQpA1TB+EQJXHwCfa9SNKvxno8/8NePFzwMB+Doc5kIAoKyb
>+CmQxheYfopRzt7b4XoDHl4l
>=LqnA
>-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
