Commit a Crime, No Network Time?
Would you have a hacker convicted of a cybercrime watching your corporate network? A panel discussion on the role of hackers in security tried to answer that question, but the debate on Wednesday turned into a verbal boxing match, reflecting the deep divide between those who believe that convicted cybercriminals shouldn’t have a role in security and those who believe that they should. “How do you explain to your shareholders that you are going to hire someone (to guard your networks) who has been jailed, not once, but multiple times,” argued Ira Winkler, chief security strategist for Hewlett-Packard, who contends that hackers bring no special security knowledge and are an unacceptable risk to any company that hires them. The question was aimed directly at former hacker Kevin Mitnick, who has multiple convictions for computer crimes and who also spoke on the panel at the RSA Security conference here. Mitnick contended that hackers should be hired, but only after close evaluation. “I think that it depends on the person–what value they bring,” he said. “Trust has to be evaluated on a case-by-case basis.” Full Story