The best ethical hacker

Given these qualifications, how does one go about
finding such individuals? The best ethical hacker candidates
will have successfully published research papers
or released popular open-source security software.
12 The computer security community is strongly
self-policing, given the importance of its work. Most
ethical hackers, and many of the better computer and
network security experts, did not set out to focus on
these issues. Most of them were computer users from
various disciplines, such as astronomy and physics,
mathematics, computer science, philosophy, or liberal
arts, who took it personally when someone disrupted
their work with a hack.
One rule that IBM’s ethical hacking effort had from
the very beginning was that we would not hire exhackers.
While some will argue that only a “real
hacker” would have the skill to actually do the work,
we feel that the requirement for absolute trust eliminated
such candidates. We likened the decision to
that of hiring a fire marshal for a school district: while
a gifted ex-arsonist might indeed know everything
about setting and putting out fires, would the parents
of the students really feel comfortable with such
a choice? This decision was further justified when
the service was initially offered: the customers themselves
asked that such a restriction be observed. Since
IBM’s ethical hacking group was formed, there have
been numerous ex-hackers who have become security
consultants and spokespersons for the news media.
While they may very well have turned away from
the “dark side,” there will always be a doubt.