While commenters responding to our December question, “Should Tech Companies Hire Hackers?” were torn on the issue, several organizations aren’t hesitating. They include financial firms, government agencies, and telecommunications companies. But hiring hackers comes with its concerns. That’s why educational programs are being rolled out to equip professional engineers on how to become one, equipping them with the latest hacking techniques, methodologies, tools, and tricks.
In January, the FBI put out a help wanted notice for ethical hackers to investigate website hacks, intrusions, data theft, botnets, and denial-of-service attacks. The job posting didn’t specify how many positions were available, but that it was looking to hire “a lot” of new agents. As AJC.com put it: “Do you have the skills to hack into banks but a moral compass that prevents you from doing so? Well, the FBI wants your help.”
A three-month course in New Delhi launched in 2014 will train up to 15,000 IT professionals over the next three years on ethical hacking, providing its students with hands-on experience to combat cybercrime. Its tagline is “In this world, it pays to be ethical.” According to a PCWorld.com article, hackers with several years of experience could make more than US $120,000 per year. Several IT security companies are already featuring ethical hacking as one of its main services.
The program was designed by NIIT, an IT training company based in Noida, India, in partnership with the International Council of E-Commerce Consultants (EC-Council), one of the world’s largest certification bodies for IT professionals. The council offers a similar online course: Certified Ethical Hacker. And a quick Internet search displays a host of others.
The NIIT course is just a small step for a country that is at least 350,000 cybersecurity specialists short, according to Shivan Bhargava, NIIT’s president of skills and careers, in Times of India. Such experts are in demand because in the first five months of 2014 alone, India’s cybersecurity organization—CERT-India—reported 62,189 incidents. According to Bhargava, the need for ethical hackers is coming from various sectors in India, including banking, e-commerce, financial services, IT, and telecommunications.
NOT ALWAYS BLACK OR WHITE
But some cybersecurity companies are not so certain hackers fall in either the ethical versus malicious categories. “There are white hat [legal] hackers, black hat [malicious] hackers, and those who live in-between in the grey area,” writes Brent Conran in Security magazine. He is the chief security officer for McAfee, a global computer security software company headquartered in Santa Clara, Calif. Those in the grey area might not hack for personal gain, but could share information with third parties—such as government agencies or even the hacking community. When hiring those who fall into this category, Conran suggests it might be valuable to pick their brains on what they know about hacking, but not have them be the ones to go into the systems themselves, Conran suggests.
Do you think ethical hacking can make systems more secure, or does it leave open vulnerabilities that people can take advantage of?