Why Big Companies Want You To Be A Hacker

Let's be honest. You're afraid of hackers.

Every time some grand cyber-crime is perpetrated, news media tell you "hackers" are behind it. Whenever one of your friends' Facebook accounts starts spraying garbled spam all over your timeline, what do you tell them? "I think you got hacked." Hackers are associated with all things malicious and inconvenient that might happen to your digital life.

In reality, hackers are some of the most important good guys of the information age. If it weren't for hackers, hundreds of millions of dollars safely changing hands over PayPal every day might've been a wild fantasy.

Why companies need hackers for hire

Good hackers are like gold to e-commerce and information security companies. The "hacker mindset," a spontaneous and lateral thought process bent on violating expectations and breaking the rules of a system with surgical precision, helps them see through holes and exploits that system designers may not have noticed.

The reason that hackers for hire are such a big part of the world of digital convenience is that, frankly, hackers will find security holes anyway. Hackers tend to also have a powerful intellectual curiosity and an unquenchable thirst for access to places they're not supposed to be. Companies can either pay them to do it and fix security flaws before their software is released, or they can just let their product out into the wild and keep their fingers crossed.

A pirate's life

A couple hundred years ago, national companies that shipped goods up and down coasts and across the sea had to worry as much about pirates as companies who ship software do today.

One solution that was used in the days of Piracy 1.0 was to find and hire ship captains with the same sort of skills and knowledge pirates had -- wily independent traders, seasoned pirate-hunters or actual former pirates were all popular choices -- and contract them as privateers. Once on the payroll, these professionals who understood the "pirate mindset" could help nations take smarter and more precise security measures in their dealings.

Of course, back then, "pirate mindset" contractors were sometimes hired to do things less ethical than simply finding vulnerabilities in a company's trade routes (like hijacking a rival nation's cargo ships) until privateering was abolished in 1856. Since the practice of hiring hackers could easily develop fuzzy ethical boundaries, some controls are already in place.

Certified ethical hackers and pen testers

When hackers around for holes in system security while on contract or payroll, it's called penetration testing, or pen testing. When hiring their pen testers, though, how can a company be sure that they're letting the right person explore the vulnerabilities in their software?

They could try and hire based on independent reputation alone, but the International Council of E-Commerce Consultants (EC-Council) offers another solution. Among the many programming and security certifications provided by EC-Council is the Certified Ethical Hacker (CEH) credential, which trains aspiring hackers for hire in a list of security domains that includes the following:

• Footprinting and reconnaissance
• Network enumeration
• Viruses and worms
• Session hijacking
• Hacking wireless networks
• Structured Query Language (SQL) injection
• Buffer overflow
• Cryptography

Not only does the credential provide instruction on hacker tools and techniques, but it can serve as a stamp of credibility among enterprise IT managers. To become a fully licensed penetration tester, candidates must have the CEH certification as well as the EC-Council Certified Security Analyst (ECSA) credential, and, naturally, submit a full criminal background check.

Thank a hacker

When it comes down to it, hackers aren't pathological vandals out to wreck your life. They're really just people with a passion for using information in ways it wasn't designed to be used. Next time you fearlessly buy something online, use your smartphone for mobile banking or even send a friend your address over email, thank a hacker.

Sources

"The abolition of privateering and the declaration of Paris," Internet Archive, http://archive.org/details/abolitionofpriva00staruoft

"If Hackers Didn't Exist, Governments Would Have to Invent Them," Molly Sauter, The Atlantic, July 5, 2012, http://www.theatlantic.com/technology/archive/2012/07/if-hackers-didnt-exist-governments-would-have-to-invent-them/259463/

"Certified Ethical Hacker," EC-Council, Courses, 2013, http://www.eccouncil.org/courses/certified_ethical_hacker.aspx

"Licensed Penetration Tester," EC-Council, Courses, 2013, http://www.eccouncil.org/courses/licensed_penetration_tester.aspx

"What is a Hacker?," Bruce Schneier, Schneier on Security, September 14, 2006, http://www.schneier.com/blog/archives/2006/09/what_is_a_hacke.html

About Author

Justin Boyle is a freelance writer and journalist in Austin, Texas.