Are you a hacker? If so, the National Security Agency (NSA) may have a job for you.
That was the word put out by NSA Director Gen. Keith Alexander at cybersecurity conference Defcon. According to CNET:
The U.S. needs to do more to train and educate people in cybersecurity to increase the numbers of hackers who can work on the problems, he said, praising Defcon Kids for doing just that. He congratulated a preteen hacker, CyFi, for winning the Defcon Kids Zero-Day contest by finding a vulnerability that was previously unknown.
It is easy to automatically associate the term "hacker" with someone who wants to do harm or infiltrate a network illegally. But as Alexander recognizes, ethical hackers are often that proactive measure I frequently talk about. These are the folks who can find and fix the problem before the bad guys get the chance.
It isn’t only the NSA and federal government that should look for good or ethical hackers. It wouldn’t hurt businesses to have access to an ethical hacker to better protect the network.
If you are worried that a good hacker is really a bad hacker in disguise, don’t, especially if you are hiring someone who is a Certified Ethical Hacker (CEH). As Charles Tendell, a CEH, told me, he and other CEHs take a vow to do no harm and can (and should) be reported if they violate that vow. He also explained a little on how ethical hackers operate:
We see computers and systems the same way as a malicious hacker with one main difference, we strive to educate and secure. Hacker or Hacktivist groups like Anonymous, and other groups, seek to destroy and cause trouble with the systems they target. Certified Ethical Hackers are charged with foreseeing the attacks these malicious groups will mount by thinking like them, and in many cases acting like them. We use the same tools and methods as these groups but we use them in defense by anticipating their next move. Ethical hackers provide valuable insight into how an attacker thinks, how he or she will form an attack, and what their next move will be. Because of this we can fix holes before they become targets.
If you want to hire a professional ethical hacker, you should look for someone who is certified by the EC-Council, a DoD and American National Standards Institute-accredited institution. To get certified, the hacker has to demonstrate skills and all experience is well documented. The hackers also need to adhere to a professional code of ethics.
Tendell warned that the hiring process should be meticulous when looking for a hacker, saying:
There are many "hacker-for-hire" organizations out there, but in many cases they are clever ways for an unethical and malicious attacker to lure unsuspecting people into traps.
As Alexander told the Defcon audience, hackers often have a bad reputation — not surprisingly because it is the bad hacker who makes the nightly news. But, as he was quoted by CNET:
From my perspective, what you're doing to figure out vulnerabilities in systems is great.