
Hiring Hackers - alexandros
http://www.schneier.com/blog/archives/2010/06/hiring_hackers.html
======
tptacek
You're more likely to hire the wrong person, not less, if you refuse to hire
people without certifications. Certifications have been discredited in high-
end security.

~~~
_pius
Discredited amongst the truly high-end for whom Matasano is a household name,
sure.

Trust me, though, the Booz Allens and Deloittes are still making tons of money
by churning out 25 year olds with Masters degrees in "IT" and GSEC
certifications, billing them as "security experts" and parking them in John Q.
Federal CSO's office at $600/hour.

~~~
tptacek
You are right, but having said that, when _you_ are hiring, _you_ want the
iSec people of the world, _not_ the _mumble mumble_ 's.

------
ax0n
Since this has turned partially into a discussion about rhetoric and
semantics, I figured I'd join in. I kind of disagree with The Schneier's
sentiment, quoted thusly:

"Hacking is primarily a mindset: a way of thinking about security. Its primary
focus is in attacking systems, but it's invaluable to the defense of those
systems as well. Because computer systems are so complex, defending them often
requires people who can think like attackers."

All the way up to "Hacking is a mindset" he's on the right course. Although
I'm a security professional by trade and by passion (and was just christened
"The Hacker" by my peers at the new job last week), I truly believe that the
definition is a bit broader than simply security. Hacking _is_ a mindset: a
way of thinking about solutions to complex problems.

It so happens that security is -- or at least can be -- a pretty complex
problem, but hackers of all kinds often think about the solutions to their
problems by using critical thinking skills, intuition, and intimate knowledge
of the system. This applies to complex problems of all varieties.

I understand, to an extent, why his essay was entitled _Hiring Hackers_ ,
however, _Hiring Computer Criminals_ may have been a more fitting title. Or
maybe even simply _Hiring Felons_ , for that matter.

~~~
jerf
Given that the essay opened with "Any essay on hiring hackers quickly gets
bogged down in definitions. What is a hacker, and how is he different from a
cracker?", I gave him the benefit of the doubt and read that not as his
universal definition of the term, but the one he was using for the remainder
of the post. Admittedly it could be better labeled.

"Is X a Hacker?" is only a step removed from "Is X art?" When someone gives
their definition for the moment, you really have to just accept it,
contingently.

------
troels
I see - The _other_ kind of hackers. This is all very confusing to me.

------
ja27
"Would you hire a convicted pedophile to work at a day care center?"

No, but I would consider contracting them to give advice on a child protection
policy for a day care.

~~~
leftnode
In reality, probably not. If the parents found out you were contracting a
convicted pedophile for whatever reason, it'd be the end of your daycare.

You'd fare much better contracting law enforcement who catch pedophiles for
child protection policy.

------
bdickason
I used to ask recruiters in NYC (this is 1-2 years ago) for candidates with
hacking backgrounds. They continuously looked at me with perplexed expression.

From my perspective, they make the best employees. A 1990's hacker, for
example, is someone interested in coding and the internet before 'building web
apps' was a viable profession. This means they are creative and quite skilled
at taking things apart and dissecting them.

------
joubert
I'm not sure I would hire someone I don't trust.

------
doki_pen
How do you get software written without hackers?

~~~
RyanMcGreal
Java.

~~~
marr
Getting "software written" and "hacking" - neither has anything to do with
programming languages.

