NEW YORK – Most organizations have second thoughts about hiring former hackers. Yet, bottom-line realities overrule objections.
In most cases, mischievous hacking was only a phase, which usually ended during college years. Most hackers have gone on to build formidable technology careers.
Practically speaking, if their credentials are impeccable and references check out, companies would be making major tactical errors by not hiring former hackers. Aside from formidable contributors, they can also teach both junior and experienced developers programming subtleties and nuances they’re not going to learn on the job or classroom.
Software developers could learn a thing or two from former hackers Rob Newhouse and Dan Verton. Verton authored The Hacker Diaries: Confessions of Teenage Hackers and is a former U.S. Marine Corps intelligence officer. Newhouse was formerly chief technology officer of a New York City option market-making company. Together, they offer the following six valuable software development lessons:
1. Nothing is impossible. One of the major tenets of hacking and cracking has always been that nothing is impossible. Many problems are difficult to solve, but that means changing your approach in order to attack them from a different direction. The same thinking can be applied to enterprise development. It’s easy to claim that your deadlines are unrealistic, but are they really impossible? Newhouse notes that, like hacking a system, you must consider unusual solutions when coding business requirements.
2. Criticize your work. Learn to be brutally honest when it comes to evaluating your work. Find the strong and weak points. Hackers are always analyzing and criticizing their work; enterprise developers must do the same. Ideally, it should be a daily task that becomes a dynamic process.
3. Look for unique solutions. Impressing other hackers is one of the major driving forces behind hacking. That was Newhouse’s goal when he wrote a new piece of software. Earning fellow hackers’ praise for creativity was just as important as the personal pride he took in the accomplishment. In the corporate world, the goal is to work out a unique solution, taking into account cost and other parameters important to the enterprise. Striving for unique results benefits the organization and your reputation. Hunt for security vulnerabilities. Verton suggests taking security strategies out of the hacker’s playbook. In other words, think like they do.
4. Software doesn’t ship secure out of the box. Software is not shipped with standard security settings. When you buy a new operating system, systems administrators must go through it carefully. All default settings must be changed. Hackers know this, and it makes it easier for them to break into a system. Enterprise developers would do well to follow suit and consider potential security lapses in their designs.
5. Find systems’ vulnerabilities. Take a defensive position and look at your enterprise from the hacker’s perspective. It’s a good idea to actually hack your system for its vulnerabilities. This should be done regularly, especially when you have a change in your enterprise — new users, for example. The formal term for this process, “Red Teaming,” originated in the military. Red Teaming is a vulnerability assessment that targets information-based systems and associated support infrastructure to uncover security problems and devise fixes.
6. Monitor what’s being posted out about your company. Search the Internet to find out what’s being said about your company or its software. Hackers use this reconnaissance technique to gather information on their targets, for example; when administrators unwittingly release information a hacker can use to gain entry into a system. Regularly gathering such defensive intelligence will help you stay a step ahead of the hackers.
Bob Weinstein is Editor-in-Chief for the Troy Media Corporation.